librecmc/librecmc.git
6 years agobrcm47xx: add Luxul XAP-1500 and XWR-1750 WiFi LEDs
Rafał Miłecki [Tue, 3 Apr 2018 13:16:33 +0000 (15:16 +0200)]
brcm47xx: add Luxul XAP-1500 and XWR-1750 WiFi LEDs

(cherry picked from commit 16efb0c1c6c7702e694aef8f297b57b7c10b98c1)

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 years agomac80211: brcmfmac: add support for BCM4366E chipset
Rafał Miłecki [Tue, 3 Apr 2018 11:11:20 +0000 (13:11 +0200)]
mac80211: brcmfmac: add support for BCM4366E chipset

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 years agombedtls: update to version 2.7.2
Hauke Mehrtens [Sun, 1 Apr 2018 13:10:30 +0000 (15:10 +0200)]
mbedtls: update to version 2.7.2

This fixes some minor security problems.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agoopenssl: update to 1.0.2o
Paul Wassi [Fri, 30 Mar 2018 06:15:00 +0000 (08:15 +0200)]
openssl: update to 1.0.2o

Fixes CVE-2018-0739

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
6 years agoKernel: bump 4.4 to 4.4.124 for 17.01
Stijn Segers [Wed, 28 Mar 2018 17:51:52 +0000 (19:51 +0200)]
Kernel: bump 4.4 to 4.4.124 for 17.01

* Refreshed patches
 * Removed 087-Revert-led-core-Fix-brightness-setting-when-setting-.patch (applied upstream)

 Compile-tested on ar71xx, ramips/mt7621, x86/64
 Run-tested on ar71xx

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
6 years agomac80211: brcmfmac: backport commit dropping IAPP packets by default
Rafał Miłecki [Wed, 21 Mar 2018 08:35:55 +0000 (09:35 +0100)]
mac80211: brcmfmac: backport commit dropping IAPP packets by default

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 years agokernel: merge a pending fix for HFSC warnings/slowdowns (fixes FS#1136)
Felix Fietkau [Sat, 10 Mar 2018 09:09:07 +0000 (10:09 +0100)]
kernel: merge a pending fix for HFSC warnings/slowdowns (fixes FS#1136)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agombedtls: update to version 2.7.0
Hauke Mehrtens [Sun, 4 Mar 2018 19:38:00 +0000 (20:38 +0100)]
mbedtls: update to version 2.7.0

This fixes the following security problems:
* CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled
* CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures

This release is also ABI incompatible with the previous one, but it is
API compatible.

Some functions used by a lot of other software was renamed and the old
function names are provided as a static inline now, but they are only
active when deprecated functions are allowed, deactivate the removal of
deprecated functions for now.

Also increase the PKG_RELEASE version to force a rebuild and update of
packages depending on mbedtls to handle the changed ABI.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agotools/e2fsprogs: fix building on a glibc 2.27 host
Stefan Lippers-Hollmann [Sun, 4 Mar 2018 21:57:04 +0000 (22:57 +0100)]
tools/e2fsprogs: fix building on a glibc 2.27 host

The e2fsprogs host build fails on a glibc 2.27 host with

make[6]: Entering directory 'build_dir/host/e2fsprogs-1.43.7/debugfs'
        CC create_inode.o
./../misc/create_inode.c:399:18: error: conflicting types for 'copy_file_range'
 static errcode_t copy_file_range(ext2_filsys fs, int fd, ext2_file_t e2_file,
                  ^~~~~~~~~~~~~~~
In file included from ./../misc/create_inode.c:19:0:
/usr/include/unistd.h:1110:9: note: previous declaration of 'copy_file_range' was here
 ssize_t copy_file_range (int __infd, __off64_t *__pinoff,
         ^~~~~~~~~~~~~~~

Backport upstream commit "misc: rename copy_file_range to
copy_file_chunk" 01551bdba16ab16512a01affe02ade32c41ede8a in order to
fix this.

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
6 years agogeneric: revert broken LED core patch
Matthias Schiffer [Thu, 8 Mar 2018 21:23:57 +0000 (22:23 +0100)]
generic: revert broken LED core patch

At least on some devices, LEDs don't work anymore since kernel 4.4.120.
Revert the broken change.

See also: https://www.spinics.net/lists/stable/msg223656.html

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agobase-files: tune fragment queue thresholds for available system memory
Matthias Schiffer [Mon, 5 Mar 2018 08:13:53 +0000 (09:13 +0100)]
base-files: tune fragment queue thresholds for available system memory

The default fragment low/high thresholds are 3 and 4 MB. On devices with
only 32MB RAM, these settings may lead to OOM when many fragments that
cannot be reassembled are received. Decrease fragment low/high thresholds
to 384 and 512 kB on devices with less than 64 MB RAM.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agoinclude/package-defaults.mk: fix default Build/Prepare with empty ./src
Matthias Schiffer [Tue, 6 Mar 2018 20:55:01 +0000 (21:55 +0100)]
include/package-defaults.mk: fix default Build/Prepare with empty ./src

Copying ./src/* would fail when src exists, but is empty or only contains
hidden files.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agoinclude/rootfs.mk: retain list of conffiles with CONFIG_CLEAN_IPKG
Matthias Schiffer [Tue, 6 Mar 2018 13:29:46 +0000 (14:29 +0100)]
include/rootfs.mk: retain list of conffiles with CONFIG_CLEAN_IPKG

/usr/lib/opkg/status must not be removed completely, otherwise the
packages' conffile lists will be missing. Replace it with a reduced version
only containing the conffile entries.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agoinclude/rootfs.mk: do not remove opkg prerm scripts during rootfs preparation
Matthias Schiffer [Tue, 6 Mar 2018 07:49:14 +0000 (08:49 +0100)]
include/rootfs.mk: do not remove opkg prerm scripts during rootfs preparation

When a user removes a preinstalled opkg package, the package's prerm script
(and in particular our default_prerm) should run.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agobase-files: sysupgrade: do not rely on opkg to list changed conffiles
Matthias Schiffer [Tue, 6 Mar 2018 07:25:32 +0000 (08:25 +0100)]
base-files: sysupgrade: do not rely on opkg to list changed conffiles

Many packages use the opkg conffiles field to list configuration files that
are to be retained on upgrades. Make this work on systems without opkg.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agokernel: bump 4.4 to 4.4.120 for 17.01
Stijn Segers [Sun, 4 Mar 2018 16:12:45 +0000 (17:12 +0100)]
kernel: bump 4.4 to 4.4.120 for 17.01

Bump the 4.4 kernel for the 17.01 release to 4.4.120. Refresh patches.

Compile-tested: ar71xx, ramips/mt7621, x86/64
Run-tested: ar71xx, x86/64

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
6 years agox86: add preinit hook to reload microcode
Zoltan HERPAI [Sat, 10 Feb 2018 18:16:37 +0000 (19:16 +0100)]
x86: add preinit hook to reload microcode

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
6 years agofirmware: add microcode package for Intel
Zoltan HERPAI [Sat, 10 Feb 2018 20:19:41 +0000 (21:19 +0100)]
firmware: add microcode package for Intel

Compiling the Intel microcode package results in a
microcode.bin and a microcode-64.bin. As we can
decide based on the subtarget which should be used,
we'll only split the required .bin file with
iucode-tool.

x64 will get the intel-microcode-64.bin
All other variants will get intel-microcode.bin

The microcodes will be updated from preinit via a common
script - that's the earliest place where we can do it.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
6 years agofirmware: add microcode package for AMD
Zoltan HERPAI [Sat, 10 Feb 2018 18:06:56 +0000 (19:06 +0100)]
firmware: add microcode package for AMD

Use the Debian repository for sourcing the ucode files.

Current (20171205) includes support for fam17h CPUs already.

The microcodes will be updated from preinit via a common
script - that's the earliest place where we can do it.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
6 years agotools: add iucode-tool
Zoltan HERPAI [Sun, 11 Feb 2018 11:30:07 +0000 (12:30 +0100)]
tools: add iucode-tool

Add tool to "compile" Intel microcode files. The tool will be
compiled for host (to split the microcode.dat) and for target
(to forcibly reload the microcode if required).

Instead of using the large microcode.bin/microcode-64.bin, the
splitted ucode files (separate for CPU families) will be
installed.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
6 years agox86: enable microcode loading for Intel and AMD
Zoltan HERPAI [Sun, 25 Feb 2018 21:13:26 +0000 (22:13 +0100)]
x86: enable microcode loading for Intel and AMD

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
6 years agoodhcpd: fix interop with wide DHCPv6 client (FS#1377)
Hans Dedecker [Fri, 2 Mar 2018 15:35:54 +0000 (16:35 +0100)]
odhcpd: fix interop with wide DHCPv6 client (FS#1377)

aedc154 dhcpv6-ia: don't always send reconf accept option (FS#1377)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agobase-files: fix off-by-one in counting seconds for factory reset
Rafał Miłecki [Tue, 27 Feb 2018 15:44:25 +0000 (16:44 +0100)]
base-files: fix off-by-one in counting seconds for factory reset

There was a mismatch between indicating factory reset and code actually
starting it. After 5 seconds status LED started blinking rapidly letting
user know it's ready to release reset button. In practice button had to
stay pressed for another second in order to relly start the process.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 years agosunxi: disable LPAE to allow kernel to run on A13
Matteo Scordino [Thu, 22 Feb 2018 15:35:17 +0000 (15:35 +0000)]
sunxi: disable LPAE to allow kernel to run on A13

Fixes issue FS#1355.
LPAE extensions are enabled, but the A13 does not support them.
The result is the boot process stopping at "Starting kernel ..."

Fixes: 468735c3a2f7 ("target: sunxi: enable kvm support")
Signed-off-by: Matteo Scordino <matteo.scordino@gmail.com>
6 years agobcm53xx: fix fallback code for picking status LED
Rafał Miłecki [Tue, 27 Feb 2018 15:49:31 +0000 (16:49 +0100)]
bcm53xx: fix fallback code for picking status LED

Looking for a wrong LED file name was stopping this code from find any
LED. This affects devices with only a red/amber power LED.

Fixes: 3aaee1ba023ac ("bcm53xx: failsafe support")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 years agomountd: update to the latest version from 2018-02-26
Rafał Miłecki [Mon, 26 Feb 2018 10:33:49 +0000 (11:33 +0100)]
mountd: update to the latest version from 2018-02-26

This significantly improves mountd stability & reliability by:
1) Sending hotplug.d event when appropriate
2) Properly unmounting
3) Handling corner cases when unmounting fails
4) Improving log messages

5f2c419 mount: drop duplicated includes
aaf2743 mount: call hotplug-call with ACTION=remove before trying to unmount
97da4ed mount: try lazy unmount if normal one fails
1b62489 mount: create not working symlink when unmounting fails
e77dc6d mount: reorder deleting code in the mount_enum_drives()
76766ae mount: rename tmp variables in the mount_add_list()
04b897f mount: drop duplicated rmdir() call from the mount_enum_drives()
a27ea3f mount: drop duplicated unlink() call from the mount_dev_del()
bf7cc33 mount: fix/improve unmounting log messages
36f9197 mount: fix removing mount point if it's expired
ed4270f mount: struct mount: replace "mounted" and "ignore" fileds with a "status"
1af9ca2 mount: change mount_dev_del() argument to struct mount *
7c8fea8 mount: rename /proc/mount parser to mount_update_mount_list()
7aadd1c mount: improve handling mounts table size

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 years agoperf: restrict libunwind dependency to archs that actually support libunwind
Matthias Schiffer [Fri, 23 Feb 2018 15:17:57 +0000 (16:17 +0100)]
perf: restrict libunwind dependency to archs that actually support libunwind

Allow building perf on uncommon targets again.

Depending on the kernel version, not all of these archs will actually use
libunwind in perf. Still, it seems simpler and less error-prone to use the
same list that is defined in the libunwind package.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agolibunwind: fix build with musl on PPC
Matthias Schiffer [Fri, 23 Feb 2018 15:17:57 +0000 (16:17 +0100)]
libunwind: fix build with musl on PPC

Works around two incompatiblities between glibc and (POSIX-compliant) musl:

- missing register definitions from asm/ptrace.h
- non-POSIX-compliant ucontext_t on PPC32 with glibc

Compile tested on mpc85xx.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agouqmi: ensure CID is a numeric value before proceeding
Koen Vandeputte [Mon, 19 Feb 2018 10:02:45 +0000 (11:02 +0100)]
uqmi: ensure CID is a numeric value before proceeding

The current implementation only checked if uqmi itself executed
correctly which is also the case when the returned value is actually
an error.

Rework this, checking that CID is a numeric value, which can only
be true if uqmi itself also executed correctly.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: update 17.01 kernel to 4.4.116
Stijn Segers [Sun, 18 Feb 2018 20:48:09 +0000 (21:48 +0100)]
kernel: update 17.01 kernel to 4.4.116

This bumps the 4.4. kernel in LEDE 17.01 to 4.4.116.
More Meltdown & Spectre mitigation.

* Refresh patches.
* Refresh x86/config for RETPOLINE.
* Deleted 8049-PCI-layerscape-Add-fsl-ls2085a-pcie-compatible-ID.patch (accepted upstream)
* Deleted 8050-PCI-layerscape-Fix-MSG-TLP-drop-setting.patch (accepted upstream)
* 650-pppoe_header_pad.patch does not apply anymore (code was replaced).

Bumps from 4.4.113 to 4.4.115 were handled by Kevin Darbyshire-Bryant.

Compile-tested on: ar71xx, ramips/mt7621, x86/64
Run-tested on: ar71xx, ramips/mt7621, x86/64

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
6 years agouqmi: use built-in command for data-link verification
Koen Vandeputte [Thu, 15 Feb 2018 14:16:03 +0000 (15:16 +0100)]
uqmi: use built-in command for data-link verification

uqmi contains a command for directly querying the modem if there
is a valid data connection, so let's use it.

This avoids the cases were all previous tests are succesful, but the
actual data link is not up for some reasons, leading to states were we
thought the link was up when it actually wasn't ..

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agouqmi: use correct value for connection checking
Koen Vandeputte [Thu, 15 Feb 2018 14:16:02 +0000 (15:16 +0100)]
uqmi: use correct value for connection checking

Originally, the implementation only checked if uqmi command
execution succeeded properly without actually checking it's returned data.

This lead to a pass, even when the returned data was indicating an error.

Rework the verification to actually check the returned data,
which can only be correct if the uqmi command itself also executed correctly.

On command execution success, value "pdh_" is a pure numeric value.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agouqmi: use general method for state cleaning
Koen Vandeputte [Thu, 15 Feb 2018 14:16:01 +0000 (15:16 +0100)]
uqmi: use general method for state cleaning

Debugging shows that using the general method properly cleans on each
run, while the method specifying the client-ID shows "No effect"
even while in connected state.

Fixes several connectivity issues seen on specific modems.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agouqmi: silence error on pin verification
Koen Vandeputte [Thu, 15 Feb 2018 14:16:00 +0000 (15:16 +0100)]
uqmi: silence error on pin verification

If a device only supports the 2nd verification method (uim),
the first method will fail as expected reporting an error:

"Command not supported"

Silence both separate methods and only report an error regarding
pin verification if both fail.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agouqmi: fix raw-ip mode for newer lte modems
Koen Vandeputte [Thu, 15 Feb 2018 14:15:59 +0000 (15:15 +0100)]
uqmi: fix raw-ip mode for newer lte modems

Some newer LTE modems, like the MC7455 or EC25-E do not support
"802.3" mode, and will stay in "raw-ip" regardless of the mode being
set.

In this case, the driver must be informed that it should handle all
packets in raw mode. [1]

This commit fixes connectivity issues for these devices.

Before:

[ Node 5 ] udhcpc -i wwan0
udhcpc: started, v1.27.2
udhcpc: sending discover
udhcpc: sending discover
udhcpc: sending discover

After:

[ Node 5 ] udhcpc -i wwan0
udhcpc: started, v1.27.2
udhcpc: sending discover
udhcpc: sending select for 100.66.245.226
udhcpc: lease of 100.66.245.226 obtained, lease time 7200
udhcpc: ifconfig wwan0 100.66.245.226 netmask 255.255.255.252 broadcast
+
udhcpc: setting default routers: 100.66.245.225

[1] https://lists.freedesktop.org/archives/libqmi-
devel/2017-January/002064.html

Tested on cns3xxx using a Sierra Wireless MC7455 LTE-A

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[bumped PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agonet: uqmi: fix blocking in endless loops when unplugging device
Alexandru Ardelean [Thu, 15 Feb 2018 14:15:58 +0000 (15:15 +0100)]
net: uqmi: fix blocking in endless loops when unplugging device

If you unplug a QMI device, the /dev/cdc-wdmX device
disappears but uqmi will continue to poll it endlessly.

Then, when you plug it back, you have 2 uqmi processes,
and that's bad, because 2 processes talking QMI to the
same device [and the same time] doesn't seem to work well.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
6 years agokernel: refresh patches
Koen Vandeputte [Thu, 15 Feb 2018 14:15:57 +0000 (15:15 +0100)]
kernel: refresh patches

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: backport raw-ip mode for newer QMI LTE modems
Koen Vandeputte [Thu, 15 Feb 2018 14:15:56 +0000 (15:15 +0100)]
kernel: backport raw-ip mode for newer QMI LTE modems

Backport support for raw-ip mode including all known fixes afterwards.

Newer LTE modems only tend to support this mode, which was only
introduced in kernel 4.5.

Also backport support for the Quectel EC2x LTE modem series which is
a very popular device.

No custom changes were needed in order to apply these patches.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agobase-files: don't evaluate block-device uevent
Daniel Golle [Fri, 2 Feb 2018 00:57:46 +0000 (01:57 +0100)]
base-files: don't evaluate block-device uevent

Backport commits fixing the detection of GPT partition names during
preinit and sysupgrade, closing a shell-injection vulnerability.

da52dd0c83 ("base-files: quote values when evaluating uevent")
267873ac9b ("base-files: don't evaluate block-device uevent")

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
6 years agoramips: backport mt7530/762x switch fixes
Jo-Philipp Wich [Thu, 15 Feb 2018 09:47:04 +0000 (10:47 +0100)]
ramips: backport mt7530/762x switch fixes

dc7a1e8555 ("ramips: fix reporting effective VLAN ID on MT7621 switches")
341b1427fc ("ramips: properly map pvid for vlans with remapped vid on mt7530/762x switches")
bb4002c79d ("ramips: don't clobber vlans with remapped vid on mt7530/762x switches")

Fixes FS#991, FS#1147, FS#1341

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agoperf: use libunwind
Maxim Gorbachyov [Fri, 12 Jan 2018 17:54:41 +0000 (20:54 +0300)]
perf: use libunwind

Without libunwind perf does not show userspace stack frames.
Tested on mvebu.

Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
6 years agolibunwind: enable build for arm
Maxim Gorbachyov [Fri, 12 Jan 2018 17:42:20 +0000 (20:42 +0300)]
libunwind: enable build for arm

Tested with perf on mvebu.

Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
6 years agoar71xx: remove bs-partition ro-flag for UniFi AC
David Bauer [Tue, 6 Feb 2018 18:44:36 +0000 (19:44 +0100)]
ar71xx: remove bs-partition ro-flag for UniFi AC

This removes the read-only flag from the bs (bootselect) partition
on UniFi AC devices. This allows to correct the indicator from which
partition the device is booting its kernel from.

See also:
 - https://github.com/freifunk-gluon/gluon/issues/1301
 - https://bugs.lede-project.org/index.php?do=details&task_id=662

Signed-off-by: David Bauer <mail@david-bauer.net>
6 years agoprocd: update to latest git HEAD
Hans Dedecker [Fri, 9 Feb 2018 08:21:36 +0000 (09:21 +0100)]
procd: update to latest git HEAD

9a4036f trace: add missing limits.h include

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoar71xx: /lib/ar71xx.sh: add model detection for TP-Link TL-WR810N
Matthias Schiffer [Sat, 3 Feb 2018 13:12:05 +0000 (14:12 +0100)]
ar71xx: /lib/ar71xx.sh: add model detection for TP-Link TL-WR810N

Properly report the revision in /tmp/sysinfo/model.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agoiptables: make kmod-ipt-debug part of default ALL build
Yousong Zhou [Fri, 26 Jan 2018 06:40:25 +0000 (14:40 +0800)]
iptables: make kmod-ipt-debug part of default ALL build

The iptables TRACE target is only available in raw table that's why the
dependency was moved from iptables-mod-trace into kmod-ipt-debug

Fixes FS#1219

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agoiptables: Fix target TRACE issue
Martin Wetterwald [Thu, 12 Jan 2017 14:06:00 +0000 (15:06 +0100)]
iptables: Fix target TRACE issue

The package kmod-ipt-debug builds the module xt_TRACE, which allows
users to use '-j TRACE' as target in the chain PREROUTING of the table
raw in iptables.

The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so
that this feature which is implemented deep inside the linux IP stack
(for example in sk_buff) is compiled.

But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals
that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which
fails as this dynamic library is not present on the system.

I created the package iptables-mod-trace which takes care of that, and
target TRACE now works!

https://dev.openwrt.org/ticket/16694
https://dev.openwrt.org/ticket/19661

Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
[Jo-Philipp Wich: also remove trace extension from builtin extension list
                  and depend on kmod-ipt-raw since its required for rules]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
6 years agocurl: fix libcurl/mbedtls async interface
Darren Tucker [Sat, 20 Jan 2018 06:26:06 +0000 (14:26 +0800)]
curl: fix libcurl/mbedtls async interface

When using mbedtls, curl's nonblocking interface will report a request
as done immediately after the socket is written to and never read from
the connection.  This will result in a HTTP status code of 0 and zero
length replies.  Cherry-pick the patch from curl 7.53.0 to fix this
(https://github.com/curl/curl/commit/b993d2cc).

Fixes https://bugs.openwrt.org/index.php?do=details&task_id=1285.

Signed-off-by: Darren Tucker <dtucker@dtucker.net>
6 years agokernel: bump 4.4 to 4.4.112 for 17.01
Kevin Darbyshire-Bryant [Thu, 18 Jan 2018 13:46:13 +0000 (13:46 +0000)]
kernel: bump 4.4 to 4.4.112 for 17.01

Refresh patches.
Remove upstreamed patches:

target/linux/generic/patches-4.4/030-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/patches-4.4/030-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch
target/linux/generic/patches-4.4/030-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/patches-4.4/030-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Compile-tested: ar71xx Archer C7 v2
Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agodnsmasq: backport validation fix in dnssec security fix
Kevin Darbyshire-Bryant [Sat, 20 Jan 2018 08:46:28 +0000 (08:46 +0000)]
dnsmasq: backport validation fix in dnssec security fix

A DNSSEC validation error was introduced in the fix for CVE-2017-15107

Backport the upstream fix to the fix (a simple typo)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from commit adaf1cbcc8b253ea807dbe0416b4b04c33dceadf)

6 years agodnsmasq: backport dnssec security fix for 17.01
Kevin Darbyshire-Bryant [Fri, 19 Jan 2018 17:15:41 +0000 (17:15 +0000)]
dnsmasq: backport dnssec security fix for 17.01

CVE-2017-15107

An interesting problem has turned up in DNSSEC validation. It turns out
that NSEC records expanded from wildcards are allowed, so a domain can
include an NSEC record for *.example.org and an actual query reply could
expand that to anything in example.org  and still have it signed by the
signature for the wildcard. So, for example

!.example.org NSEC zz.example.org

is fine.

The problem is that most implementers (your author included, but also
the Google public DNS people, powerdns and Unbound) then took that
record to prove the nothing exists between !.example.org and
zz.example.org, whereas in fact it only provides that proof between
*.example.org and zz.example.org.

This gives an attacker a way to prove that anything between
!.example.org and *.example.org doesn't exists, when it may well do so.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agomountd: bump to git HEAD version
Hans Dedecker [Wed, 17 Jan 2018 12:57:30 +0000 (13:57 +0100)]
mountd: bump to git HEAD version

c54e5c6 mount: check if block was mounted before cleaning it up
e31565a mount: remove directory if mounting fails
0f4f20b mount: call hotplug mount scripts only on success

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agokernel: bump 4.4 to 4.4.111 for 17.01
Kevin Darbyshire-Bryant [Wed, 10 Jan 2018 16:01:00 +0000 (16:01 +0000)]
kernel: bump 4.4 to 4.4.111 for 17.01

Refresh patches

Tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agokmod-sched-cake: bump to latest cake bake for 17.01
Kevin Darbyshire-Bryant [Mon, 8 Jan 2018 13:00:07 +0000 (13:00 +0000)]
kmod-sched-cake: bump to latest cake bake for 17.01

More important bug fix:

402f05c Use full-rate mtu_time in all tins.  Fixes an issue where some
cake tins experienced excessive latency since 49776da (dynamically
adjust target)

Minor bug fixes:

31277c2 Avoid unsigned comparison against zero.  Fix compiler warning,
no known impact.
8cf5278 ack_filter: fix TCP flag check. A very contrived case may have
lead to dropping a SYN packet that should not be dropped.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agoar71xx: Netgear WNR2000v4: do not include USB packages [17.01]
Stijn Segers [Sat, 13 Jan 2018 16:18:21 +0000 (17:18 +0100)]
ar71xx: Netgear WNR2000v4: do not include USB packages [17.01]

The Netgear WNR2000v4 does not have a USB port. Hence, including USB packages into the default images is useless.
It looks like the WNR2000v4 definition in master is OK.

v2 fixes the silly typo in the patch title (WNR2000v4 instead of WNR200v4)

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
6 years agobuild: fix restoring /etc/opkg with PER_DEVICE_ROOTFS
Jo-Philipp Wich [Wed, 10 Jan 2018 19:17:48 +0000 (20:17 +0100)]
build: fix restoring /etc/opkg with PER_DEVICE_ROOTFS

When generating per-device rootfs directories, the ./etc/opkg/ directory
is moved away prior to calling opkg install, opkg remove and rootfs_prepare.
After the opkg invocations and the rootfs_prepare macro call, the saved opkg
config directory is supposed to be moved back to its previous ./etc/opkg
location.

The mv command however can fail to properly restore the directory under
certain circumstances, e.g. when the prior opkg or files/ overlay copy
operations caused a new ./etc/opkg/ directory to be created.

In this case, the backed up directory (named target-dir-$hash.opkg) will be
moved into the preexisting ./etc/opkg/ directory instead, causing the opkg
configuration to be located in a wrong path on the final rootfs, e.g. in
/etc/opkg/target-dir-$hash.opkg/distfeeds.conf instead of
/etc/opkg/distfeeds.conf.

Solve this problem by replacing the naive "mv" command with a recursive
"cp -T" invocation which causes the backed up directory tree to get merged
with the destination directory in case it already exists.

Also perform the rootfs_prepare macro call after restoring the opkg
configuration, to allow users to override it again by using the files/
overlay mechanism.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit ab1785b1b2559c9f2d09d4d3ce43e11f4b828616)

6 years agoramips: fix lenovo newifi-y1 switch and LED config
Chuanhong Guo [Fri, 29 Dec 2017 04:35:32 +0000 (12:35 +0800)]
ramips: fix lenovo newifi-y1 switch and LED config

There are 3 ethernet ports on Y1. LAN1 on port1, LAN2 on port0 and WAN on
port4.

Use a standalone switch configuration to match this and use the switch
trigger so that LAN LED could indicate the connetction status for both
lan ports correctly.

This patch also drop the internet led configuration, because there is a
WAN led for port4 and eth0.2 isn't always used as WAN.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
6 years agoramips: firewrt: indicate boot status via LED
Mathias Kresin [Sat, 30 Dec 2017 09:19:18 +0000 (10:19 +0100)]
ramips: firewrt: indicate boot status via LED

Add the Firefly FireWRT gree power LED to diag.sh to indicate the boot
status via the power LED.

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoag71xx: Fix rx ring buffer stall on small packets flood on qca956x and qca953x.
Vittorio Gambaletta [Sat, 25 Mar 2017 17:08:02 +0000 (18:08 +0100)]
ag71xx: Fix rx ring buffer stall on small packets flood on qca956x and qca953x.

Backported from Code Aurora QSDK

Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
6 years agoar71xx: QCA956X: add missing register
Henryk Heisig [Fri, 6 Jan 2017 20:21:11 +0000 (21:21 +0100)]
ar71xx: QCA956X: add missing register

Signed-off-by: Henryk Heisig <hyniu@o2.pl>
6 years agomvebu: fix mvneta build with Linux 4.4.110
Jo-Philipp Wich [Mon, 8 Jan 2018 13:35:21 +0000 (14:35 +0100)]
mvebu: fix mvneta build with Linux 4.4.110

Kernel 4.4.109 added pp->link, pp->duplex and pp->speed setters to
mvneta_port_disable() which the mvneta patchset failed to patch out after
rebasing, leading to the following build error:

      CC      drivers/net/ethernet/marvell/mvneta.o
    drivers/net/ethernet/marvell/mvneta.c: In function 'mvneta_port_disable':
    drivers/net/ethernet/marvell/mvneta.c:1199:4: error: 'struct mvneta_port' has no member named 'link'
      pp->link = 0;
        ^
    drivers/net/ethernet/marvell/mvneta.c:1200:4: error: 'struct mvneta_port' has no member named 'duplex'
      pp->duplex = -1;
        ^
    drivers/net/ethernet/marvell/mvneta.c:1201:4: error: 'struct mvneta_port' has no member named 'speed'
      pp->speed = 0;
        ^

Fix the issue by rebasing 134-net-mvneta-convert-to-phylink.patch to remove
these struct member accesses as well.

Fixes: 7f5a040359 ("kernel: update kernel 4.4 to version 4.4.110")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agolantiq: activate noise margin delta for VDSL too
Hauke Mehrtens [Sat, 6 Jan 2018 01:36:39 +0000 (02:36 +0100)]
lantiq: activate noise margin delta for VDSL too

Previously this was only activated for ADSL, this patch activates the
same setting also for VDSL, this feature is also support for VDSL in the
same way it works for ADSL.
I tested it with DSL FW 5.7.9.5.1.7 against a Broadcom 177.140 DSLCO
(Deutsche Telekom) and saw different data rates and Max. Attainable Data
Rates depending on the ds_snr_offset settings I choose.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agoLantiq: make possible to tweak DSL SRN from UCI
Andrea Merello [Sat, 13 May 2017 15:16:13 +0000 (17:16 +0200)]
Lantiq: make possible to tweak DSL SRN from UCI

This patch makes possible to tweak the downstream SNR margin on
Lantiq DSL devices.

The UCI parameter 'network.dsl.ds_snr_offset' is used to set the SNR
margin offset. It accepts values in range -50 to +50 in 0.1 dB units.

The SNR margin can thus be modified in range -5.0 to +5.0 dB in 0.1 dB
steps.

Currently this should only affect ADSL (not VDSL). It should be very
easy to make this work also on VDSL lines, but since I couldn't test
on VDSL lines this patch does not do that yet.

I have also a patch for LUCI about this, that I could submit.

Tested on FB3370 (Lantiq VR9) and Telecom Italia ADSL2+ line.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
6 years agolibubox: update to latest lede-17.01 git HEAD
Jo-Philipp Wich [Sun, 7 Jan 2018 15:22:21 +0000 (16:22 +0100)]
libubox: update to latest lede-17.01 git HEAD

1dafcd7 jshn: properly support JSON "null" type
6abafba jshn: read and write 64-bit integers
cfc75c5 runqueue: fix use-after-free bug

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agokernel: update kernel 4.4 to version 4.4.110
Hauke Mehrtens [Sat, 6 Jan 2018 01:08:42 +0000 (02:08 +0100)]
kernel: update kernel 4.4 to version 4.4.110

This fixes:  CVE-2017-5754

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agobrcm47xx: relocate the stack in loader
Hauke Mehrtens [Sun, 8 Oct 2017 16:31:03 +0000 (18:31 +0200)]
brcm47xx: relocate the stack in loader

By default we are reusing the stack provided by CFE, like it is intended
by CFE. On my WRT54GS it is located at 0x8043BF30, so a big kernel image
could overwrite it. Relocate it to a different memory region which is
still under the 8MB RAM, but in the higher area. We only need this
memory region for the stack of the loader, Linux will set up this
for its own.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agobrcm47xx: relocate loader to higher address
Hauke Mehrtens [Sun, 8 Oct 2017 14:52:28 +0000 (16:52 +0200)]
brcm47xx: relocate loader to higher address

The boot process on a WRT54GL works the following way:
1. CFE gets loaded by the boot rom from flash
2. CFE loads the loader from the flash and gzip uncompresses it
3. CFE starts the loader
4. The loader stores the FW arguments and relocates itself to
   BZ_TEXT_START (now 0x80600000)
5. The loader reads the Linux image from flash
6. The loader lzma decompresses the Linux image to LOADADDR (0x80001000)
7. The loader executes the uncompress Linux image at LOADADDR

The BZ_TEXT_START was set to 0x80400000 before. When the kernel gets
uncompressed and is bigger than BZ_TEXT_START - LOADADDR it overwrote
the loader which was currently uncompressing it and made the board
crash. Increase the BZ_TEXT_START my 2 MB to have more space for the
kernel. Even on 16MB RAM devices the memory goes till 0x80FFFFFF so this
should not be a problem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agofstools: backport fix from master branch
Rafał Miłecki [Fri, 5 Jan 2018 13:57:05 +0000 (14:57 +0100)]
fstools: backport fix from master branch

37762ff libfstools: support file paths longer than 255 chars

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 years agoprocd: update to latest git HEAD
Hans Dedecker [Thu, 4 Jan 2018 10:29:17 +0000 (11:29 +0100)]
procd: update to latest git HEAD

1883530 procd: Fix minor null pointer dereference.
9085551 procd: initd: fix path allocation in early_insmod

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agobrcm47xx: image: build firmware for Asus WL-500g Deluxe
Rafał Miłecki [Wed, 27 Dec 2017 07:55:28 +0000 (08:55 +0100)]
brcm47xx: image: build firmware for Asus WL-500g Deluxe

It's a device based on BCM5365P (0x5365 package 0x00). This SoC has
USB 1.1 controller but device has two USB 2.0 parts. They are handled by
PCI-based controllers: 1106:3038 UHCI and 1106:3104 EHCI.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 years agoRevert "iptables: fix nftables compile issue (FS#711)"
Hans Dedecker [Tue, 2 Jan 2018 09:04:59 +0000 (10:04 +0100)]
Revert "iptables: fix nftables compile issue (FS#711)"

This reverts commit da126d557c6d1cfe19d3f93481af6e00631d7931 as the iptables patch does not apply cleanly.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoiptables: fix nftables compile issue (FS#711)
rektide de la faye [Thu, 14 Dec 2017 06:29:11 +0000 (01:29 -0500)]
iptables: fix nftables compile issue (FS#711)

Enabling IPTABLES_NFTABLES resulted in an error during build:#
*** No rule to make target '../extensions/libext.a',
needed by 'xtables-compat-multi'."

Comments from Alexander Lochmann and Fedor Konstantinov in FS#711
provided fixes for this build error, allowing iptables to compile.
https://bugs.lede-project.org/index.php?do=details&task_id=711.

This commit updates the Makefile.am xtables_compat_multi_LDFLAGS
and _LDADD, moving linking of extensions to LDFLAGS.

Signed-off-by: rektide de la faye <rektide@voodoowarez.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agorpcd: backport version 2017-12-07 from master
Daniel Golle [Mon, 1 Jan 2018 21:27:51 +0000 (22:27 +0100)]
rpcd: backport version 2017-12-07 from master

cfe1e75c91 sys: packagelist: allow listing all packages
74a784f037 sys: fix passwd path

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(commit 173edcdc9da55fbd7225c4baa7b03405dfc074cc on master)

6 years agouci: update to HEAD of lede-17.01 branch
Jo-Philipp Wich [Mon, 1 Jan 2018 16:01:49 +0000 (17:01 +0100)]
uci: update to HEAD of lede-17.01 branch

Switch uci to the lede-17.01 branch which contains the following two commits
cherry-picked from uci master:

141b64e lua: additionally return name when looking up sections
1e17f24 lua: support extended section notation

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agoiproute2: cake: fix patch format error
Kevin Darbyshire-Bryant [Sat, 30 Dec 2017 09:20:39 +0000 (09:20 +0000)]
iproute2: cake: fix patch format error

Fix patch format error introduced in c4e9487cf5
Refresh patches to tidy fuzz

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agokernel: bump 4.4 to 4.4.108 for 17.01
Kevin Darbyshire-Bryant [Tue, 26 Dec 2017 19:30:02 +0000 (19:30 +0000)]
kernel: bump 4.4 to 4.4.108 for 17.01

Refresh patches.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agoiproute2: cake: support new operating modes for 17.01
Kevin Darbyshire-Bryant [Fri, 22 Dec 2017 13:45:11 +0000 (13:45 +0000)]
iproute2: cake: support new operating modes for 17.01

There has been recent significant activity with the cake qdisc of late
Some of that effort is related to upstreaming to kernel & iproute2
mainline but we're not quite there yet.  This commit teaches tc how to
activate and interprete the latest cake operating modes, namely:

ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.

ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS.  Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agokmod-sched-cake: bump to latest bake of cake for 17.01
Kevin Darbyshire-Bryant [Fri, 22 Dec 2017 13:45:10 +0000 (13:45 +0000)]
kmod-sched-cake: bump to latest bake of cake for 17.01

There has been recent significant activity with the cake qdisc of late
but in the cobalt branch.  Some of that effort is related to upstreaming
to kernel & iproute2 mainline but we're not quite there yet.  Relevant
feature changes:

ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.

ptm mode: Minor optimisation in packet overhead calculation.

dual-src/dsthost/triple-isolate: Optimise only calculating src or dst
host hashes only if required.

ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS.  Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.

A separate iproute2 patch to teach it about Cake's new features will
follow.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agoramips: fix widora neo diag led
Mathias Kresin [Wed, 27 Dec 2017 21:09:52 +0000 (22:09 +0100)]
ramips: fix widora neo diag led

The diag LED is named widora:orange:wifi and can't be derived from the
boardname.

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agobase-files: fix logic when to show failsafe banner
Matthias Schiffer [Fri, 29 Dec 2017 14:56:01 +0000 (15:56 +0100)]
base-files: fix logic when to show failsafe banner

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: 1c9299877be9 ("base-files: set FAILSAFE in /etc/profile when
/tmp/.failsafe exists")

6 years agobase-files: set FAILSAFE in /etc/profile when /tmp/.failsafe exists
Matthias Schiffer [Fri, 29 Dec 2017 13:34:03 +0000 (14:34 +0100)]
base-files: set FAILSAFE in /etc/profile when /tmp/.failsafe exists

Since dropbear clears the environment, FAILSAFE was not set as intended in
failsafe mode.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agowireguard: bump to 20171221
Kevin Darbyshire-Bryant [Sat, 23 Dec 2017 19:26:52 +0000 (19:26 +0000)]
wireguard: bump to 20171221

7e945a8 version: bump snapshot
f2168aa compat: kernels < 3.13 modified genl_ops
52004fd crypto: compile on UML
6b69b65 wg-quick: dumber matching for default routes
aa35d9d wg-quick: add the "Table" config option
037c389 keygen-html: remove prebuilt file

No patch refresh required.

Compile-test-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agokernel: bump 4.4 to 4.4.107
Etienne Haarsma [Thu, 21 Dec 2017 09:28:16 +0000 (10:28 +0100)]
kernel: bump 4.4 to 4.4.107

Bump 4.4 to 4.4.107 and refreshed all patches.
Made the following patch for Mediatek and Oxnas compatible with kernel 4.4.107:
0072-mtd-backport-v4.7-0day-patches-from-Boris.patch

Compile-tested: ar71xx
Run-tested: ar71xx

Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com>
Reviewed-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Rosen Penev <rosenp@gmail.com>
6 years agowireguard: bump to 20171211
Kevin Darbyshire-Bryant [Tue, 12 Dec 2017 19:34:17 +0000 (19:34 +0000)]
wireguard: bump to 20171211

Bump to latest WireGuard snapshot release:

44f8e4d version: bump snapshot
bbe2f94 chacha20poly1305: wire up avx512vl for skylake-x
679e53a chacha20: avx512vl implementation
10b1232 poly1305: fix avx512f alignment bug
5fce163 chacha20poly1305: cleaner generic code
63a0031 blake2s-x86_64: fix spacing
d2e13a8 global: add SPDX tags to all files
d94f3dc chacha20-arm: fix with clang -fno-integrated-as.
3004f6b poly1305: update x86-64 kernel to AVX512F only
d452d86 tools: no need to put this on the stack
0ff098f tools: remove undocumented unused syntax
b1aa43c contrib: keygen-html for generating keys in the browser
e35e45a kernel-tree: jury rig is the more common spelling
210845c netlink: rename symbol to avoid clashes
fcf568e device: clear last handshake timer on ifdown
d698467 compat: fix 3.10 backport
5342867 device: do not clear keys during sleep on Android
88624d4 curve25519: explictly depend on AS_AVX
c45ed55 compat: support RAP in assembly
7f29cf9 curve25519: modularize dispatch

Refresh patches.

Compile-test-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agobrcm47xx: remove target specific network preinit config
Jo-Philipp Wich [Wed, 17 May 2017 12:36:23 +0000 (14:36 +0200)]
brcm47xx: remove target specific network preinit config

The generic preinit code is now able to setup network and switch vlan settings
from the /etc/board.json file, therefor drop the target specific code.

Fixes FS#790.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 833c500cb2985e9b76a1aae3b6a577977eee5457)

6 years agorules.mk: export TMPDIR
Jo-Philipp Wich [Tue, 12 Dec 2017 15:28:04 +0000 (16:28 +0100)]
rules.mk: export TMPDIR

Set TMPDIR to the same value as the existing TMP_DIR variable in order to
let gcc and various other utilities use the local temporary directory
instead of the system-wide one.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 52a3477ff91a2009e451d5dce307e9cc945e9ffa)

6 years agousbutils: Update usb.ids file to latest
Rosen Penev [Wed, 22 Nov 2017 05:57:52 +0000 (21:57 -0800)]
usbutils: Update usb.ids file to latest

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit fc4e7bdca75f4d283374d3dfe0d0ac1cd4885612)

6 years agohostapd: remove unused local var declaration
Leon M. George [Mon, 20 Nov 2017 16:38:09 +0000 (17:38 +0100)]
hostapd: remove unused local var declaration

Signed-off-by: Leon M. George <leon@georgemail.eu>
(cherry picked from commit 63462910ddb01d9a7391d793228767628aa65db2)

6 years agohostapd: don't set htmode for wpa_supplicant
Leon M. George [Mon, 20 Nov 2017 16:36:55 +0000 (17:36 +0100)]
hostapd: don't set htmode for wpa_supplicant

no longer supported

Signed-off-by: Leon M. George <leon@georgemail.eu>
(cherry picked from commit cc0847eda337f948f5ff6e75014aa88e48779677)

6 years agolibnl-tiny: use fixed message size instead of using the page size
Felix Fietkau [Thu, 9 Nov 2017 13:39:48 +0000 (14:39 +0100)]
libnl-tiny: use fixed message size instead of using the page size

Simplifies the code and reduces size

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d5bcd0240a8f42a05ef31005a9a9dea848d3f7a8)

6 years agopackages: nvram: fix memory leak in _nvram_free
Zhai Zhaoxuan [Tue, 11 Jul 2017 10:12:00 +0000 (18:12 +0800)]
packages: nvram: fix memory leak in _nvram_free

The value of nvram_tuple_t is allocated in _nvram_realloc,
but it is not freed in _nvram_free.

Signed-off-by: Zhai Zhaoxuan <zhaizhaoxuan@xiaomi.com>
(cherry picked from commit c382237ac33a787043b22abc42f0c5a80278baae)

6 years agomac80211: don't pass the hostapd ctrl iface in adhoc
Antonio Quartulli [Fri, 9 Nov 2012 14:23:34 +0000 (15:23 +0100)]
mac80211: don't pass the hostapd ctrl iface in adhoc

Passing the ctrl iface to wpa_supplicant will automatically cause wpa_supplicant
to send "STOP_AP" messages to the hostapd. This breaks the AP interfaces.

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
(cherry picked from commit 0da54fa6428ea98d31b49f5d9a4a272214f5d188)

6 years agohostapd: explicitly set beacon interval for wpa_supplicant
Sven Eckelmann [Tue, 7 Nov 2017 10:48:40 +0000 (11:48 +0100)]
hostapd: explicitly set beacon interval for wpa_supplicant

The beacon_int is currently set explicitly for hostapd and when LEDE uses
iw to join and IBSS/mesh. But it was not done when wpa_supplicant was used
to join an encrypted IBSS or mesh.

This configuration is required when an AP interface is configured together
with an mesh interface. The beacon_int= line must therefore be re-added to
the wpa_supplicant config. The value is retrieved from the the global
variable.

Fixes: 1a16cb9c67f0 ("mac80211, hostapd: always explicitly set beacon interval")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [rebase]
(cherry picked from commit 772afef61dc68e2470f4da130fac862ccf2fb105)

6 years agohostapd: set mcast_rate in mesh mode
Sven Eckelmann [Thu, 11 May 2017 06:56:50 +0000 (08:56 +0200)]
hostapd: set mcast_rate in mesh mode

The wpa_supplicant code for IBSS allows to set the mcast rate. It is
recommended to increase this value from 1 or 6 Mbit/s to something higher
when using a mesh protocol on top which uses the multicast packet loss as
indicator for the link quality.

This setting was unfortunately not applied for mesh mode. But it would be
beneficial when wpa_supplicant would behave similar to IBSS mode and set
this argument during mesh join like authsae already does. At least it is
helpful for companies/projects which are currently switching to 802.11s
(without mesh_fwding and with mesh_ttl set to 1) as replacement for IBSS
because newer drivers seem to support 802.11s but not IBSS anymore.

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh]
(cherry picked from commit 43f66943d0dbf0ed0ec2a9cb071d0fbded2fbe35)

6 years agoigmpproxy: remove firewall rules when service is stopped
Hans Dedecker [Mon, 13 Nov 2017 21:33:48 +0000 (22:33 +0100)]
igmpproxy: remove firewall rules when service is stopped

Remove multicast routing firewall rules when the igmpproxy is stopped by
triggering a firewall config change.
Keeping the firewall open from the wan for igmp and udp multicast is not
desired when the igmpproxy service is inactive.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 31ebbe34ccc066c212ef20de0856ab3a428fb801)

6 years agoopenvpn: add support to start/stop single instances
Martin Schiller [Mon, 9 Oct 2017 08:12:04 +0000 (10:12 +0200)]
openvpn: add support to start/stop single instances

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
(cherry picked from commit e2f25e607d2092cffa45196e7997854feb464232)

6 years agopackage/elfutils: add CFLAG -Wno-format-nonliteral
Alexander Couzens [Fri, 4 Aug 2017 11:09:12 +0000 (13:09 +0200)]
package/elfutils: add CFLAG -Wno-format-nonliteral

When a library is using fortify-packages GCC will complain about
"error: format not a string literal, argument types not checked".

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(cherry picked from commit 6ab45214644166846398e5e520d151c05cc4dd55)

6 years agotools/coreutils: install readlink
Felix Fietkau [Thu, 9 Nov 2017 11:21:15 +0000 (12:21 +0100)]
tools/coreutils: install readlink

Parts of the build system use non-portable invocation of readlink

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 6bcc1c5331c797004e1b43168eb116d2d14b0102)

6 years agouhttpd: fix query string handling
Jo-Philipp Wich [Mon, 6 Nov 2017 11:04:25 +0000 (12:04 +0100)]
uhttpd: fix query string handling

Update to latest Git in order to fix potential memory corruption and invalid
memory access when handling query strings in conjunction with active basic
authentication.

a235636 2017-11-04 file: fix query string handling

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 05a4200d56efe439e298c8af3d82ac221b0e86e9)

6 years agoopenssl: fix cryptodev config dependency
Ralph Sennhauser [Sun, 22 Oct 2017 20:21:22 +0000 (22:21 +0200)]
openssl: fix cryptodev config dependency

Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
(cherry picked from commit f5468d248613fee51d19715e0fa6e37012c0eda7)