Christian Lamparter [Sat, 29 Dec 2018 12:41:35 +0000 (13:41 +0100)]
kernel: fix f2fs on big endian machines
The WD MyBook Live SquashFS images didn't work anymore due to
a upstream regression in f2fs commit:
0cfe75c5b01199
("f2fs: enhance sanity_check_raw_super() to avoid potential overflows")
that got backported to 4.14.86 and 4.9.144.
by Martin Blumenstingl:
|Treat "block_count" from struct f2fs_super_block as 64-bit little endian
|value in sanity_check_raw_super() because struct f2fs_super_block
|declares "block_count" as "__le64".
|
|This fixes a bug where the superblock validation fails on big endian
|devices with the following error:
| F2FS-fs (sda1): Wrong segment_count / block_count (61439 > 0)
| F2FS-fs (sda1): Can't find valid F2FS filesystem in 1th superblock
| F2FS-fs (sda1): Wrong segment_count / block_count (61439 > 0)
| F2FS-fs (sda1): Can't find valid F2FS filesystem in 2th superblock
|As result of this the partition cannot be mounted.
|
|With this patch applied the superblock validation works fine and the
|partition can be mounted again:
| F2FS-fs (sda1): Mounted with checkpoint version = 7c84
|
|My little endian x86-64 hardware was able to mount the partition without
|this fix.
|To confirm that mounting f2fs filesystems works on big endian machines
|again I tested this on a 32-bit MIPS big endian (lantiq) device.
Hopefully, this will do until Martin's patch moved through upstream
to -stable.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Hans Dedecker [Thu, 29 Nov 2018 20:44:16 +0000 (21:44 +0100)]
odhcpd: backport prefix filter/NETEV_ADDR6LIST_CHANGE event fixes
d404c7e netlink: fix triggering of NETEV_ADDR6LIST_CHANGE event
ae6cf80 config: correctly break string for prefix filter
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit
493c1d17663dbfdaf23304994e71280400493fc2)
Massimo Tum [Tue, 2 Oct 2018 14:19:24 +0000 (16:19 +0200)]
ath10k: update QCA4019 firmware
Update firmware for QCA4019 also for 18.06 branch.
https://github.com/openwrt/openwrt/pull/1138
Signed-off-by: Massimo Tum <masnia@tiscali.it>
Stijn Tintel [Tue, 4 Dec 2018 19:06:20 +0000 (21:06 +0200)]
brcm2708-gpu-fw: update to git HEAD
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit
42ca32ad2ffc2fcd22878173eba011962d369c50)
Rafał Miłecki [Thu, 27 Dec 2018 06:25:40 +0000 (07:25 +0100)]
bcm53xx: backport DTS changes queued for the 4.21
It just replaces some downstream patches & adds relicensing work.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
7a7d19abcfc56c5073931e81f481e2e1fdf774c2)
Rafał Miłecki [Thu, 27 Dec 2018 06:01:38 +0000 (07:01 +0100)]
bcm53xx: rename dts backport patches changing their prefixes
Start 03x with 030 instead of 035. It's a trivial change that adds more
place for further backports in the 03x space.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
a5d6f2eb76a549af9e5e186042ab6bf2371be725)
Rafał Miłecki [Tue, 25 Dec 2018 14:51:33 +0000 (15:51 +0100)]
bcm53xx: update pinctrl driver & use its new DT binding
Driver has been updated upstream to support more precise DT binding and
avoid mapping conflicts between pinctrl and USB 2.0 PHY.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
a28f6ab27f9ae1a08c6945013cdb796b12ce150d)
Hans Dedecker [Tue, 18 Dec 2018 18:40:31 +0000 (19:40 +0100)]
dropbear: fix dropbear startup issue
Interface triggers are installed by the dropbear init script in case an
interface is configured for a given dropbear uci section.
As dropbear is started after network the interface trigger event can be
missed during a small window; this is especially the case if lan is
specified as interface.
Fix this by starting dropbear before network so no interface trigger
is missed. As dropbear is started earlier than netifd add a boot function
to avoid the usage of network.sh functions as call to such functions will
fail at boottime.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Jason A. Donenfeld [Mon, 19 Nov 2018 17:30:17 +0000 (18:30 +0100)]
wireguard: bump to 0.0.
20181119
* chacha20,poly1305: fix up for win64
* poly1305: only export neon symbols when in use
* poly1305: cleanup leftover debugging changes
* crypto: resolve target prefix on buggy kernels
* chacha20,poly1305: don't do compiler testing in generator and remove xor helper
* crypto: better path resolution and more specific generated .S
* poly1305: make frame pointers for auxiliary calls
* chacha20,poly1305: do not use xlate
This should fix up the various build errors, warnings, and insertion errors
introduced by the previous snapshot, where we added some significant
refactoring. In short, we're trying to port to using Andy Polyakov's original
perlasm files, and this means quite a lot of work to re-do that had stableized
in our old .S.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from
48d8d46d331cd866ad5717cc5b090223a1856a4a)
Jason A. Donenfeld [Thu, 15 Nov 2018 20:14:49 +0000 (12:14 -0800)]
wireguard: bump to 0.0.
20181115
* Zinc no longer ships generated assembly code. Rather, we now
bundle in the original perlasm generator for it. The primary purpose
of this snapshot is to get testing of this.
* Clarify the peer removal logic and make lifetimes more precise.
* Use READ_ONCE for is_valid and is_dead.
* No need to use atomic when the recounter is mutex protected.
* Fix up macros and annotations in allowedips.
* Increment drop counter when staged packets are dropped.
* Use static constants instead of enums for 64-bit values in selftest.
* Mark large constants as ULL in poly1305-donna64.
* Fix sparse warnings in allowedips debugging code.
* Do not use wg_peer_get_maybe_zero in timer callbacks, since we now can
carefully control the lifetime of these functions and ensure they never
execute after dropping the last reference.
* Cleanup hashing in ratelimiter.
* Do not guard timer removals, since del_timer is always okay.
* We now check for PM_AUTOSLEEP, which makes the clear*on-suspend decision a
bit more general.
* Set csum_level to ~0, since the poly1305 authenticator certainly means
that no data was modified in transit.
* Use CHECKSUM_PARTIAL check for skb_checksum_help instead of
skb_checksum_setup check.
* wg.8: specify that wg(8) shows runtime info too
* wg.8: AllowedIPs isn't actually required
* keygen-html: add missing glue macro
* wg-quick: android: do not choke on empty allowed-ips
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from
bf52c968e863768494e79731550c62610dd3cf78)
Jason A. Donenfeld [Thu, 18 Oct 2018 01:48:34 +0000 (03:48 +0200)]
wireguard: bump to 0.0.
20181018
ba2ab5d version: bump snapshot
5f59c76 tools: wg-quick: wait for interface to disappear on freebsd
ac7e7a3 tools: don't fail if a netlink interface dump is inconsistent
8432585 main: get rid of unloaded debug message
139e57c tools: compile on gnu99
d65817c tools: use libc's endianness macro if no compiler macro
f985de2 global: give if statements brackets and other cleanups
b3a5d8a main: change module description
296d505 device: use textual error labels always
8bde328 allowedips: swap endianness early on
a650d49 timers: avoid using control statements in macro
db4dd93 allowedips: remove control statement from macro by rewriting
780a597 global: more nits
06b1236 global: rename struct wireguard_ to struct wg_
205dd46 netlink: do not stuff index into nla type
2c6b57b qemu: kill after 20 minutes
6f2953d compat: look in Kbuild and Makefile since they differ based on arch
a93d7e4 create-patch: blacklist instead of whitelist
8d53657 global: prefix functions used in callbacks with wg_
123f85c compat: don't output for grep errors
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from
4653818dabe6d2f6e99b483ec256e4374dbb2c77)
Kevin Darbyshire-Bryant [Tue, 9 Oct 2018 08:03:59 +0000 (09:03 +0100)]
wireguard: bump to 0.0.
20181007
64750c1 version: bump snapshot
f11a2b8 global: style nits
4b34b6a crypto: clean up remaining .h->.c
06d9fc8 allowedips: document additional nobs
c32b5f9 makefile: do more generic wildcard so as to avoid rename issues
20f48d8 crypto: use BIT(i) & bitmap instead of (bitmap >> i) & 1
b6e09f6 crypto: disable broken implementations in selftests
fd50f77 compat: clang cannot handle __builtin_constant_p
bddaca7 compat: make asm/simd.h conditional on its existence
b4ba33e compat: account for ancient ARM assembler
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from
3925298f3ca9bcd854571367d98bb6ca07f4e66e)
Jason A. Donenfeld [Sat, 6 Oct 2018 03:09:00 +0000 (05:09 +0200)]
wireguard: bump to 0.0.
20181006
* Account for big-endian 2^26 conversion in Poly1305.
* Account for big-endian NEON in Curve25519.
* Fix macros in big-endian AArch64 code so that this will actually run there
at all.
* Prefer if (IS_ENABLED(...)) over ifdef mazes when possible.
* Call simd_relax() within any preempt-disabling glue code every once in a
while so as not to increase latency if folks pass in super long buffers.
* Prefer compiler-defined architecture macros in assembly code, which puts us
in closer alignment with upstream CRYPTOGAMS code, and is cleaner.
* Non-static symbols are prefixed with wg_ to avoid polluting the global
namespace.
* Return a bool from simd_relax() indicating whether or not we were
rescheduled.
* Reflect the proper simd conditions on arm.
* Do not reorder lines in Kbuild files for the simd asm-generic addition,
since we don't want to cause merge conflicts.
* WARN() if the selftests fail in Zinc, since if this is an initcall, it won't
block module loading, so we want to be loud.
* Document some interdependencies beside include statements.
* Add missing static statement to fpu init functions.
* Use union in chacha to access state words as a flat matrix, instead of
casting a struct to a u8 and hoping all goes well. Then, by passing around
that array as a struct for as long as possible, we can update counter[0]
instead of state[12] in the generic blocks, which makes it clearer what's
happening.
* Remove __aligned(32) for chacha20_ctx since we no longer use vmovdqa on x86,
and the other implementations do not require that kind of alignment either.
* Submit patch to ARM tree for adjusting RiscPC's cflags to be -march=armv3 so
that we can build code that uses umull.
* Allow CONFIG_ARM[64] to imply [!]CONFIG_64BIT, and use zinc arch config
variables consistently throughout.
* Document rationale for the 2^26->2^64/32 conversion in code comments.
* Convert all of remaining BUG_ON to WARN_ON.
* Replace `bxeq lr` with `reteq lr` in ARM assembler to be compatible with old
ISAs via the macro in <asm/assembler.h>.
* Do not allow WireGuard to be a built-in if IPv6 is a module.
* Writeback the base register and reorder multiplications in the NEON x25519
implementation.
* Try all combinations of different implementations in selftests, so that
potential bugs are more immediately unearthed.
* Self tests and SIMD glue code work with #include, which lets the compiler
optimize these. Previously these files were .h, because they were included,
but a simple grep of the kernel tree shows 259 other files that carry out
this same pattern. Only they prefer to instead name the files with a .c
instead of a .h, so we now follow the convention.
* Support many more platforms in QEMU, especially big endian ones.
* Kernels < 3.17 don't have read_cpuid_part, so fix building there.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from
b6658564505e1f9a582ac63bd06cdf4b423818be)
Hans Dedecker [Sat, 10 Nov 2018 12:40:45 +0000 (13:40 +0100)]
ethtool: update to 4.19
8a1ad80 Release version 4.19.
ecdf295 ethtool: Fix uninitialized variable use at qsfp dump
98c148e ethtool: better syntax for combinations of FEC modes
d4b9f3f ethtool: support combinations of FEC modes
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from
5617e138bdaff94587d700def3d74e81c5b2db19)
Robert Marko [Sat, 25 Aug 2018 21:26:24 +0000 (23:26 +0200)]
ethtool: Update to 4.18
Tested on 8devices Jalapeno(ipq40xx)
Introduces following changes:
Feature: Add support for WAKE_FILTER (WoL using filters)
Feature: Add support for action value -2 (wake-up filter)
Fix: document WoL filters option also in help message
Feature: ixgbe dump strings for security registers
Signed-off-by: Robert Marko <robimarko@gmail.com>
(backported from
a9d73531921ef4755e2cbd6e9e7e36c59b00655c)
Robert Marko [Mon, 18 Jun 2018 15:50:47 +0000 (17:50 +0200)]
ethtool: Update to 4.17
Tested on 8devices Jalapeno(ipq40xx)
Introduces following changes
* Fix: In ethtool.8, remove superfluous and incorrect \
* Fix: fix uninitialized return value
* Fix: fix RING_VF assignment
* Fix: remove unused global variable
* Fix: several fixes in do_gregs()
* Fix: correctly free hkey when get_stringset() fails
* Fix: remove unreachable code
* Fix: fix stack clash in do_get_phy_tunable and do_set_phy_tunable
* Feature: Add register dump support for MICROCHIP LAN78xx
Signed-off-by: Robert Marko <robimarko@gmail.com>
(backported from
4bb2532ec1d4f30ad44037331130daffa687eb3d)
Rosen Penev [Thu, 7 Jun 2018 01:22:28 +0000 (18:22 -0700)]
ethtool: Update to 4.16
Tested on Turris Omnia (mvebu).
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from
2737cea0bb117013875ee33916bb4b9deae9ea47)
Daniel Engberg [Sun, 10 Jun 2018 22:22:36 +0000 (00:22 +0200)]
mbedtls: Cosmetic cleanups
This is more of a cosmetic change and a reminder that the CMake script hardcodes -O2.
Source:
https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.7/CMakeLists.txt#L73
https://github.com/ARMmbed/mbedtls/blob/master/CMakeLists.txt#L97
Remove the release type option as it's already provided by the toolchain.
Source:
https://github.com/openwrt/openwrt/blob/master/include/cmake.mk#L50
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(backported from
5297a759aee34952299d1d42f677f31781026c67)
Daniel Engberg [Sat, 9 Jun 2018 20:23:51 +0000 (22:23 +0200)]
tools/e2fsprogs: Update to 1.44.2
Update e2fsprogs to 1.44.2
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(backported from
651a62353b02a61f685e34ad6eaea8e61394a741)
Rosen Penev [Thu, 7 Jun 2018 01:22:25 +0000 (18:22 -0700)]
strace: Update to 4.22
SourceForge is deprecated according to upstream, so switch to main site
for downloads.
Tested on Turris Omnia (mvebu).
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from
d12d81f8d41d8169c1299375ff15c232231d972c)
Pierre Lebleu [Thu, 24 May 2018 12:20:33 +0000 (14:20 +0200)]
fstools: Add the new options available in the menuconfig
Mounting using the zlib compression and mounting with
full access accounting are now available in the
menuconfig.
Signed-off-by: Pierre Lebleu <pme.lebleu@gmail.com>
(backported from
e6b8ce4c081b0bdfbbd20477ecef18b285481b07)
Hans Dedecker [Fri, 25 May 2018 07:45:04 +0000 (09:45 +0200)]
fstools: update to latest git HEAD
dd02dad fstools: allow the mounting with full access time accounting
242248c fstools: allow to compress the filesystem
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from
5df2597c59879029059d09c426dbf10e06c80306)
Tomasz Maciej Nowak [Wed, 28 Nov 2018 19:44:21 +0000 (20:44 +0100)]
x86: make sysupgrade.tgz reachable again
Moving binding mount before check for saved sysupgrade configuration
made it unreachable. Fix it by moving binding mount after the check.
Fixes:
f78b2616 (x86: mount writable bootfs)
Reported-by: Lucian Cristian <luci@powerneth.ro>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(backported from
c288ad9c2b2a4ab62e4c887f13f220870911cc28)
Tomasz Maciej Nowak [Tue, 20 Nov 2018 16:20:41 +0000 (17:20 +0100)]
x86: add packages files to image bootfs
Add files to bootfs image from selected as built-in packages, which want
to install files to targets boot file system.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(backported from
51e199fbe80acb6e95dff942280b0396e094032b)
Tomasz Maciej Nowak [Tue, 20 Nov 2018 16:20:40 +0000 (17:20 +0100)]
x86: mount writable bootfs
Mount boot file system with rw option to allow installation of packages
which install files to /boot directory.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(backported from
f78b26163790fdf2b53464ab808af10f72e31c3e)
Tomasz Maciej Nowak [Tue, 20 Nov 2018 16:20:39 +0000 (17:20 +0100)]
include/rootfs.mk: remove boot directory
Currently every file in boot directory is copied over target /boot on
root file system and is usually inaccessible because appropriate boot
file system is mounted on top of it. Therefore remove /boot, which in
result will also save space on target root file system.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(backported from
31075313bf69fff3803b7c1da1e0ed7e5773d999)
Kabuli Chana [Wed, 14 Nov 2018 22:27:10 +0000 (15:27 -0700)]
mwlwifi: update to version 10.3.8.0-
20181114
compile / test target mvebu / mamba
Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
(backported from
392eea392cdae42d4e388e9f1a89bb6fb4e849b6)
Martin Schiller [Mon, 19 Nov 2018 05:50:28 +0000 (06:50 +0100)]
lantiq/basefiles: use shutdown instead of stop when the system goes down
I can't see any reason why we shouldn't use shutdown for lantiq as well.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(backported from
18398abe1eb5de50b3d8affd51e003bf7555d91a)
Petr Štetiar [Fri, 9 Nov 2018 07:25:41 +0000 (08:25 +0100)]
base-files: sysupgrade: Allow downloading of firmware images using HTTPS
Currently it's only possible to download images over HTTP.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(backported from
7c104a83589c3e3fbfdfda2ef68b8695f57dde75)
Rosen Penev [Tue, 13 Nov 2018 20:59:47 +0000 (12:59 -0800)]
flex: Add a lex symlink
Some packages like libpfring assume the presense of lex, which on some
other systems is a symlink to flex but not all. Symlink flex to fix
compilation.
Arch Linux and Fedora do this as far as I know.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from
7ef38e42c8440a29d1dc721a9e6184b2e369bc2f)
Petr Štetiar [Fri, 9 Nov 2018 11:09:29 +0000 (12:09 +0100)]
Revert "iptables: fix dependency for libip6tc on IPV6"
This patch reverts commit
2dc1f54b1205094e7c6036cae6275d2c326bad3e as it
breaks the build for me on x86-64 if I've IPV6 support disabled. Same config
builds fine on `openwrt-18.06` branch at
55d078b2.
$ grep IPV6 .config
# CONFIG_KERNEL_IPV6 is not set
# CONFIG_IPV6 is not set
Build errors out on:
Package libiptc is missing dependencies for the following libraries:
libip6tc.so.0
Looking at iptables-1.6.2/libiptc/Makefile.am:
libiptc_la_LIBADD = libip4tc.la libip6tc.la
and to iptables-1.6.2/libiptc/libiptc.pc.in:
Requires: libip4tc libip6tc
It seems that libiptc needs v4/v6 libs, so v6 isn't optional.
Cc: Rosy Song <rosysong@rosinson.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(backported from
1b4b942bcef8638a040788ab9ae94c66e38fd960)
Hauke Mehrtens [Thu, 1 Nov 2018 13:05:59 +0000 (14:05 +0100)]
scripts: update config.guess and config.sub
This updates these two files to commit
2fa97a8a0ed3 ("config.guess
(amd64:CYGWIN*:*:*, x86_64:CYGWIN*:*:*): Set master") which is the
current master of
https://git.savannah.gnu.org/gitweb/?p=config.git;a=summary
This contains updates for multiple architectures and will unbreak the
build on the x32 ABI.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from
3361a8817e9a6c4ab73d72bd98a3d652b756c12e)
Kabuli Chana [Mon, 29 Oct 2018 16:58:07 +0000 (10:58 -0600)]
mwlwifi: update to version 10.3.8.0-
20181029
compile / test target mvebu / mamba
Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
(backported from
390158bd2b0bab61e3c454a006fa68a4ad98dfdc)
Jonathan Lancett [Mon, 22 Oct 2018 14:36:23 +0000 (14:36 +0000)]
mwlwifi: driver version to 10.3.8.0-
20181022
Upgrade 88W8997 firmware to 8.4.0.52.
Removed unnecessary firmware settings.
Added vendor events.
Fixed crash problem when module is removed.
Modified the code to protect tx queues.
Signed-off-by: Jonathan Lancett <j.lancett@ntlworld.com>
[tidy commit message]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from
9ac73502405b4d4f110e4901df7d05b7f7bcd781)
Yufei Miao [Wed, 10 Oct 2018 15:23:44 +0000 (23:23 +0800)]
mwlwifi: driver version to 10.3.8.0-
20181008
Signed-off-by: Yufei Miao <myf@myf.cloud>
(backported from
260be8a5790416a8e8e42eb59d5b24a656e4bedb)
Daniel Golle [Mon, 1 Oct 2018 03:07:46 +0000 (05:07 +0200)]
wolfssl: update to version 3.15.3-stable
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from
ed0d5a1e609e0b39eff9f06e3522396581d0b06e)
Hannu Nyman [Sun, 28 Oct 2018 14:49:28 +0000 (16:49 +0200)]
tools/ccache: update to 3.5
Update ccache to 3.5
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(backported from
b0a2e60793f194a7a33e93a12f9ca5f2ae410529)
Rosen Penev [Mon, 15 Oct 2018 20:58:30 +0000 (13:58 -0700)]
tools/xz: Add PKG_CPE_ID for proper CVE tracking
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from
622176262d4b8093eda1704e052ae97d74c85c7f)
Rosen Penev [Mon, 15 Oct 2018 17:47:09 +0000 (10:47 -0700)]
tools/libressl: Add PKG_CPE_ID for proper CVE tracking
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from
74a5c619dc4322314e6db63f2ab113e61958665e)
Rosen Penev [Wed, 31 Oct 2018 23:55:14 +0000 (16:55 -0700)]
tools/patch: Add fedora patch for crashing git style patches
https://lists.gnu.org/archive/html/bug-patch/2018-10/msg00000.html
I assume a CVE number will be assigned soon.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from
32fc41baabc9e83a045a7a805b0d91a030cfbd3c)
Rosen Penev [Mon, 15 Oct 2018 17:17:29 +0000 (10:17 -0700)]
tools: patch: Add missing CVE-2018-6951 fix
uscan reports a new CVE now that PKG_CPE_ID was added.
Reordered patches by date.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[re-title commit & refresh patches]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from
a6bd9d0cb652686453604b762e80a35d023908c4)
Hauke Mehrtens [Sun, 14 Oct 2018 14:42:45 +0000 (16:42 +0200)]
tools: patch: Fix build by not modifing Makefile.am
A new test case was adding in one of the patches fixing a problem, this
also included a change in the test/Makefile.am to add this test case.
The build system detected a change in the Makefile.am and wants to
regenerate the Makefile.in, but this fails because automake-1.15 is not
installed yet. As automake depends on patch being build first, make sure
we do not modify the Makefile.am.
This fixes build problem seen by the build bots.
Fixes:
4797dddfde6 ("patch: apply upstream cve fixes")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from
759f111f8d7f2d9f5f12713fc6f48ce6422997ec)
Hauke Mehrtens [Sun, 14 Oct 2018 13:25:37 +0000 (15:25 +0200)]
tools: patch: make patch build depend on automake
The Makefile.am changed and now patch wants to use automake to
regenerate the Makefile.in. Make sure automake was build before we build
patch.
This fixes build problem seen by the build bots.
Fixes:
4797dddfde6 ("patch: apply upstream cve fixes")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from
07e8c217cb79a19c59fcb34ea6de39aa91a625b6)
Russell Senior [Sun, 14 Oct 2018 09:34:32 +0000 (02:34 -0700)]
patch: apply upstream cve fixes
Apply two upstream patches to address two CVEs:
* CVE-2018-
1000156
* CVE-2018-6952
Add PKG_CPE_ID to Makefile.
Build tested on apm821xx and ar71xx.
Signed-off-by: Russell Senior <russell@personaltelco.net>
(backported from
4797dddfde6a8ffdbdcb4e5b5e137b0a00313f62)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Alexander Couzens [Sun, 11 Nov 2018 01:31:41 +0000 (02:31 +0100)]
ugps: update to latest git HEAD
07528d43f9bc nmea.c: set _BSD_SOURCE to have timegm() & stime() on musl
b88037b6bf6a check timegm return code
ccabdf6c235f nmea.c: Add null byte to nmea fields
cdc1478a8133 remove deprication warning
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(backported from
81d7f82441f0754d398309a722323d792a24d76a)
Florian Eckert [Tue, 9 Oct 2018 09:32:36 +0000 (11:32 +0200)]
uqmi: update PKG_RELEASE version
update PKG_RELEASE
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from
4cabda8b7ddb0efea23e2aa044ea8bf18e03d199)
Florian Eckert [Thu, 12 Apr 2018 08:31:29 +0000 (10:31 +0200)]
uqmi: stop proto handler if verify pin count is not 3
Check pin count value from pin status and stop verification the pin if
the value is less then 3. This should prevent the proto-handler to
lock the SIM. If SIM is locked then the PUK is needed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from
0c9d06b5b243334123eafaf2e26a15ec2757767e)
Florian Eckert [Tue, 10 Apr 2018 10:55:11 +0000 (12:55 +0200)]
uqmi: evaluate pin-status output in qmi_setup function
Load the json output from uqmi --get-pin-status command and evaluate the
"pin1_status" value.
The following uqmi "pin1_status" values are evaluated:
- disabled
Do not verify PIN because SIM verification is disabled on this SIM
- blocked
Stop qmi_setup because SIM is locked and a PUK is required
- not_verified
SIM is not yet verified. Do a uqmi --verify-pin1 command if a SIM is
specified
- verified:
Do not verify the PIN because this was already done before
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from
4b80bd878d0fcb520f4811097900ebb5478a74fd)
Florian Eckert [Tue, 10 Apr 2018 13:56:24 +0000 (15:56 +0200)]
uqmi: do not block proto handler if SIM is uninitialized
QMI proto setup-handler will wait forever if SIM does not get initialized.
To fix this stop polling pin status and notify netifd. Netifd will generate
then a "ifup-failed" ACTION.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from
f171a86d064ac3fcfff05d286becae87c2e26b5f)
Florian Eckert [Thu, 12 Apr 2018 11:20:49 +0000 (13:20 +0200)]
uqmi: do not block proto handler if modem is unable to registrate
QMI proto setup-handler will wait forever if it is unable to registrate to
the mobile network. To fix this stop polling network registration status
and notify netifd. Netifd will generate then a "ifup-failed" ACTION.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from
dec1bfa0f48d43174921d1a1357a4842f9ba0cf6)
Florian Eckert [Thu, 11 Oct 2018 14:30:55 +0000 (16:30 +0200)]
uqmi: fix variable initilization for timeout handling
Also add logging output for SIM initilization.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from
71865200c95d5ccebe01980c88ee44a15888bcaf)
Florian Eckert [Thu, 12 Apr 2018 11:29:34 +0000 (13:29 +0200)]
uqmi: add timeout option value
This value will be used for now during following situations:
* Ask the sim with the uqmi --get-pin-status command.
* Wait for network registration with the uqmi --get-serving-system command.
This two commands wait forever in a while loop. Add a timeout to stop
waiting and so inform netifd.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from
dee93def394c9bf10d2cc3eb64d9e190ca461a67)
Florian Eckert [Thu, 12 Apr 2018 11:10:33 +0000 (13:10 +0200)]
uqmi: redirect uqmi commands output to /dev/null
Move uqmi std and error output on commands without using them to /dev/null.
This will remove useless outputs in the syslog.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from
2d57aa9c4c852e847e66a3bb5c775910d0cb8d77)
Florian Eckert [Tue, 10 Apr 2018 14:29:05 +0000 (16:29 +0200)]
uqmi: fix indenting
fix indenting
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from
692c6d9a5dbb955d00516b465271fd8a053af206)
Hans Dedecker [Wed, 17 Oct 2018 09:02:05 +0000 (11:02 +0200)]
gre: make encaplimit support configurable
Make inclusion of the destination option header containing the tunnel
encapsulation limit configurable for IPv6 GRE packets.
Setting the uci parameter encaplimit to ignore; allows to disable the
insertion of the destination option header in the IPv6 GRE packets.
Otherwise the tunnel encapsulation limit value can be set to a value
from 0 till 255 by setting the encaplimit uci parameter accordingly.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from
3d015e971f5e3f0df8e8ab149fda1270c5c72507)
Hans Dedecker [Sun, 7 Oct 2018 13:04:49 +0000 (15:04 +0200)]
odhcpd: update to latest git HEAD (FS#1853)
57f639e (HEAD -> master, origin/master, origin/HEAD) odhcpd: make DHCPv6/RA/NDP support optional
402c274 dhcpv6: check return code of dhcpv6_ia_init()
ee7472a router: don't leak RA message in relay mode (FS#1853)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from
af78e90d4cdb3c944d9c4f3d4d4648dd67886c4d)
Felix Fietkau [Sun, 7 Oct 2018 08:48:31 +0000 (10:48 +0200)]
iw: strip a few more non-essential features from iw-tiny
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from
518fb345e110f7028912211ebf75af92c7c10809)
Felix Fietkau [Sun, 7 Oct 2018 08:35:08 +0000 (10:35 +0200)]
iw: fix filtering linked object files for iw-tiny
It was broken by the recent commit that added iw-full
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from
7999282f7f1a1ab8a965f4b5efe31a4209bac0a6)
Felix Fietkau [Wed, 3 Oct 2018 06:57:00 +0000 (08:57 +0200)]
iw: add iw-full package without size reduction hacks
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from
8c647e873f9adf4527e61684458075f8d2b61a97)
Hans Dedecker [Sat, 6 Oct 2018 19:23:53 +0000 (21:23 +0200)]
ubus: update to latest git HEAD
221ce7e ubusd_acl: event send access list support
da503db ubusd_acl: event listen access list support
c035bab ubusd_acl: rework wildcard support
73bd847 ubusd_event: move strmatch_len to ubus_common.h
0327a91 ubus/lua: add support for BLOBMSG_TYPE_DOUBLE
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from
f771a1b96277e3553b46746decdf24fbf00a8997)
Syrone Wong [Mon, 1 Oct 2018 02:56:04 +0000 (10:56 +0800)]
ipset: update to 6.38
dropped already upstream patch
Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
(backported from
68f109609b613b38bb3b2e6e82a9c04ae8bd011f)
Emil Muratov [Tue, 25 Sep 2018 09:24:28 +0000 (12:24 +0300)]
zram-swap: bump pkg version
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from
bbf46c9f8feea755ceb8e33ccf91733c1c2b2a34)
Emil Muratov [Wed, 1 Aug 2018 22:05:14 +0000 (01:05 +0300)]
zram-swap: Add "max compression streams" configuration option
Config option to limit maximum compression streams per zram dev for
multicore CPU's. This could be defined via 'zram_comp_streams' option in
the 'system' section of '/etc/config/system' file or via cli (for e.x.
with 'uci set system.@System[0].zram_comp_streams=2 && uci commit
system'). Default is number of logical CPU cores.
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from
70d3ffb47fcef901e4d86da4c9077ba8b8e2ba10)
Emil Muratov [Wed, 1 Aug 2018 21:50:00 +0000 (00:50 +0300)]
zram-swap: fix number of created zram devices for multicore CPU's
Use only one zram swap device of the specified $size instead of
[N x $size] devices for multicore CPUs Now zram module uses multiple
compression streams for each dev by default, so we do not need to create
several zram devs to utilize multicore CPUs.
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from
814cae7362c3bd57e8fd9305d5d0b48ff219d4d0)
Emil Muratov [Wed, 1 Aug 2018 21:18:45 +0000 (00:18 +0300)]
zram-swap: fix zram dev reset for multicore cpu devices
* "zram stop" could reset up to $(num_of_cores) zram devices even if
some of those were not mounted as swap dev's. This fix tries to
enumerate mounted swap zram dev's before making a reset
* remove hot-added zram devs on stop (except zram0)
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from
9edc1fe8abac6638cd05640279bc741a23b8d260)
Emil Muratov [Wed, 1 Aug 2018 21:15:44 +0000 (00:15 +0300)]
zram-swap: compression algorithm configuration option
Compression algorithms for zram are provided by kernel crypto API, could
be any of [lzo|zl4|deflate|<some_more>] depending on kernel modules.
Compress algo for zram-swap could be defined via 'zram_comp_algo' option
in 'system' section of '/etc/config/system' file, or via cli (for e.x.
with 'uci set system.@System[0].zram_comp_algo=lz4 && uci commit
system'). check available algo's via 'cat /sys/block/zram0
/comp_algorithm'
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from
b9e89adfb7881806d01e3bd259852e352f3b3ce8)
Samuel Casa [Tue, 7 Aug 2018 09:16:34 +0000 (11:16 +0200)]
zram-swap: Shell cosmetic
Signed-off-by: Samuel Casa <samuel.casa@neratec.com>
(backported from
65e9561b3d0546bfe6bad1840d81c0aa07b0c68d)
Samuel Casa [Tue, 7 Aug 2018 08:49:22 +0000 (10:49 +0200)]
zram-swap: remove trailing whitespaces in init script
Signed-off-by: Samuel Casa <samuel.casa@neratec.com>
[slightly reword subject]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from
b291517fdf5a698726fe94010055ec90d85f365a)
Rosy Song [Wed, 26 Sep 2018 11:44:25 +0000 (19:44 +0800)]
odhcpd-ipv6only: fix dependency for IPV6
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from
456df06071f54d3c799725227d1ac77afbe61891)
Hans Dedecker [Mon, 19 Nov 2018 09:12:28 +0000 (10:12 +0100)]
netifd: update to latest git HEAD
4b83102 treewide: switch to C-code style comments
70506bf treewide: make some functions static
d9872db interface: fix removal of dynamic interfaces
2f7ef7d interface: rework code to get rid of interface_set_dynamic
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from
8e409f476b358111113353c3d3adfcff113674b8)
Hans Dedecker [Wed, 17 Oct 2018 09:14:15 +0000 (11:14 +0200)]
netifd: update to latest git HEAD
841b5d1 system-linux: enable by default ignore encaplimit for grev6 tunnels
125cbee system-linux: fix a typo in gre tunnel data parsing logic
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from
db6f9d5598a353c94578bd76dbef92dd78f3ae63)
Felix Fietkau [Mon, 30 Apr 2018 11:48:54 +0000 (13:48 +0200)]
hostapd: expose device taxonomy signature via ubus
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from
7d8681ccb99730ca0b35a5c341b468a86cadbf35)
Felix Fietkau [Mon, 30 Apr 2018 11:40:42 +0000 (13:40 +0200)]
hostapd: add support for client taxonomy in the full config
This can be used to fingerprint clients to try to identify the exact
model
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from
23c1827e341fce302ba2841ecabeeb3f95e21d68)
Jo-Philipp Wich [Tue, 16 Oct 2018 10:11:20 +0000 (12:11 +0200)]
hostapd: fix MAC filter related log spam
Backport two upstream fixes to address overly verbose logging of MAC ACL
rejection messages.
Fixes: FS#1468
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from
3e633bb3709611d79965fab667e3239fd3bde151)
Felix Fietkau [Thu, 25 Jan 2018 13:01:34 +0000 (14:01 +0100)]
kernel: support gcc-optimized inlining on all architectures
Optimized inlining was disabled by default when gcc 4 was still
relatively new. By now, all gcc versions handle this well and there
seems to be no real reason to keep it x86-only.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from
1e8882585c6f4a5e7f5e2b4f18cd550aafa6f81d)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Hauke Mehrtens [Sat, 29 Sep 2018 21:18:33 +0000 (23:18 +0200)]
kernel: Add missing config option for NFSDv4
This configuration option is not set when building the
layerscape/armv8_64b target.
Fixes:
92aa21497b2 ("kernel: build support for NFSv4 in nfsd")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from
99e1a12fd0448bc045da7f3776e804df187ee7a2)
W. Michael Petullo [Sun, 26 Aug 2018 06:31:31 +0000 (02:31 -0400)]
kernel: build support for NFSv4 in nfsd
Signed-off-by: W. Michael Petullo <mike@flyn.org>
(backported from
92aa21497b22bcf03862cf9da8e89ef007affebd)
Hauke Mehrtens [Sat, 25 Aug 2018 16:11:03 +0000 (18:11 +0200)]
kernel: add missing dependency to regmap to kmod-gpio-mcp23s08
This fixes a build problem recently introduced.
Fixes:
a904003b9b5f ("kernel: fix kmod-gpio-mcp23s08 for linux 4.14")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from
e882e63f1e1169030389b304489ab8a7d785df33)
Petr Štetiar [Fri, 23 Nov 2018 09:53:37 +0000 (10:53 +0100)]
build: Introduce building of artifacts
We currently could (ab)use IMAGES for this task, but the downside is,
that the filenames has filesystem tied to the filename, which might be
confusing as the artifact itself don't has to be used with that specific
filesystem. Another downside is, that the artifacts built with IMAGES
target are build for every FILESYSTEMS filesystem.
Consider following use case:
define Device/apalis
...
FILESYSTEMS := ext4 squashfs
IMAGES := spl-uboot.bin recovery.scr
IMAGE/spl-uboot.bin := append-uboot-spl | pad-to 68k | append-uboot
IMAGE/recovery.scr := recovery-scr
endef
Where we would get target binaries with following filenames:
openwrt-imx6-apalis-squashfs.recovery.scr
openwrt-imx6-apalis-squashfs.spl-uboot.bin
openwrt-imx6-apalis-ext4.recovery.scr
openwrt-imx6-apalis-ext4.spl-uboot.bin
With proposed patch, we could now just do:
define Device/apalis
...
ARTIFACTS := spl-uboot.bin recovery.scr
ARTIFACT/spl-uboot.bin := append-uboot-spl | pad-to 68k | append-uboot
ARTIFACT/recovery.scr := recovery-scr
endef
Which would produce target binaries with following filenames:
openwrt-imx6-apalis-recovery.scr
openwrt-imx6-apalis-spl-uboot.bin
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from
493c9a35516c27a8ec412d97e63c8cf6f41a57ea)
Thorsten Glaser [Mon, 22 Oct 2018 19:00:57 +0000 (21:00 +0200)]
build: fix libressl build on x32 (amd64ilp32) host
disable use of assembly code since x32 gets misdetected as amd64
Signed-off-by: Thorsten Glaser <tg@mirbsd.org>
(backported from
a395563f68fde6f52dbf10913f59f13b8c804cd5)
Christian Lamparter [Mon, 15 Oct 2018 18:00:05 +0000 (20:00 +0200)]
build: remove obsolete -rc kernel testing rewrites
The -rcX "testing" kernels are no longer hosted on
cdn.kernel.org file servers directly in a "testing"
directory. Therefore the logic that tested for "-rc"
can be removed.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(backported from
92bcd08989dede0f60589023e2aea4a864de76c6)
Felix Fietkau [Mon, 1 Oct 2018 10:44:50 +0000 (12:44 +0200)]
build: insert blank line after KernelPackage template to allow chaining calls to it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from
b7855230a348fa711de70665c861f63c631c98e9)
Felix Fietkau [Sat, 29 Sep 2018 15:45:54 +0000 (17:45 +0200)]
build: fix kernel headers install for uml
The kernel headers makefile needs to override LINUX_KARCH
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from
c3a0102195a2902f1964b667fb86031308c78f9d)
Koen Vandeputte [Tue, 18 Dec 2018 11:40:30 +0000 (12:40 +0100)]
cns3xxx: fix writing to wrong PCI registers
Originally, cns3xxx used it's own functions for mapping, reading and writing registers.
Upstream commit
802b7c06adc7 ("ARM: cns3xxx: Convert PCI to use generic config accessors")
removed the internal PCI config write function in favor of the generic one:
cns3xxx_pci_write_config() --> pci_generic_config_write()
cns3xxx_pci_write_config() expected aligned addresses, being produced by cns3xxx_pci_map_bus()
while the generic one pci_generic_config_write() actually expects the real address
as both the function and hardware are capable of byte-aligned writes.
This currently leads to pci_generic_config_write() writing
to the wrong registers on some ocasions.
First issue seen due to this:
- driver ath9k gets loaded
- The driver wants to write value 0xA8 to register PCI_LATENCY_TIMER, located at 0x0D
- cns3xxx_pci_map_bus() aligns the address to 0x0C
- pci_generic_config_write() effectively writes 0xA8 into register 0x0C (CACHE_LINE_SIZE)
This seems to cause some slight instability when certain PCI devices are used.
Another issue example caused by this this is the PCI bus numbering,
where the primary bus is higher than the secondary, which is impossible.
Before:
00:00.0 PCI bridge: Cavium, Inc. Device 3400 (rev 01) (prog-if 00 [Normal decode])
Flags: bus master, fast devsel, latency 0, IRQ 255
Bus: primary=02, secondary=01, subordinate=ff, sec-latency=0
After fix:
00:00.0 PCI bridge: Cavium, Inc. Device 3400 (rev 01) (prog-if 00 [Normal decode])
Flags: bus master, fast devsel, latency 0, IRQ 255
Bus: primary=00, secondary=01, subordinate=02, sec-latency=0
And very likely some more ..
Fix all by omitting the alignment being done in the mapping function.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Tue, 18 Dec 2018 13:12:50 +0000 (14:12 +0100)]
kernel: bump 4.14 to 4.14.89
Refreshed all patches.
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Tue, 18 Dec 2018 13:12:21 +0000 (14:12 +0100)]
kernel: bump 4.9 to 4.9.146
Refreshed all patches.
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Hauke Mehrtens [Sat, 29 Sep 2018 13:56:20 +0000 (15:56 +0200)]
kernel: Activate VDSO on MIPS again
The cache coloring problem on MIPS CPUs was fixed with kernel 4.9.129 of
the kernel 4.9 branch. Activate VDSO support for MIPS again.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from
91a71804f89a238082904ae027fffb52114e3499)
Kevin Darbyshire-Bryant [Thu, 27 Sep 2018 20:14:10 +0000 (21:14 +0100)]
wireguard: bump to 0.0.
20180925
33523a5 version: bump snapshot
0759480 curve25519-hacl64: reduce stack usage under KASAN
b9ab0fc chacha20: add bounds checking to selftests
2e99d19 chacha20-mips32r2: reduce stack and branches in loop, refactor jumptable handling
d6ac367 qemu: bump musl
28d8b7e crypto: make constant naming scheme consistent
56c4ea9 hchacha20: keep in native endian in words
0c3c0bc chacha20-arm: remove unused preambles
3dcd246 chacha20-arm: updated scalar code from Andy
6b9d5ca poly1305-mips64: remove useless preprocessor error
3ff3990 crypto-arm: rework KERNEL_MODE_NEON handling again
dd2f91e crypto: flatten out makefile
67a3cfb curve25519-fiat32: work around m68k compiler stack frame bug
9aa2943 allowedips: work around kasan stack frame bug in selftest
317b318 chacha20-arm: use new scalar implementation
b715e3b crypto-arm: rework KERNEL_MODE_NEON handling
77b07d9 global: reduce stack frame size
ddc2bd6 chacha20: add chunked selftest and test sliding alignments and hchacha20
2eead02 chacha20-mips32r2: reduce jumptable entry size and stack usage
a0ac620 chacha20-mips32r2: use simpler calling convention
09247c0 chacha20-arm: go with Ard's version to optimize for Cortex-A7
a329e0a chacha20-mips32r2: remove reorder directives
3b22533 chacha20-mips32r2: fix typo to allow reorder again
d4ac6bb poly1305-mips32r2: remove all reorder directives
197a30c global: put SPDX identifier on its own line
305806d ratelimiter: disable selftest with KASAN
4e06236 crypto: do not waste space on selftest items
5e0fd08 netlink: reverse my christmas trees
a61ea8b crypto: explicitly dual license
b161aff poly1305: account for simd being toggled off midway
470a0c5 allowedips: change from BUG_ON to WARN_ON
aa9e090 chacha20: prefer crypto_xor_cpy to avoid memmove
1b0adf5 poly1305: no need to trick gcc 8.1
a849803 blake2s: simplify final function
073f3d1 poly1305: better module description
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from
37961f12baa756caf5d735fdafff46205d21a93d)
Jason A. Donenfeld [Tue, 18 Sep 2018 14:57:05 +0000 (16:57 +0200)]
wireguard: bump to 0.0.
20180918
* blake2s-x86_64: fix whitespace errors
* crypto: do not use compound literals in selftests
* crypto: make sure UML is properly disabled
* kconfig: make NEON depend on CPU_V7
* poly1305: rename finish to final
* chacha20: add constant for words in block
* curve25519-x86_64: remove useless define
* poly1305: precompute 5*r in init instead of blocks
* chacha20-arm: swap scalar and neon functions
* simd: add __must_check annotation
* poly1305: do not require simd context for arch
* chacha20-x86_64: cascade down implementations
* crypto: pass simd by reference
* chacha20-x86_64: don't activate simd for small blocks
* poly1305-x86_64: don't activate simd for small blocks
* crypto: do not use -include trick
* crypto: turn Zinc into individual modules
* chacha20poly1305: relax simd between sg chunks
* chacha20-x86_64: more limited cascade
* crypto: allow for disabling simd in zinc modules
* poly1305-x86_64: show full struct for state
* chacha20-x86_64: use correct cut off for avx512-vl
* curve25519-arm: only compile if symbols will be used
* chacha20poly1305: add __init to selftest helper functions
* chacha20: add independent self test
Tons of improvements all around the board to our cryptography library,
including some performance boosts with how we handle SIMD for small packets.
* send/receive: reduce number of sg entries
This quells a powerpc stack usage warning.
* global: remove non-essential inline annotations
We now allow the compiler to determine whether or not to inline certain
functions, while still manually choosing so for a few performance-critical
sections.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from
f07a94da50b8a31928cb34c19695747e0df74beb)
Jason A. Donenfeld [Tue, 11 Sep 2018 00:59:16 +0000 (18:59 -0600)]
wireguard: bump to 0.0.
20180910
* curve25519: arm: do not modify sp directly
* compat: support neon.h on old kernels
* compat: arch-namespace certain includes
* compat: move simd.h from crypto to compat since it's going upstream
This fixes a decent amount of compat breakage and thumb2-mode breakage
introduced by our move to Zinc.
* crypto: use CRYPTOGAMS license
Rather than using code from OpenSSL, use code directly from AndyP.
* poly1305: rewrite self tests from scratch
* poly1305: switch to donna
This makes our C Poly1305 implementation a bit more intensely tested and also
faster, especially on 64-bit systems. It also sets the stage for moving to a
HACL* implementation when that's ready.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from
a54f492d0cf1f9bff1dd449961441e789c724995)
Jason A. Donenfeld [Tue, 4 Sep 2018 18:33:46 +0000 (12:33 -0600)]
wireguard: bump to 0.0.
20180904
* Kconfig: use new-style help marker
* global: run through clang-format
* uapi: reformat
* global: satisfy check_patch.pl errors
* global: prefer sizeof(*pointer) when possible
* global: always find OOM unlikely
Tons of style cleanups.
* crypto: use unaligned helpers
We now avoid unaligned accesses for generic users of the crypto API.
* crypto: import zinc
More style cleanups and a rearrangement of the crypto routines to fit how this
is going to work upstream. This required some fairly big changes to our build
system, so there may be some build errors we'll have to address in subsequent
snapshots.
* compat: rng_is_initialized made it into 4.19
We therefore don't need it in the compat layer anymore.
* curve25519-hacl64: use formally verified C for comparisons
The previous code had been proved in Z3, but this new code from upstream
KreMLin is directly generated from the F*, which is preferable. The
assembly generated is identical.
* curve25519-x86_64: let the compiler decide when/how to load constants
Small performance boost.
* curve25519-arm: reformat
* curve25519-arm: cleanups from lkml
* curve25519-arm: add spaces after commas
* curve25519-arm: use ordinary prolog and epilogue
* curve25519-arm: do not waste 32 bytes of stack
* curve25519-arm: prefix immediates with #
This incorporates ASM nits from upstream review.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from
4ccbe7de6cb20766fd309bc3824c7591e33b0b96)
Jason A. Donenfeld [Sun, 12 Aug 2018 08:29:52 +0000 (01:29 -0700)]
wireguard: bump to 0.0.
20180809
* send: switch handshake stamp to an atomic
Rather than abusing the handshake lock, we're much better off just using
a boring atomic64 for this. It's simpler and performs better. Also, while
we're at it, we set the handshake stamp both before and after the
calculations, in case the calculations block for a really long time waiting
for the RNG to initialize.
* compat: better atomic acquire/release backport
This should fix compilation and correctness on several platforms.
* crypto: move simd context to specific type
This was a suggestion from Andy Lutomirski on LKML.
* chacha20poly1305: selftest: use arrays for test vectors
We no longer have lines so long that they're rejected by SMTP servers.
* qemu: add easy git harness
This makes it a bit easier to use our qemu harness for testing our mainline
integration tree.
* curve25519-x86_64: avoid use of r12
This causes problems with RAP and KERNEXEC for PaX, as r12 is a
reserved register.
* chacha20: use memmove in case buffers overlap
A small correctness fix that we never actually hit in WireGuard but is
important especially for moving this into a general purpose library.
* curve25519-hacl64: simplify u64_eq_mask
* curve25519-hacl64: correct u64_gte_mask
Two bitmath fixes from Samuel, which come complete with a z3 script proving
their correctness.
* timers: include header in right file
This fixes compilation in some environments.
* netlink: don't start over iteration on multipart non-first allowedips
Matt Layher found a bug where a netlink dump of peers would never terminate in
some circumstances, causing wg(8) to keep trying forever. We now have a fix as
well as a unit test to mitigate this, and we'll be looking to create a fuzzer
out of Matt's nice library.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from
42dc0e25947a77b02ea18fa0e5fa04382250d5db)
Jason A. Donenfeld [Fri, 3 Aug 2018 20:13:13 +0000 (22:13 +0200)]
wireguard: bump to 0.0.
20180802
Changelog taken from the version announcement
> == Changes ==
>
> * chacha20poly1305: selftest: split up test vector constants
>
> The test vectors are encoded as long strings -- really long strings -- and
> apparently RFC821 doesn't like lines longer than 998.
> https://cr.yp.to/smtp/message.html
>
> * queueing: keep reference to peer after setting atomic state bit
>
> This fixes a regression introduced when preparing the LKML submission.
>
> * allowedips: prevent double read in kref
> * allowedips: avoid window of disappeared peer
> * hashtables: document immediate zeroing semantics
> * peer: ensure resources are freed when creation fails
> * queueing: document double-adding and reference conditions
> * queueing: ensure strictly ordered loads and stores
> * cookie: returned keypair might disappear if rcu lock not held
> * noise: free peer references on failure
> * peer: ensure destruction doesn't race
>
> Various fixes, as well as lots of code comment documentation, for a
> small variety of the less obvious aspects of object lifecycles,
> focused on correctness.
>
> * allowedips: free root inside of RCU callback
> * allowedips: use different macro names so as to avoid confusion
>
> These incorporate two suggestions from LKML.
>
> This snapshot contains commits from: Jason A. Donenfeld and Jann Horn.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(backported from
68e2ebe64a0f27eb25c0e56ef1125ce1318e2279)
Rosy Song [Thu, 9 Aug 2018 06:47:31 +0000 (14:47 +0800)]
iptables: fix dependency for libip6tc on IPV6
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from
2dc1f54b1205094e7c6036cae6275d2c326bad3e)
Rosy Song [Sun, 23 Sep 2018 02:05:04 +0000 (10:05 +0800)]
netifd: do not validate relevant section when ipv6 is not supported
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from
a6add47869972139cef9106aecfddbac0b3f64f4)
Florian Eckert [Mon, 24 Sep 2018 12:20:29 +0000 (14:20 +0200)]
base-files: add network_get_metric() to /lib/functions/network.sh
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(backported from
61a59949009993a6b1d634ecbce765b37c4c2560)
Andy Walsh [Wed, 1 Aug 2018 10:48:08 +0000 (12:48 +0200)]
ncurses: use default host install
* just use default host/install, so libs/headers get properly generated/installed
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(backported from
e0196152ebe7b6d11b740a81d0c3bced5b1902c1)
Andy Walsh [Tue, 7 Aug 2018 15:46:42 +0000 (17:46 +0200)]
gettext-full: host compile with -fpic
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(backported from
2bbc9376c6c081a8db491f047e32091da6ba0016)
David Yang [Sat, 11 Aug 2018 07:51:02 +0000 (15:51 +0800)]
dante: disable sched_getscheduler() - not implemented in musl
musl doesn't come with an valid implementation of `sched_getscheduler()`;
it simply returns -ENOSYS for it. Without this option (and compile dante
with `sched_getscheduler()` enabled), you will get
error: serverinit(): sched_getscheduler(2): failed to retrieve current
cpuscheduling policy: Function not implemented
and dante won't start at all.
Ref: http://lists.alpinelinux.org/alpine-devel/3932.html
Ref: http://lists.alpinelinux.org/alpine-devel/3936.html
Signed-off-by: David Yang <mmyangfl@gmail.com>
[slightly reword commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from
aaf46a8fe23eca959164c1681ab3a37c6e746b05)
Kevin Darbyshire-Bryant [Fri, 21 Sep 2018 18:41:27 +0000 (19:41 +0100)]
kernel: re-enable MIPS VDSO
kernel upstream commit
9efcaa7c4afba5628f2650a76f69c798f47eeb18 to 4.14
itself a backport of
0f02cfbc3d9e413d450d8d0fd660077c23f67eff has
resolved the cache line issues that led to us disabling VDSO by default
on MIPS.
Remove our force disable patch:
pending-4.14/206-mips-disable-vdso.patch
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from
8ee7a80d190b291e828cace3cac8c485f3b8667d)