oweals/openwrt.git
6 years agoapm821xx: set uart compatible to ns16750
Christian Lamparter [Mon, 15 Oct 2018 18:00:06 +0000 (20:00 +0200)]
apm821xx: set uart compatible to ns16750

The APM821XX/PPC460EX datasheet mentions:
"Register compatibility with 16750 register set"

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
6 years agobuild: remove obsolete -rc kernel testing rewrites
Christian Lamparter [Mon, 15 Oct 2018 18:00:05 +0000 (20:00 +0200)]
build: remove obsolete -rc kernel testing rewrites

The -rcX "testing" kernels are no longer hosted on
cdn.kernel.org file servers directly in a "testing"
directory. Therefore the logic that tested for "-rc"
can be removed.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
6 years agogemini: Fix up image generation
Linus Walleij [Wed, 17 Oct 2018 18:46:19 +0000 (20:46 +0200)]
gemini: Fix up image generation

I noticed that the image generator for the Gemini generates
some 10+ MB files for the second (application) partition.
This is just wrong. The first 6144K partition named initramfs
easily fits OpenWRTs squashfs,jffs2 overlayed partitions
with nice headroom for storing configuration files.

Generate a blank partition for the hddapp.tgz file and delete
it after generating the firmware image - when performing
updates manually you just want the "rd.z" file around
anyways.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
6 years agogemini: Break out USB to packages
Linus Walleij [Thu, 18 Oct 2018 09:30:27 +0000 (11:30 +0200)]
gemini: Break out USB to packages

This creates a new kernel package for the fotg210 host
controller and uses that with the gemini to shrink the
kernel. The SQ201 needs the USB2 PCI package as well.

The build system required me to make kernel_oldconfig
beofore it would build without errors so some minor
unrelated Kconfig entries are changed.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
6 years agokernel: Add support for Winbond w25q128jv SPI NOR flash
Baptiste Jonglez [Thu, 18 Oct 2018 09:07:26 +0000 (11:07 +0200)]
kernel: Add support for Winbond w25q128jv SPI NOR flash

Newer batches of several Mikrotik boards contain this yet-unsupported
flash chip, for instance:

- rb941-2nd (hAP lite)
- rb952ui-5ac2nd (hAP ac lite)
- RBM33G

and probably other Mikrotik boards need this patch as well.

The patch was submitted upstream by Robert Marko: https://patchwork.ozlabs.org/patch/934181/

Closes: FS#1715
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Cc: Robert Marko <robimarko@gmail.com>
6 years agotoolchain/musl: Don't override optimization set by upstream
Daniel Engberg [Thu, 22 Feb 2018 22:39:40 +0000 (23:39 +0100)]
toolchain/musl: Don't override optimization set by upstream

Don't override optimization set by upstream.
Provides a speed increase for internal (library), malloc and string
operations in musl.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
[add : to PKG_RELEASE release variable for consistency]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agodnsmasq: bump to v2.80
Kevin Darbyshire-Bryant [Fri, 19 Oct 2018 14:17:23 +0000 (15:17 +0100)]
dnsmasq: bump to v2.80

dnsmasq v2.80 release

Change from rc1:

91421cb Fix compiler warning.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agokernel: bump 4.14 to 4.14.77
Koen Vandeputte [Thu, 18 Oct 2018 10:09:22 +0000 (12:09 +0200)]
kernel: bump 4.14 to 4.14.77

Refreshed all patches.

Altered patches:
- 666-Add-support-for-MAP-E-FMRs-mesh-mode.patch

New symbol for arm targets:
- HARDEN_BRANCH_PREDICTOR

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 4.9 to 4.9.134
Koen Vandeputte [Thu, 18 Oct 2018 09:58:32 +0000 (11:58 +0200)]
kernel: bump 4.9 to 4.9.134

Refreshed all patches.

Compile-tested on: ar71xx, layerscape
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agoiproute2: install ip-tiny and ip-full in /usr/libexec
Hans Dedecker [Tue, 16 Oct 2018 12:16:48 +0000 (14:16 +0200)]
iproute2: install ip-tiny and ip-full in /usr/libexec

Install the ip-tiny and ip-full variants in /usr/libexec as the suffixed
ip variants are not meant to be called directly

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agomt76: update to the latest version
Felix Fietkau [Thu, 18 Oct 2018 14:27:46 +0000 (16:27 +0200)]
mt76: update to the latest version

b51337a mt76: clean up unused leftover EXPORT_SYMBOLs
383b228 mt76x0: reduce duplication in setting rf bandwidth parameters
a1a4528 mt76: mt76x0: handle chip specific initval differences
f473340 mt76: usb: fix static tracepoints
3a975b4 mt76x0: antenna select corrections
37c1150 mt76x0: init: simplify mt76x0_init_mac_registers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agowireguard: bump to 0.0.20181018
Jason A. Donenfeld [Thu, 18 Oct 2018 01:48:34 +0000 (03:48 +0200)]
wireguard: bump to 0.0.20181018

ba2ab5d version: bump snapshot
5f59c76 tools: wg-quick: wait for interface to disappear on freebsd
ac7e7a3 tools: don't fail if a netlink interface dump is inconsistent
8432585 main: get rid of unloaded debug message
139e57c tools: compile on gnu99
d65817c tools: use libc's endianness macro if no compiler macro
f985de2 global: give if statements brackets and other cleanups
b3a5d8a main: change module description
296d505 device: use textual error labels always
8bde328 allowedips: swap endianness early on
a650d49 timers: avoid using control statements in macro
db4dd93 allowedips: remove control statement from macro by rewriting
780a597 global: more nits
06b1236 global: rename struct wireguard_ to struct wg_
205dd46 netlink: do not stuff index into nla type
2c6b57b qemu: kill after 20 minutes
6f2953d compat: look in Kbuild and Makefile since they differ based on arch
a93d7e4 create-patch: blacklist instead of whitelist
8d53657 global: prefix functions used in callbacks with wg_
123f85c compat: don't output for grep errors

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
6 years agoar71xx/ath79: fix mtd corruption
Fabio Bettoni [Wed, 17 Oct 2018 12:21:41 +0000 (14:21 +0200)]
ar71xx/ath79: fix mtd corruption

In commit fec8fe806963 ("kernel: bump 4.9 to 4.9.116") [1], the following patch for removed:
- 403-mtd_fix_cfi_cmdset_0002_status_check.patch

This patch contained fixes for both write and erase functions.

While the chip-detects for erase got fixed upstream [2],
some modifications are still required, even with the fixes applied.

While at it, also apply the same fix for target ath79,
which suffers the same issue.

Not doing so results in following errors seen:

Collected errors:
 * pkg_write_filelist: Failed to open //usr/lib/opkg/info/luci-lib-ip.list: I/O error.
 * opkg_install_pkg: Failed to extract data files for luci-lib-ip. Package debris may remain!
 * opkg_install_cmd: Cannot install package luci-ssl.
 * opkg_conf_write_status_files: Can't open status file //usr/lib/opkg/status: I/O error.

[    0.780920] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[    8.406396] jffs2: notice: (415) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[    8.423476] mount_root: switching to jffs2 overlay
[  270.902671] jffs2: Write of 1989 bytes at 0x005ce6f8 failed. returned -5, retlen 962
[  270.931965] jffs2: Write of 1989 bytes at 0x005ceec0 failed. returned -5, retlen 0
[  270.939631] jffs2: Not marking the space at 0x005ceec0 as dirty because the flash driver returned retlen zero
[  270.950397] jffs2: Write of 68 bytes at 0x005ceec0 failed. returned -5, retlen 0
[  270.957838] jffs2: Not marking the space at 0x005ceec0 as dirty because the flash driver returned retlen zero
[  270.968584] jffs2: Write of 68 bytes at 0x005ceec0 failed. returned -5, retlen 0
[  270.976027] jffs2: Not marking the space at 0x005ceec0 as dirty because the flash driver returned retlen zero
[  270.986735] jffs2: Write of 68 bytes at 0x005ceec0 failed. returned -5, retlen 0
[  270.994225] jffs2: Not marking the space at 0x005ceec0 as dirty because the flash driver returned retlen zero

[1] https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=fec8fe806963c96a6506c2aebc3572d3a11f285f
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.9.133&id=a0239d83e1cb60de5e78452d4708c083b9e3dcbe

Fixes: fec8fe806963 ("kernel: bump 4.9 to 4.9.116")
Signed-off-by: Fabio Bettoni <fbettoni@gmail.com>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agoar71xx: Move some targets to tiny
Koen Vandeputte [Wed, 17 Oct 2018 15:16:51 +0000 (17:16 +0200)]
ar71xx: Move some targets to tiny

Recent changes on ar71xx (switch to 4.14, memory compaction, ...) cause
an increase in kernel size, making it too big for some devices.

Move these devices to the tiny target, where kernel symbols and
optimization for speed are disabled, reducing the kernel size.

Devices:
- EnGenius ENS202EXT
- OCEDO Koala

Compile-tested targets:

- ar71xx->generic->default
- ar71xx->smallFlash->Default

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agonetifd: update to latest git HEAD
Hans Dedecker [Wed, 17 Oct 2018 09:14:15 +0000 (11:14 +0200)]
netifd: update to latest git HEAD

841b5d1 system-linux: enable by default ignore encaplimit for grev6 tunnels
125cbee system-linux: fix a typo in gre tunnel data parsing logic

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agogre: make encaplimit support configurable
Hans Dedecker [Wed, 17 Oct 2018 09:02:05 +0000 (11:02 +0200)]
gre: make encaplimit support configurable

Make inclusion of the destination option header containing the tunnel
encapsulation limit configurable for IPv6 GRE packets.
Setting the uci parameter encaplimit to ignore; allows to disable the
insertion of the destination option header in the IPv6 GRE packets.
Otherwise the tunnel encapsulation limit value can be set to a value
from 0 till 255 by setting the encaplimit uci parameter accordingly.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agotools/xz: Add PKG_CPE_ID for proper CVE tracking
Rosen Penev [Mon, 15 Oct 2018 20:58:30 +0000 (13:58 -0700)]
tools/xz: Add PKG_CPE_ID for proper CVE tracking

Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agotools/libressl: Add PKG_CPE_ID for proper CVE tracking
Rosen Penev [Mon, 15 Oct 2018 17:47:09 +0000 (10:47 -0700)]
tools/libressl: Add PKG_CPE_ID for proper CVE tracking

Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agotreewide: use wpad-basic for not small flash targets
Mathias Kresin [Tue, 10 Jul 2018 17:22:41 +0000 (19:22 +0200)]
treewide: use wpad-basic for not small flash targets

Add out of the box support for 802.11r and 802.11w to all targets not
suffering from small flash.

Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias did all the heavy lifting on this, but I'm the one who should
get shouted at for committing.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agohostapd: add basic variant
Kevin Darbyshire-Bryant [Mon, 9 Jul 2018 12:16:42 +0000 (13:16 +0100)]
hostapd: add basic variant

Add a basic variant which provides WPA-PSK only, 802.11r and 802.11w and
is intended to support 11r & 11w (subject to driver support) out of the
box.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agoppp: don't start ppp with IPv6 support if ipv6 is not supported
Rosy Song [Thu, 4 Oct 2018 06:46:40 +0000 (14:46 +0800)]
ppp: don't start ppp with IPv6 support if ipv6 is not supported

Signed-off-by: Rosy Song <rosysong@rosinson.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agomt76: update to the latest version, add mt76x0 firmware, enable mt76x0e
Felix Fietkau [Tue, 16 Oct 2018 10:58:57 +0000 (12:58 +0200)]
mt76: update to the latest version, add mt76x0 firmware, enable mt76x0e

96fa353 mt76: do not store aggregation sequence number for null-data frames
c50dca8 mt76x0: print BBP version only for debug
ddc9e05 mt76x0: correct RF access via RF_CSR register.
02d2385 mt76: allow to identify bus
c438e67 mt76x0: correct RF reg pairs write for PCIe
c83abb8 mt76x0: use bus helper to identify rf access method
9c272ff mt76x0: phy: fix bank check in mt76x0_rf_csr_{wr,rr}
1945d57 mt76: use mt76x02_dev instead of mt76_dev in mt76x02_mcu.c
214eab7 mt76: use mt76x02_dev instead of mt76_dev in mt76x02_phy.c
29bc2ae mt76: use mt76x02_dev instead of mt76_dev in mt76x02_util.c
08ecb5f mt76: use mt76x02_dev instead of mt76_dev in mt76x02_usb_mcu.c
fd9b2b0 mt76: use mt76x02_dev instead of mt76_dev in mt76x02_mac.c
f37bd25 mt76: use mt76x02_dev instead of mt76_dev in mt76x02_txrx.c
48950cb mt76: use mt76x02_dev instead of mt76_dev in mt76x02_eeprom.c
06276cc mt76x0: pci: report firmware version using ethtool
72546ed mt76x0: pci: add missing mac80211 callbacks
4de98cd mt76: disable ldpc coding for mt76x0 devices
f0951c2 mt76x0: pci: add mt76x0_register_device in mt76x0e_register_device
4f3685e mt76: reserve enough room for USB tx skbs
5e6907f mt76x0: remove dma.h
acfc5a9 mt76x0: pci: fix set external PA I/O current
2b79bb7 mt76: mt76x0e: another fix for the external PA current setting
8a0acfd mt76x0: phy: fix restore phase in mt76x0_phy_recalibrate_after_assoc
e9e949b mt76x0: phy: remove channel parameter from mt76x0_phy_set_chan_bbp_params
1775717 mt76: move mt76x02_phy_set_bw in mt76x02-lib module
f82134f mt76: move mt76x02_phy_set_band in mt76x02-lib module
3eaa34f mt76x0: pci: rename mt76x0_phy_calibrate
7269fb4 mt76x0: pci: introduce mt76x0_phy_calirate routine
a514b75 mt76x0: phy: update set_channel for mt76x0e devices
62a1bc5 mt76x0: eeprom: introduce mt76x0_tssi_enabled routine
a48481d mt76x0: phy: add phy/vco temperature compensation
cc34ce9 mt76: move rssi_gain_thresh routines in mt76x02-lib module
eaf9751 mt76: move mt76x02_phy_adjust_vga_gain in mt76/mt76x02_phy.c
2715e7c mt76: introduce mt76x02_init_agc_gain routine
87fcb31 mt76x0: phy: align channel gain logic to mt76x2 one
98f8ef7 mt76x0: phy: do not run calibration during channel switch
cf859ad mt76x2: align mt76x2 and mt76x2u firmware
1f3f767 mt76x2u: align channel gain logic to mt76x2 one
d1c1454 treewide: Replace more open-coded allocation size multiplications
bcbecd2 mt76x0: phy: use proper name convention
b6694e6 mt76x0: phy: simplify rf configuration routines
da129c9 mt76x0: phy: improve code readability in initvals_phy.h
eab7ab1 mt76x0: pci: add get_survey support
9e493f7 mt76: move mt76x02_mac_work routine in mt76x02-lib module
ecec6ba mt76: move mt76x02_debugfs in mt76x02-lib module
4f3b608 mt76x0: use shared debugfs implementation
6aae25b mt76x0: use mt76x02_mac_work as stats handler
b228a45 mt76x2u: introduce mac workqueue support
4671af4 mt76x0: phy: unify calibration between mt76x0u and mt76x0e
5ed28f3 mt76x0: do not perform MCU calibration for MT7630
9b844da add mt7610e firmware

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agotools: patch: Add missing CVE-2018-6951 fix
Rosen Penev [Mon, 15 Oct 2018 17:17:29 +0000 (10:17 -0700)]
tools: patch: Add missing CVE-2018-6951 fix

uscan reports a new CVE now that PKG_CPE_ID was added.

Reordered patches by date.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[re-title commit & refresh patches]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agohostapd: fix MAC filter related log spam
Jo-Philipp Wich [Tue, 16 Oct 2018 10:11:20 +0000 (12:11 +0200)]
hostapd: fix MAC filter related log spam

Backport two upstream fixes to address overly verbose logging of MAC ACL
rejection messages.

Fixes: FS#1468
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agodnsmasq: fix dnsmasq failure to start when ujail'd
Christian Lamparter [Tue, 16 Oct 2018 09:11:10 +0000 (11:11 +0200)]
dnsmasq: fix dnsmasq failure to start when ujail'd

This patch fixes jailed dnsmasq running into the following issue:

|dnsmasq[1]: cannot read /usr/share/dnsmasq/dhcpbogushostname.conf: No such file or directory
|dnsmasq[1]: FAILED to start up
|procd: Instance dnsmasq::cfg01411c s in a crash loop 6 crashes, 0 seconds since last crash

Fixes: a45f4f50e16 ("dnsmasq: add dhcp-ignore-names support - CERT VU#598349")

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[bump package release]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agotoolchain/glibc: update to 2.27+
Hans Dedecker [Mon, 15 Oct 2018 09:55:48 +0000 (11:55 +0200)]
toolchain/glibc: update to 2.27+

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agokernel: bump 4.14 to 4.14.76
Koen Vandeputte [Mon, 15 Oct 2018 09:19:43 +0000 (11:19 +0200)]
kernel: bump 4.14 to 4.14.76

Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 4.9 to 4.9.133
Koen Vandeputte [Mon, 15 Oct 2018 09:18:54 +0000 (11:18 +0200)]
kernel: bump 4.9 to 4.9.133

Refreshed all patches.

Compile-tested on: ar71xx, layerscape
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 3.18 to 3.18.124
Koen Vandeputte [Mon, 15 Oct 2018 09:09:53 +0000 (11:09 +0200)]
kernel: bump 3.18 to 3.18.124

Refreshed all patches.

Compile-tested: adm5120
Runtime-tested: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agodnsmasq: bump to v2.80rc1
Kevin Darbyshire-Bryant [Tue, 16 Oct 2018 07:32:54 +0000 (08:32 +0100)]
dnsmasq: bump to v2.80rc1

53792c9 fix typo
df07182 Update German translation.

Remove local patch 001-fix-typo which is a backport of the above 53792c9

There is no practical difference between our test8 release and this rc
release, but this does at least say 'release candidate'

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agodnsmasq: fix compile issue
Hans Dedecker [Mon, 15 Oct 2018 11:36:25 +0000 (13:36 +0200)]
dnsmasq: fix compile issue

Fix compile issue in case HAVE_BROKEN_RTC is enabled

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoramips: refresh mt7621 kernel config
Felix Fietkau [Mon, 15 Oct 2018 08:49:55 +0000 (10:49 +0200)]
ramips: refresh mt7621 kernel config

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agokernel: add CONFIG_CC_OPTIMIZE_FOR_* to the default config
Felix Fietkau [Mon, 15 Oct 2018 08:48:58 +0000 (10:48 +0200)]
kernel: add CONFIG_CC_OPTIMIZE_FOR_* to the default config

Avoid repeating them in the target config, they are overwritten by
top-level menuconfig anyway

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agowolfssl: update to version 3.15.3-stable
Daniel Golle [Mon, 1 Oct 2018 03:07:46 +0000 (05:07 +0200)]
wolfssl: update to version 3.15.3-stable

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
6 years agomt76: move mt76x2e firmware to kmod-mt76x2-common and use it for mt76x2u
Felix Fietkau [Sun, 14 Oct 2018 16:46:32 +0000 (18:46 +0200)]
mt76: move mt76x2e firmware to kmod-mt76x2-common and use it for mt76x2u

USB and PCIe devices can run the same firmware

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agotools: patch: Fix build by not modifing Makefile.am
Hauke Mehrtens [Sun, 14 Oct 2018 14:42:45 +0000 (16:42 +0200)]
tools: patch: Fix build by not modifing Makefile.am

A new test case was adding in one of the patches fixing a problem, this
also included a change in the test/Makefile.am to add this test case.
The build system detected a change in the Makefile.am and wants to
regenerate the Makefile.in, but this fails because automake-1.15 is not
installed yet. As automake depends on patch being build first, make sure
we do not modify the Makefile.am.

This fixes build problem seen by the build bots.

Fixes: 4797dddfde6 ("patch: apply upstream cve fixes")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agotools: patch: make patch build depend on automake
Hauke Mehrtens [Sun, 14 Oct 2018 13:25:37 +0000 (15:25 +0200)]
tools: patch: make patch build depend on automake

The Makefile.am changed and now patch wants to use automake to
regenerate the Makefile.in. Make sure automake was build before we build
patch.

This fixes build problem seen by the build bots.
Fixes: 4797dddfde6 ("patch: apply upstream cve fixes")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agopatch: apply upstream cve fixes
Russell Senior [Sun, 14 Oct 2018 09:34:32 +0000 (02:34 -0700)]
patch: apply upstream cve fixes

Apply two upstream patches to address two CVEs:

 * CVE-2018-1000156
 * CVE-2018-6952

Add PKG_CPE_ID to Makefile.

Build tested on apm821xx and ar71xx.

Signed-off-by: Russell Senior <russell@personaltelco.net>
6 years agohostapd: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise)
Hauke Mehrtens [Tue, 9 Oct 2018 20:50:50 +0000 (22:50 +0200)]
hostapd: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise)

This adds support for the WPA3-Enterprise mode authentication.

The settings for the WPA3-Enterpriese mode are defined in
WPA3_Specification_v1.0.pdf. This mode also requires ieee80211w and
guarantees at least 192 bit of security.

This does not increase the ipkg size by a significant size.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agohostapd: Activate Opportunistic Wireless Encryption (OWE)
Hauke Mehrtens [Thu, 4 Oct 2018 20:45:06 +0000 (22:45 +0200)]
hostapd: Activate Opportunistic Wireless Encryption (OWE)

OWE is defined in RFC 8110 and provides encryption and forward security
for open networks.

This is based on the requirements in the Wifi alliance document
Opportunistic_Wireless_Encryption_Specification_v1.0_0.pdf
The wifi alliance requires ieee80211w for the OWE mode.
This also makes it possible to configure the OWE transission mode which
allows it operate an open and an OWE BSSID in parallel and the client
should only show one network.

This increases the ipkg size by 5.800 Bytes.
Old: 402.541 Bytes
New: 408.341 Bytes

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agohostapd: Activate Simultaneous Authentication of Equals (SAE)
Hauke Mehrtens [Wed, 3 Oct 2018 21:33:51 +0000 (23:33 +0200)]
hostapd: Activate Simultaneous Authentication of Equals (SAE)

This build the full openssl and wolfssl versions with SAE support which
is the main part of WPA3 PSK.

This needs elliptic curve cryptography which is only provided by these
two external cryptographic libraries and not by the internal
implementation.

The WPA3_Specification_v1.0.pdf file says that in SAE only mode
Protected Management Frames (PMF) is required, in mixed mode with
WPA2-PSK PMF should be required for clients using SAE, and optional for
clients using WPA2-PSK. The defaults are set now accordingly.

This increases the ipkg size by 8.515 Bytes.
Old: 394.026 Bytes
New: 402.541 Bytes

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agohostapd: SAE: Do not ignore option sae_require_mfp
Hauke Mehrtens [Wed, 10 Oct 2018 21:36:15 +0000 (23:36 +0200)]
hostapd: SAE: Do not ignore option sae_require_mfp

This patch was send for integration into the hostapd project.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agohostapd: backport build fix when OWE is activated
Hauke Mehrtens [Wed, 3 Oct 2018 18:56:41 +0000 (20:56 +0200)]
hostapd: backport build fix when OWE is activated

This backports a compile fix form the hostapd project.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agohostapd: sync config with default configuration
Hauke Mehrtens [Tue, 2 Oct 2018 22:05:11 +0000 (00:05 +0200)]
hostapd: sync config with default configuration

This replaces the configuration files with the versions from the hostapd
project and the adaptions done by OpenWrt.

The resulting binaries should be the same.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agonetifd: update to latest git HEAD
Hauke Mehrtens [Sun, 14 Oct 2018 11:51:58 +0000 (13:51 +0200)]
netifd: update to latest git HEAD

22476ff wireless: Add Simultaneous Authentication of Equals (SAE)
c6c3a0d wireless: Add Opportunistic Wireless Encryption (OWE)
a117e41 wireless: Add WPA-EAP-SUITE-B-192 (WPA3-Enterprise)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agouqmi: fix variable initilization for timeout handling
Florian Eckert [Thu, 11 Oct 2018 14:30:55 +0000 (16:30 +0200)]
uqmi: fix variable initilization for timeout handling

Also add logging output for SIM initilization.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
6 years agomac80211: fix A-MSDU packet handling with TCP retransmission
Felix Fietkau [Thu, 11 Oct 2018 13:16:28 +0000 (15:16 +0200)]
mac80211: fix A-MSDU packet handling with TCP retransmission

Improves local TCP throughput and fixes use-after-free bugs that could lead
to crashes.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agobcm53xx: add pending pinctrl driver
Rafał Miłecki [Thu, 11 Oct 2018 11:55:57 +0000 (13:55 +0200)]
bcm53xx: add pending pinctrl driver

It's required to support devices using adjustable SoC pins for some
specific purpose (e.g. I2C, PWM, UART1).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 years agoath10k-ct: Update to 29-09-2018
Robert Marko [Tue, 9 Oct 2018 13:05:56 +0000 (15:05 +0200)]
ath10k-ct: Update to 29-09-2018

Update ath10k-ct to be able to drop 210-ath10k-fix-recent-bandwidth-conversion-bug.patch
as its upstream.

b9989fbd5d6e ath10k-ct: Add upstream patch to fix peer rate reporting.
ac9224344dbf ath10k-ct: Support sending custom frames with no-ack flag.
bc938bc2021e ath10k-ct: Support sending pkts with specific rate on 10.4 firmware.

Runtime tested on:
- GL-iNet GL-B1300
- Mikrotik RB912 + QCA9882

Signed-off-by: Robert Marko <robimarko@gmail.com>
[Added list of all changes from previous version + add own test device]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agouqmi: update PKG_RELEASE version
Florian Eckert [Tue, 9 Oct 2018 09:32:36 +0000 (11:32 +0200)]
uqmi: update PKG_RELEASE version

update PKG_RELEASE

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
6 years agouqmi: stop proto handler if verify pin count is not 3
Florian Eckert [Thu, 12 Apr 2018 08:31:29 +0000 (10:31 +0200)]
uqmi: stop proto handler if verify pin count is not 3

Check pin count value from pin status and stop verification the pin if
the value is less then 3. This should prevent the proto-handler to
lock the SIM. If SIM is locked then the PUK is needed.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
6 years agouqmi: evaluate pin-status output in qmi_setup function
Florian Eckert [Tue, 10 Apr 2018 10:55:11 +0000 (12:55 +0200)]
uqmi: evaluate pin-status output in qmi_setup function

Load the json output from uqmi --get-pin-status command and evaluate the
"pin1_status" value.

The following uqmi "pin1_status" values are evaluated:

- disabled
  Do not verify PIN because SIM verification is disabled on this SIM

- blocked
  Stop qmi_setup because SIM is locked and a PUK is required

- not_verified
  SIM is not yet verified. Do a uqmi --verify-pin1 command if a SIM is
  specified

- verified:
  Do not verify the PIN because this was already done before

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
6 years agouqmi: do not block proto handler if SIM is uninitialized
Florian Eckert [Tue, 10 Apr 2018 13:56:24 +0000 (15:56 +0200)]
uqmi: do not block proto handler if SIM is uninitialized

QMI proto setup-handler will wait forever if SIM does not get initialized.
To fix this stop polling pin status and notify netifd. Netifd will generate
then a "ifup-failed" ACTION.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
6 years agouqmi: do not block proto handler if modem is unable to registrate
Florian Eckert [Thu, 12 Apr 2018 11:20:49 +0000 (13:20 +0200)]
uqmi: do not block proto handler if modem is unable to registrate

QMI proto setup-handler will wait forever if it is unable to registrate to
the mobile network. To fix this stop polling network registration status
and notify netifd. Netifd will generate then a "ifup-failed" ACTION.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
6 years agouqmi: add timeout option value
Florian Eckert [Thu, 12 Apr 2018 11:29:34 +0000 (13:29 +0200)]
uqmi: add timeout option value

This value will be used for now during following situations:
* Ask the sim with the uqmi --get-pin-status command.
* Wait for network registration with the uqmi --get-serving-system command.

This two commands wait forever in a while loop. Add a timeout to stop
waiting and so inform netifd.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
6 years agouqmi: redirect uqmi commands output to /dev/null
Florian Eckert [Thu, 12 Apr 2018 11:10:33 +0000 (13:10 +0200)]
uqmi: redirect uqmi commands output to /dev/null

Move uqmi std and error output on commands without using them to /dev/null.
This will remove useless outputs in the syslog.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
6 years agouqmi: fix indenting
Florian Eckert [Tue, 10 Apr 2018 14:29:05 +0000 (16:29 +0200)]
uqmi: fix indenting

fix indenting

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
6 years agobcm53xx: replace SPI revert with a fix sent upstream
Rafał Miłecki [Thu, 11 Oct 2018 08:01:45 +0000 (10:01 +0200)]
bcm53xx: replace SPI revert with a fix sent upstream

Instead of reverting whole commit it's enough to just revert a single
line change. It seems the real problem with the regressing commit was a
bump of read chunk size. Switching back to 256 B chunks is enough to fix
the problem/regression.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 years agoprocd: update to latest git HEAD
John Crispin [Thu, 11 Oct 2018 06:42:24 +0000 (08:42 +0200)]
procd: update to latest git HEAD

94944ab procd: Add cpu string to board detection

Signed-off-by: John Crispin <john@phrozen.org>
6 years agopackage/: fix $(PROJECT_GIT) usage
John Crispin [Thu, 11 Oct 2018 06:37:59 +0000 (08:37 +0200)]
package/: fix $(PROJECT_GIT) usage

Signed-off-by: John Crispin <john@phrozen.org>
6 years agoprocd: Install hotplug files as 600
Rosen Penev [Wed, 19 Sep 2018 19:03:32 +0000 (12:03 -0700)]
procd: Install hotplug files as 600

procd runs as root, so it only makes sense that its files are restricted.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agolinux-atm: Install hotplug file as 600
Rosen Penev [Wed, 19 Sep 2018 19:03:31 +0000 (12:03 -0700)]
linux-atm: Install hotplug file as 600

The hotplug files is only used by procd, which runs as root.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agocomgt: Install hotplug and netifd files as 600
Rosen Penev [Wed, 19 Sep 2018 19:03:30 +0000 (12:03 -0700)]
comgt: Install hotplug and netifd files as 600

procd and netifd both run as root. These files are not used elsewhere.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agosamba36: Install several config files as 600
Rosen Penev [Wed, 19 Sep 2018 19:03:29 +0000 (12:03 -0700)]
samba36: Install several config files as 600

Hotplug is managed by procd, which runs as root. The other files are used
by root as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agosoloscli: Install hotplug file as 600
Rosen Penev [Wed, 19 Sep 2018 19:03:28 +0000 (12:03 -0700)]
soloscli: Install hotplug file as 600

Hotplug is managed by procd, which runs as root.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agofirewall: Install config files as 600
Rosen Penev [Wed, 19 Sep 2018 19:03:26 +0000 (12:03 -0700)]
firewall: Install config files as 600

None of the files in firewall are used by non-root.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agompc85xx: remove kernel 4.9 support
Magnus Kroken [Fri, 5 Oct 2018 23:46:24 +0000 (01:46 +0200)]
mpc85xx: remove kernel 4.9 support

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
6 years agompc85xx: switch to kernel 4.14
Magnus Kroken [Fri, 5 Oct 2018 23:46:23 +0000 (01:46 +0200)]
mpc85xx: switch to kernel 4.14

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
6 years agompc85xx: add kernel 4.14 support
Magnus Kroken [Fri, 5 Oct 2018 23:46:22 +0000 (01:46 +0200)]
mpc85xx: add kernel 4.14 support

Based on patches previously submitted by Achim Gottinger:
http://lists.infradead.org/pipermail/openwrt-devel/2018-June/012719.html

Tested on TP-Link TL-WDR4900 v1.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
6 years agonetfilter: add missing dependency for kernel 4.14
Koen Vandeputte [Wed, 10 Oct 2018 15:31:40 +0000 (17:31 +0200)]
netfilter: add missing dependency for kernel 4.14

Since kernel 4.14.75 commit ("netfilter: xt_cluster: add dependency on conntrack module")
a dependency is required on kmod-nf-conntrack.

It seems this was already present for kmod-ipt-clusterip
but not yet for kmod-ipt-cluster

Add it fixing a build error when including kmod-ipt-cluster:

Package kmod-ipt-cluster is missing dependencies for the following libraries:
nf_conntrack.ko
modules/netfilter.mk:665: recipe for target '/mnt/ramdisk/koen/firmware/builds/openwrt/bin/targets/cns3xxx/generic/packages/kmod-ipt-cluster_4.14.75-1_arm_mpcore_vfp.ipk' failed
make[3]: *** [/mnt/ramdisk/koen/firmware/builds/openwrt/bin/targets/cns3xxx/generic/packages/kmod-ipt-cluster_4.14.75-1_arm_mpcore_vfp.ipk] Error 1
make[3]: Leaving directory '/mnt/ramdisk/koen/firmware/builds/openwrt/package/kernel/linux'
Command exited with non-zero status 2
time: package/kernel/linux/compile#1.80#0.05#2.07
package/Makefile:107: recipe for target 'package/kernel/linux/compile' failed
make[2]: *** [package/kernel/linux/compile] Error 2
make[2]: Leaving directory '/mnt/ramdisk/koen/firmware/builds/openwrt'
package/Makefile:103: recipe for target '/mnt/ramdisk/koen/firmware/builds/openwrt/staging_dir/target-arm_mpcore+vfp_musl_eabi/stamp/.package_compile' failed
make[1]: *** [/mnt/ramdisk/koen/firmware/builds/openwrt/staging_dir/target-arm_mpcore+vfp_musl_eabi/stamp/.package_compile] Error 2
make[1]: Leaving directory '/mnt/ramdisk/koen/firmware/builds/openwrt'
/mnt/ramdisk/koen/firmware/builds/openwrt/include/toplevel.mk:216: recipe for target 'world' failed
make: *** [world] Error 2

Fixes: f983956a8b72 ("kernel: bump 4.14 to 4.14.75")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.14.75&id=b969656b46626a674232c0eadf92a394b89df07c

6 years agoar71xx: remove linux 4.9 support
Koen Vandeputte [Wed, 10 Oct 2018 09:42:42 +0000 (11:42 +0200)]
ar71xx: remove linux 4.9 support

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agoar71xx: switch to kernel 4.14
Koen Vandeputte [Thu, 30 Aug 2018 17:10:05 +0000 (19:10 +0200)]
ar71xx: switch to kernel 4.14

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 4.14 to 4.14.75
Koen Vandeputte [Wed, 10 Oct 2018 10:41:32 +0000 (12:41 +0200)]
kernel: bump 4.14 to 4.14.75

Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 4.9 to 4.9.132
Koen Vandeputte [Wed, 10 Oct 2018 09:36:49 +0000 (11:36 +0200)]
kernel: bump 4.9 to 4.9.132

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: enable memory compaction
Felix Fietkau [Tue, 9 Oct 2018 11:22:46 +0000 (13:22 +0200)]
kernel: enable memory compaction

Compaction is the only memory management component to form high order (larger
physically contiguous) memory blocks reliably. The page allocator relies on
compaction heavily and the lack of the feature can lead to unexpected OOM
killer invocations for high order memory requests. You shouldn't disable this
option unless there really is a strong reason for it.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
6 years agomt76: fix typo in kmod-mt76x0u package description
Felix Fietkau [Mon, 8 Oct 2018 11:48:32 +0000 (13:48 +0200)]
mt76: fix typo in kmod-mt76x0u package description

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agokernel: support gcc-optimized inlining on all architectures
Felix Fietkau [Thu, 25 Jan 2018 13:01:34 +0000 (14:01 +0100)]
kernel: support gcc-optimized inlining on all architectures

Optimized inlining was disabled by default when gcc 4 was still
relatively new. By now, all gcc versions handle this well and there
seems to be no real reason to keep it x86-only.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agodnsmasq: add dhcp-ignore-names support - CERT VU#598349
Kevin Darbyshire-Bryant [Mon, 8 Oct 2018 19:40:36 +0000 (20:40 +0100)]
dnsmasq: add dhcp-ignore-names support - CERT VU#598349

dnsmasq v2.80test8 adds the ability to ignore dhcp client's requests for
specific hostnames.  Clients claiming certain hostnames and thus
claiming DNS namespace represent a potential security risk. e.g. a
malicious host could claim 'wpad' for itself and redirect other web
client requests to it for nefarious purpose. See CERT VU#598349 for more
details.

Some Samsung TVs are claiming the hostname 'localhost', it is believed
not (yet) for nefarious purposes.

/usr/share/dnsmasq/dhcpbogushostname.conf contains a list of hostnames
in correct syntax to be excluded. e.g.

dhcp-name-match=set:dhcp_bogus_hostname,localhost

Inclusion of this file is controlled by uci option dhcpbogushostname
which is enabled by default.

To be absolutely clear, DHCP leases to these requesting hosts are still
permitted, but they do NOT get to claim ownership of the hostname
itself and hence put into DNS for other hosts to be confused/manipulate by.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agowireguard: bump to 0.0.20181007
Kevin Darbyshire-Bryant [Tue, 9 Oct 2018 08:03:59 +0000 (09:03 +0100)]
wireguard: bump to 0.0.20181007

64750c1 version: bump snapshot
f11a2b8 global: style nits
4b34b6a crypto: clean up remaining .h->.c
06d9fc8 allowedips: document additional nobs
c32b5f9 makefile: do more generic wildcard so as to avoid rename issues
20f48d8 crypto: use BIT(i) & bitmap instead of (bitmap >> i) & 1
b6e09f6 crypto: disable broken implementations in selftests
fd50f77 compat: clang cannot handle __builtin_constant_p
bddaca7 compat: make asm/simd.h conditional on its existence
b4ba33e compat: account for ancient ARM assembler

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agoe2fsprogs: fix glibc compile issue (FS#1749,FS#1796)
Hans Dedecker [Mon, 8 Oct 2018 14:57:01 +0000 (16:57 +0200)]
e2fsprogs: fix glibc compile issue (FS#1749,FS#1796)

Fixes the following build error:

.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_post’
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_wait'
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_init’
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_destroy’

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoRevert "kernel: add a RPS balancer"
Stijn Tintel [Sun, 7 Oct 2018 10:25:09 +0000 (13:25 +0300)]
Revert "kernel: add a RPS balancer"

This reverts commit 7af1fb9faafbc842fc727c49108f5fc4edc08601.

With the RPS balancer patch, both my APU2s are crashing, sometimes just
after a few minutes of uptime.

[ 6241.170132] BUG: unable to handle kernel paging request at ffffffffa20a75a8
[ 6241.177248] IP: get_rps_cpu+0x41c/0x440
[ 6241.181140] PGD 2012067 P4D 2012067 PUD 2013063 PMD 0
[ 6241.186370] Oops: 0000 [#1] SMP NOPTI
[ 6241.190080] Modules linked in: pppoe ppp_async pptp pppox ppp_mppe ppp_generic nf_nat_pptp nf_flow_table_ipv6 nf_flow_table_ipv4 nf_flow_table_inet nf_conntrack_pptp lzo iptable_nat ipt_REJECT ipt_MASQUERADE ftdi_sio xt_time xt_tcpudp xt_tcpmss xt_string xt_statistic xt_state xt_recent xt_quota xt_policy xt_pkttype xt_owner xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_esp xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_bpf xt_addrtype xt_TCPMSS xt_REDIRECT xt_NFQUEUE xt_LOG xt_HL xt_FLOWOFFLOAD xt_DSCP xt_CT xt_CLASSIFY wireguard usbserial ts_fsm ts_bm spidev slhc rfcomm nft_set_rbtree nft_set_hash nft_reject_ipv6 nft_reject_ipv4 nft_reject_inet nft_reject nft_redir_ipv4 nft_redir nft_quota nft_numgen nft_nat nft_meta nft_masq_ipv4 nft_masq
[ 6241.261735]  nft_log nft_limit nft_flow_offload nft_exthdr nft_ct nft_counter nft_chain_route_ipv6 nft_chain_route_ipv4 nft_chain_nat_ipv4 nfnetlink_queue nf_tables_ipv6 nf_tables_ipv4 nf_tables_inet nf_tables nf_reject_ipv4 nf_nat_tftp nf_nat_snmp_basic nf_nat_sip nf_nat_redirect nf_nat_proto_gre nf_nat_masquerade_ipv6 nf_nat_masquerade_ipv4 nf_nat_irc nf_conntrack_ipv6 nf_nat_ipv6 nf_conntrack_ipv4 nf_nat_ipv4 nf_nat_h323 nf_nat_ftp nf_nat_amanda nf_nat nf_log_ipv4 nf_flow_table_hw nf_flow_table nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_tftp nf_conntrack_snmp nf_conntrack_sip nf_conntrack_rtcache nf_conntrack_proto_gre nf_conntrack_netlink nf_conntrack_irc nf_conntrack_h323 nf_conntrack_ftp nf_conntrack_broadcast ts_kmp nf_conntrack_amanda macvlan lzo_decompress lzo_compress libcrc32c kvm irqbypass
[ 6241.333427]  iptable_raw iptable_mangle iptable_filter ipt_ah ipt_ECN ip_tables hidp hci_uart crc_ccitt cdc_acm btusb btintel br_netfilter bnep bluetooth sch_cake tcp_bbr sch_teql em_nbyte sch_codel sch_prio sch_pie act_ipt em_meta sch_gred sch_dsmark cls_basic em_cmp em_text act_police sch_sfq sch_fq sch_multiq sch_red act_connmark nf_conntrack act_skbedit act_mirred em_u32 cls_u32 cls_tcindex cls_flow cls_route cls_fw sch_tbf sch_htb sch_hfsc sch_ingress configs evdev i2c_piix4 kfifo_buf industrialio i2c_dev xt_set ip_set_list_set ip_set_hash_netiface ip_set_hash_netport ip_set_hash_netnet ip_set_hash_net ip_set_hash_netportnet ip_set_hash_mac ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_hash_ipport ip_set_hash_ipmark ip_set_hash_ip ip_set_bitmap_port ip_set_bitmap_ipmac ip_set_bitmap_ip ip_set
[ 6241.405252]  nfnetlink ip6t_REJECT nf_reject_ipv6 nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables x_tables ip_gre gre igb i2c_algo_bit ifb ip6_vti ip_vti sit l2tp_netlink l2tp_core ipcomp6 xfrm6_tunnel xfrm6_mode_tunnel xfrm6_mode_transport xfrm6_mode_beet esp6 ah6 ipcomp xfrm4_tunnel xfrm4_mode_tunnel xfrm4_mode_transport xfrm4_mode_beet esp4 ah4 ip6_tunnel tunnel6 tunnel4 ip_tunnel veth snd_compress snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_rawmidi snd_seq_device snd_hwdep snd soundcore mpls_gso mpls_iptunnel mpls_router af_key xfrm_user xfrm_ipcomp xfrm_algo br2684 atm regmap_mmio vxlan udp_tunnel ip6_udp_tunnel ecdh_generic sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 seqiv jitterentropy_rng drbg md5 kpp ccp_crypto rsa_generic mpi asn1_decoder akcipher ccp sha256_generic
[ 6241.477726]  sha1_generic hmac ghash_generic gcm echainiv des_generic deflate zlib_deflate ctr cmac ccm cbc authenc crypto_acompress sdhci_pltfm pf_ring sp5100_tco leds_apu2 gpio_nct5104d button_hotplug ptp pps_core
[ 6241.497122] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 4.14.73 #0
[ 6241.503198] Hardware name: PC Engines apu2/apu2, BIOS v4.8.0.2 20180705
[ 6241.509858] task: ffff88012a0d8000 task.stack: ffffc90000070000
[ 6241.515841] RIP: 0010:get_rps_cpu+0x41c/0x440
[ 6241.520246] RSP: 0018:ffff88012ed83db0 EFLAGS: 00010286
[ 6241.525511] RAX: 00000000ffffffff RBX: 0000000000011ae8 RCX: 0000000000000001
[ 6241.532737] RDX: 00000000ffffffff RSI: ffff88012a0d8788 RDI: 0000000000000282
[ 6241.539956] RBP: ffff88012ed83e00 R08: 0000000000000001 R09: 0000000000000000
[ 6241.547183] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82dae2e0
[ 6241.554403] R13: ffff880124de4480 R14: 0000000000000000 R15: ffff880128120000
[ 6241.561625] FS:  0000000000000000(0000) GS:ffff88012ed80000(0000) knlGS:0000000000000000
[ 6241.569820] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 6241.575651] CR2: ffffffffa20a75a8 CR3: 00000001251da000 CR4: 00000000000406e0
[ 6241.582830] Call Trace:
[ 6241.585322]  <IRQ>
[ 6241.587372]  ? lock_acquire+0x59/0x80
[ 6241.591102]  netif_receive_skb_internal+0x1e4/0x2d0
[ 6241.596037]  napi_gro_receive+0x48/0x90
[ 6241.599948]  igb_alloc_rx_buffers+0xc97/0x1b60 [igb]
[ 6241.604981]  ? note_gp_changes+0x76/0xc0
[ 6241.608963]  net_rx_action+0x10c/0x280
[ 6241.612752]  __do_softirq+0xf0/0x22d
[ 6241.616375]  irq_exit+0x5e/0xa0
[ 6241.619573]  do_IRQ+0xee/0x110
[ 6241.622682]  common_interrupt+0x8b/0x8b
[ 6241.626556]  </IRQ>
[ 6241.628699] RIP: 0010:native_safe_halt+0x6/0x10
[ 6241.633260] RSP: 0018:ffffc90000073e10 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff3d
[ 6241.640910] RAX: ffff88012a0d8000 RBX: ffff88012a190c00 RCX: 0000000000000000
[ 6241.648110] RDX: ffff88012a0d8000 RSI: 0000000000000001 RDI: ffff88012a0d8000
[ 6241.655354] RBP: ffffc90000073e10 R08: 0000000000000006 R09: 0000000000000000
[ 6241.662554] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88012a190c64
[ 6241.669791] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000001
[ 6241.676986]  acpi_safe_halt.part.9+0xe/0x20
[ 6241.681226]  acpi_idle_do_entry+0x2c/0x40
[ 6241.685325]  acpi_idle_enter+0x1ee/0x2b0
[ 6241.689298]  ? sched_clock+0x9/0x10
[ 6241.692839]  cpuidle_enter_state+0x1f2/0x230
[ 6241.697162]  cpuidle_enter+0x12/0x20
[ 6241.700803]  call_cpuidle+0x38/0x40
[ 6241.704335]  do_idle+0xed/0x160
[ 6241.707557]  cpu_startup_entry+0x6e/0x70
[ 6241.711557]  start_secondary+0x1b4/0x1d0
[ 6241.715536]  secondary_startup_64+0xa5/0xb0
[ 6241.719777] Code: d4 48 8d 04 9b 48 8b 35 53 a7 ac 00 48 8d 1c 43 48 83 c6 64 48 c1 e3 03 48 8d bb e8 e2 da 82 e8 cb a9 ba ff 41 8b 14 1c 48 89 d0 <48> 0f a3 15 dc dc b6 00 0f 83 46 fc ff ff 48 83 c4 28 5b 41 5c
[ 6241.739100] RIP: get_rps_cpu+0x41c/0x440 RSP: ffff88012ed83db0
[ 6241.744993] CR2: ffffffffa20a75a8
[ 6241.748373] ---[ end trace 77367d9f9830d5bc ]---

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
6 years agosunxi: add support for Orange Pi Zero
Julian Haupt [Sun, 30 Sep 2018 14:42:03 +0000 (14:42 +0000)]
sunxi: add support for Orange Pi Zero

Signed-off-by: Julian Haupt <julian.haupt@hauptmedia.de>
6 years agoimage: ignore usign build errors
Hauke Mehrtens [Tue, 2 Oct 2018 20:43:58 +0000 (22:43 +0200)]
image: ignore usign build errors

The tl-wa850re-v2 images from the ar71xx/tiny target are getting too big
with the default packages. The size check is done before the meta data
is added so there is no file to add meta data to or to sign. Originally
errors in Build/append-metadata were getting ignored, but if the signing
fails the error is not ignored.
This adds a check if the file to be signed is there and only does the
signing if it is there. This way it does not fail if the package
creation was already aborted earlier.

Fixes: 848b455d2e94 ("image: use ucert to append signature")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agofstools: filter unknown action in mount.hotplug script
Rosy Song [Sun, 23 Sep 2018 01:57:29 +0000 (09:57 +0800)]
fstools: filter unknown action in mount.hotplug script

Signed-off-by: Rosy Song <rosysong@rosinson.com>
6 years agobusybox: fix IPv6 dependency
Hans Dedecker [Sun, 7 Oct 2018 18:37:47 +0000 (20:37 +0200)]
busybox: fix IPv6 dependency

Commit 9f0cb135dd made BUSYBOX_CONFIG_FEATURE_IPV6 dependant on IPV6 but
did not make its default value BUSYBOX_DEFAULT_FEATURE_IPV6 dependant
on IPV6. BUSYBOX_DEFAULT_FEATURE_IPV6 will have as default value y if
IPV6 is enabled otherwise n.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agodnsmasq: bump to v2.80test8
Kevin Darbyshire-Bryant [Sun, 7 Oct 2018 07:25:08 +0000 (08:25 +0100)]
dnsmasq: bump to v2.80test8

e1791f3 Fix logging of DNSSEC queries in TCP mode. Destination server address was misleading.
0fdf3c1 Fix dhcp-match-name to match hostname, not complete FQDN.
ee1df06 Tweak strategy for confirming SLAAC addresses.
1e87eba Clarify manpage for --auth-sec-servers
0893347 Make interface spec optional in --auth-server.
7cbf497 Example config file fix for CERT Vulnerability VU#598349.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agonghttp2: bump to 1.34.0
Hans Dedecker [Sun, 7 Oct 2018 15:35:06 +0000 (17:35 +0200)]
nghttp2: bump to 1.34.0

2b085815 (tag: v1.34.0) Update manual pages
986fa302 Bump up version number to 1.34.0, LT revision to 31:1:17
7c8cb3a0 nghttpx: Improve CONNECT response status handling
334c439c Fix bug that regular CONNECT does not work
6700626c Rule out content-length in the successful response to CONNECT
15162add Update manual pages
93270777 Merge pull request #1235 from nghttp2/backend-conn-timeout
aeb92bbb nghttpx: Add read/write-timeout parameters to backend option
fc7489e0 nghttpx: Fix mruby parameter validation
87ac872f nghttpx: Update doc
c278adde nghttpx: Log error when mruby file cannot be opened
f94d7209 Merge pull request #1234 from nghttp2/nghttpx-rfc8441
9b9baa6b Update doc
02566ee3 nghttpx: Update doc
3002f31b src: Add debug output for SETTINGS_ENABLE_CONNECT_PROTOCOL
d2a594a7 nghttpx: Implement RFC 8441 Bootstrapping WebSocket with HTTP/2
651e1477 Allow client sending :protocol optimistically
a42faf1c nghttpx: Write TLS alert during handshake
4aac05e1 Merge pull request #1231 from nghttp2/ws-lib-only
b80dfaa8 Adjustment for RFC 8441
a19d8f5d Deal with :protocol pseudo header
33f6e90a Add NGHTTP2_TOKEN__PROTOCOL
ed7fabcb Add SETTINGS_ENABLE_CONNECT_PROTOCOL
8753b6da Update doc
f2de733b Update neverbleed to fix OpenSSL 1.1.1 issues
88ff8c69 Update mruby 1.4.1
a63558a1 nghttpx: Call OCSP_response_get1_basic only when OCSP status is successful
3575a132 nghttpx: Fix crash with plain text HTTP
e2de2fee Update bash_completion
9f415979 Update manual pages
4bfc0cd1 Merge pull request #1230 from nghttp2/nghttpx-faster-logging
9c824b87 nghttpx: Get rid of std::stringstream from Log
a1ea1696 Make VALID_HD_NAME_CHARS and VALID_HD_VALUE_CHARS const qualified
dfc0f248 Make static_table const qualified
ed7c9db2 nghttpx: Add mruby env.tls_handshake_finished
5b42815a nghttpx: Strip incoming Early-Data header field by default
cfe7fa9a nghttpx: Add --tls13-ciphers and --tls-client-ciphers options
cb8a9d58 src: Remove TLSv1.3 ciphers from DEFAULT_CIPHER_LIST
023b9448 Merge branch 'tls13-early-data'
9b03c64f nghttpx: Should postpone early data by default
b8eccec6 nghttpx: Disable OpenSSL anti-replay
9f212587 Specify SSL_CTX_set_max_early_data and add an option to change max value
47f60124 nghttpx: Add an option to postpone early data processing
770e44de Implement draft-ietf-httpbis-replay-02
2ab319c1 Don't hide error code from openssl
39923024 Remove SSL_ERROR_WANT_WRITE handling
b30f312a Honor SSL_read semantics
c5cdb78a nghttpx: Add TLSv1.3 0-RTT early data support
f79a5812 Bump up version number to 1.34.0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoath79: add Fritz!Box 4020 switchconfig
David Bauer [Sun, 7 Oct 2018 15:09:48 +0000 (17:09 +0200)]
ath79: add Fritz!Box 4020 switchconfig

In contrast to ar71xx, uci switchconfig is missing in the ath79 target.

Signed-off-by: David Bauer <mail@david-bauer.net>
6 years agoiperf: fix --daemon option
Rafał Miłecki [Sun, 7 Oct 2018 12:17:50 +0000 (14:17 +0200)]
iperf: fix --daemon option

Support for -D got broken in the 2.0.11 release by the upstream commit
218d8c667944 ("first pass L2 mode w/UDP checks, v4 only"). After that
commit clients were still able to connect but no traffic was passed.
It was reported and is fixed now in the upstream git repository.

Backport two patches to fix this. The first one is just a requirement
for the later to apply. The second one is the real fix and it needed
only a small adjustment to apply without backporing the commit
10887b59c7e7 ("fix --txstart-time report messages").

Fixes: 457e6d5a27be ("iperf: bump to 2.0.12")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 years agoath79: add support for TP-Link TL-WA901ND v2
David Bauer [Sun, 7 Oct 2018 13:13:31 +0000 (15:13 +0200)]
ath79: add support for TP-Link TL-WA901ND v2

This commit adds support for the TP-Link TL-WR901ND v2 access point.

CPU:   Atheros AR9132 400MHz
RAM:   32MB
FLASH: 4MiB
WiFi:  Atheros AR9103 3x3:2 bgn
LED:   Power (static on)
       LAN (controlled by PHY)
       SYS, WiFi, QSS toggleable
BTN:   Reset, QSS

Installation:
Upload the factory image via the vendor-GUI.

Signed-off-by: David Bauer <mail@david-bauer.net>
6 years agoath79: add support for Buffalo WZR-HP-G302H A1A0
INAGAKI Hiroshi [Tue, 2 Oct 2018 13:28:45 +0000 (22:28 +0900)]
ath79: add support for Buffalo WZR-HP-G302H A1A0

Buffalo WZR-HP-G302H is a 2T2R 2.4 GHz 11n router, based on Atheros
AR7242.

It is Japanese market model of WZR-HP-G300NH2, but there are some
diffrences. This commit is based on WZR-HP-G300NH2 in ar71xx.
And, G302H has several hardware versions and hardware is different
dependent on the versions. This commit adds support for "A1A0"
version.

Specification:

- Atheros AR7242
- 64 MB of RAM (DDR2)
- 32 MB of Flash
  - 2x 16 MB SPI-NOR flash
- 2.4 GHz 2T2R wifi
  - Atheros AR9283
- 5x 10/100/1000 Mbps Ethernet
  - Atheros AR8316
- 7x LEDs, 5x keys
  - LED: 1x gpio-leds, 6x ath9k-leds
  - key: 3x buttons, 2x slide switches
- UART header on PCB
  - Vcc, GND, TX, RX from ethernet port side
  - 115200n8

Flash instruction using factory image:

1. Boot WZR-HP-G302H normaly and connect the computer to its LAN port
2. Access to "http://192.168.11.1/" and move to firmware update page
("ファーム更新")
3. Select the OpenWrt factory image and click update ("更新実行")
button to perform firmware update
4. Wait ~200 seconds to complete flashing

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
6 years agoath79: add hwver parameter to buffalo-tag
INAGAKI Hiroshi [Sun, 7 Oct 2018 11:37:42 +0000 (20:37 +0900)]
ath79: add hwver parameter to buffalo-tag

In order to be able to set the value of "hardware version" other than
"3", I added the "hwver" parameter.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
6 years agoath79: Add support for TP-Link TL-WR842N-v2
Robert Marko [Sun, 7 Oct 2018 10:21:45 +0000 (12:21 +0200)]
ath79: Add support for TP-Link TL-WR842N-v2

This PR adds support for TP-Link TL-WR842N-v2 router which is supported by ar71xx to ath79.

This is a low cost model with following specs:

CPU: Atheros AR9341 SoC
RAM: 32 MB DDR1
Flash: 8 MB NOR SPI
Switch: Internal AR9341 5 port 10/100 Mbit
Ports:  5x 10/100 Mbit(1x WAN, 4x LAN)
USB: 1x USB2.0
WLAN: 2.4 GHZ AR9341

Installation:

Simply flash the factory image through stock firmware WEB UI.

Signed-off-by: Robert Marko <robimarko@gmail.com>
6 years agoipq40xx: Create /var/lock directory in platform_do_upgrade_*
Sven Eckelmann [Mon, 1 Oct 2018 09:48:04 +0000 (11:48 +0200)]
ipq40xx: Create /var/lock directory in platform_do_upgrade_*

The sysupgrade_pre_upgrade hook was removed with 5e1b4c57ded7 ("base-files:
drop fwtool_pre_upgrade") while there were still scripts using it:

* target/linux/ar71xx/base-files/lib/upgrade/allnet.sh
* target/linux/ar71xx/base-files/lib/upgrade/openmesh.sh
* target/linux/ipq40xx/base-files/lib/upgrade/openmesh.sh

Not running the hooks can either prevent a successful upgrade or brick the
device because the fw_setenv program cannot be started correctly.

Instead of adding this hook again, the directory /var/lock for fw_setenv
can also just be created directly before fw_setenv is called.

Fixes: 5e1b4c57ded7 ("base-files: drop fwtool_pre_upgrade")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
6 years agoar71xx: Create /var/lock directory in platform_do_upgrade_*
Sven Eckelmann [Mon, 1 Oct 2018 09:48:04 +0000 (11:48 +0200)]
ar71xx: Create /var/lock directory in platform_do_upgrade_*

The sysupgrade_pre_upgrade hook was removed with 5e1b4c57ded7 ("base-files:
drop fwtool_pre_upgrade") while there were still scripts using it:

* target/linux/ar71xx/base-files/lib/upgrade/allnet.sh
* target/linux/ar71xx/base-files/lib/upgrade/openmesh.sh
* target/linux/ipq40xx/base-files/lib/upgrade/openmesh.sh

Not running the hooks can either prevent a successful upgrade or brick the
device because the fw_setenv program cannot be started correctly.

Instead of adding this hook again, the directory /var/lock for fw_setenv
can also just be created directly before fw_setenv is called.

Fixes: 5e1b4c57ded7 ("base-files: drop fwtool_pre_upgrade")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
6 years agoar71xx: Use sysupgrade's RAMFS_COPY_* for fw_(set|print)env
Sven Eckelmann [Mon, 1 Oct 2018 10:27:25 +0000 (12:27 +0200)]
ar71xx: Use sysupgrade's RAMFS_COPY_* for fw_(set|print)env

The install_bin from /lib/upgrade/common.sh is no longer creating the
symlinks when a secondary parameter is added. But the fw_setenv program was
always copied this way to the ramdisk for the upgrade.

Instead, this should be done using RAMFS_COPY_* like on all other
platforms.

Fixes: 438dcbfe74a6 ("base-files: automatically handle paths and symlinks for RAMFS_COPY_BIN")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
6 years agoath79: fix build warning
Mathias Kresin [Sun, 7 Oct 2018 13:33:35 +0000 (15:33 +0200)]
ath79: fix build warning

The image build code for the Ubiquiti Nanostation AC series adds the
factory image as to be build image. The same is already done by an
included recipe which results into an expanded IMAGE variable of:

  IMAGES = sysupgrade.bin factory.bin factory.bin

The build system doesn't like these duplicates and issues the following
warning:

  Makefile:82: warning: overriding recipe for target...

Get remove the duplicate factory image to get rid of the warning.

Fixes: 5736af8024be ("ath79: Add support for Ubiquiti NanoStation AC loco")
       fa3c2676ab0c ("ath79: Add support for Ubiquiti Nanostation AC")

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoodhcpd: update to latest git HEAD (FS#1853)
Hans Dedecker [Sun, 7 Oct 2018 13:04:49 +0000 (15:04 +0200)]
odhcpd: update to latest git HEAD (FS#1853)

57f639e (HEAD -> master, origin/master, origin/HEAD) odhcpd: make DHCPv6/RA/NDP support optional
402c274 dhcpv6: check return code of dhcpv6_ia_init()
ee7472a router: don't leak RA message in relay mode (FS#1853)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoiw: strip a few more non-essential features from iw-tiny
Felix Fietkau [Sun, 7 Oct 2018 08:48:31 +0000 (10:48 +0200)]
iw: strip a few more non-essential features from iw-tiny

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoiw: fix filtering linked object files for iw-tiny
Felix Fietkau [Sun, 7 Oct 2018 08:35:08 +0000 (10:35 +0200)]
iw: fix filtering linked object files for iw-tiny

It was broken by the recent commit that added iw-full

Signed-off-by: Felix Fietkau <nbd@nbd.name>