oweals/openwrt.git
5 years agoodhcpd: remove socket from uloop upon NETEV_IFINDEX_CHANGE
Hans Dedecker [Mon, 19 Aug 2019 19:23:07 +0000 (21:23 +0200)]
odhcpd: remove socket from uloop upon NETEV_IFINDEX_CHANGE

949476e router: close socket upon NETEV_IFINDEX_CHANGE fixed

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agomusl: Fix CVE-2019-14697
Hauke Mehrtens [Sun, 18 Aug 2019 21:24:43 +0000 (23:24 +0200)]
musl: Fix CVE-2019-14697

musl libc through 1.1.23 has an x87 floating-point stack adjustment
imbalance, related to the math/i386/ directory. In some cases, use of
this library could introduce out-of-bounds writes that are not present
in an application's source code.

This problem only affects x86 and no other architectures.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
\ 2(cherry picked from commit c262daf308e0f0bd93bb5c5ee6238773935079ee)

5 years agouhttpd: update to latest Git HEAD
Jo-Philipp Wich [Sun, 18 Aug 2019 18:00:06 +0000 (20:00 +0200)]
uhttpd: update to latest Git HEAD

6b03f96 ubus: increase maximum ubus request size to 64KB

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit d1f207ecc9f045e091d7008d86f0449bcf0b35bc)

5 years agouhttpd: add direct dependency on libjson-c
Jo-Philipp Wich [Thu, 20 Jun 2019 16:07:49 +0000 (18:07 +0200)]
uhttpd: add direct dependency on libjson-c

The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefor add all libraries linked by uhttpd
as direct dependencies to the corresponding binary package definition.

This ensures that uhttpd is automatically rebuilt and relinked if any
of these libraries has its ABI_VERSION updated in the future.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit a95ddaba0272f254a3aeade3aa0c086e1625d672)

5 years agouhttpd: Fix format string build problems
Hauke Mehrtens [Sun, 16 Jun 2019 20:54:23 +0000 (22:54 +0200)]
uhttpd: Fix format string build problems

91fcac34ac uhttpd: Fix multiple format string problems

Fixes: fc454ca15305 libubox: update to latest git HEAD
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3c401f45c988aa6333a03efea1b1ac0318a8c11d)

5 years agomusl: ldso/dlsym: fix mips returning undef dlsym
Luiz Angelo Daros de Luca [Fri, 16 Aug 2019 04:33:58 +0000 (01:33 -0300)]
musl: ldso/dlsym: fix mips returning undef dlsym

This happens only the second time a library is loaded by dlopen().
After lib1 is loaded, dlsym(lib1,"undef1") correctly resolves the undef
symbol from lib1 dependencies. After the second library is loaded,
dlsym(lib2,"undef1") was returning the address of "undef1" in lib2
instead of searching lib2 dependencies.

Using upstream fix which now uses the same logic for relocation time
and dlsym.

Fixes openwrt/packages#9297

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 0d0617ff14b8b020896680de1f1a49c7ba8a5e0d)

5 years agobzip2: Update to 1.0.8
Rosen Penev [Thu, 8 Aug 2019 19:01:21 +0000 (12:01 -0700)]
bzip2: Update to 1.0.8

It seems bzip2 was abandoned by the author and adopted by the sourceware
people. The last release of bzip2 was from 2010.

Several security bugs were fixed as well as others.

Fixed up PKG_LICENSE to be compatible with SPDX.

Changed URLs to point to the new home.

Added patch that gets rid of deprecated utime function and switches it to
utimensat.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
5 years agowolfssl: bump to 4.1.0-stable
Eneas U de Queiroz [Mon, 5 Aug 2019 14:52:08 +0000 (11:52 -0300)]
wolfssl: bump to 4.1.0-stable

Always build AES-GCM support.
Unnecessary patches were removed.

This includes two vulnerability fixes:

CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK
extension parsing.

CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes
when performing ECDSA signing operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack.

This brings the package up-to-date with master, so it incorporates
changes from 4.0.0 in master:
* Removed options that can't be turned off because we're building with
  --enable-stunnel, some of which affect hostapd's Config.in.
* Adjusted the title of OCSP option, as OCSP itself can't be turned off,
  only the stapling part is selectable.
* Mark options turned on when wpad support is selected.
* Add building options for TLS 1.0, and TLS 1.3.
* Add hardware crypto support, which due to a bug, only works when CCM
  support is turned off.
* Reorganized option conditionals in Makefile.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
5 years agomac80211: Update to version 4.19.66-1
Hauke Mehrtens [Thu, 15 Aug 2019 12:30:26 +0000 (14:30 +0200)]
mac80211: Update to version 4.19.66-1

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
5 years agomac80211: Update to version 4.19.57
Hauke Mehrtens [Sat, 6 Jul 2019 22:08:20 +0000 (00:08 +0200)]
mac80211: Update to version 4.19.57

This updates to backports-4.19.57-1 which contains the wireless
subsystem and driver from kernel 4.19.57.
The removed patches are applied upstream.

Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
5 years agoodhcpd: fix closing of router socket
Hans Dedecker [Sat, 17 Aug 2019 07:40:23 +0000 (09:40 +0200)]
odhcpd: fix closing of router socket

c2d6032 router: fix previous commit

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agokernel: Activate CONFIG_OPTIMIZE_INLINING
Hauke Mehrtens [Sun, 12 May 2019 16:49:24 +0000 (18:49 +0200)]
kernel: Activate CONFIG_OPTIMIZE_INLINING

This will reduce the size of the kernel if CONFIG_CC_OPTIMIZE_FOR_SIZE is
set like for all targets with small_flash feature flag.
I haven't seen any changes for an ARM64 target which optimizes the
kernel for speed instead.

On the ath79/tiny target the uncompressed kernel size was reduced by
3.2% and the compressed kernel size by 2.1%

kernel size with CONFIG_OPTIMIZE_INLINING=n
4346412 build_dir/target-mips_24kc_musl/linux-ath79_tiny/vmlinux
1391169 build_dir/target-mips_24kc_musl/linux-ath79_tiny/tplink_tl-wr941-v4-kernel.bin

Kernel size with CONFIG_OPTIMIZE_INLINING=y
4212396 build_dir/target-mips_24kc_musl/linux-ath79_tiny/vmlinux
1362051 build_dir/target-mips_24kc_musl/linux-ath79_tiny/tplink_tl-wr941-v4-kernel.bin

This change is currently pending for kernel 5.2 and already in
linux-next, this updates our patch to match the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6dac1c0a9b94b62b6412b74a8997f728570f36be)

5 years agomvebu: sysupgrade: sdcard: fix platform_do_upgrade_sdcard
Klaus Kudielka [Sun, 28 Jul 2019 13:54:21 +0000 (15:54 +0200)]
mvebu: sysupgrade: sdcard: fix platform_do_upgrade_sdcard

Unconditionally execute the final case statement, even if the disk layout
changed. This is necessary, to keep the original Turris Omnia flash
instructions working: The disk layout WILL change, when switching from
TurrisOS to OpenWRT. Without updating the uboot environment at the same
time, the user would end up with an unbootable system.

Fixes commit 2e5a0b81ec ("mvebu: sysupgrade: sdcard: keep user added ...")

Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
5 years agomvebu: enable xHCI USB controller connected to PCIe
Tomasz Maciej Nowak [Thu, 25 Jul 2019 13:51:30 +0000 (15:51 +0200)]
mvebu: enable xHCI USB controller connected to PCIe

This commit fixes regression on Linksys WRT1900 (Mamba) where this device
doesn't have USB 3.0 controller integrated in SoC, instead it has Etron
EJ168 connected to PCIe lane. Previously enabled in kernel 4.4 and 4.9,
was lost in transition to 4.14.

Fixes: 4ccad92 ("mvebu: Add support for kernel 4.14")
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
5 years agoodhcpd: fix sending RA when link state brings bridge down
Hans Dedecker [Fri, 16 Aug 2019 07:51:56 +0000 (09:51 +0200)]
odhcpd: fix sending RA when link state brings bridge down

13928b3 router: close socket upon NETEV_IFINDEX_CHANGE

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agolantiq: unify Fritz!Box LED mappings
David Bauer [Sun, 11 Aug 2019 21:37:24 +0000 (23:37 +0200)]
lantiq: unify Fritz!Box LED mappings

This commit unifies the LED mapping of the AVM Fritz!Box routers, which
have a combined Power/DSL LED.

With the stock firmware, the Power LED has the following
characteristics:

 - Blink when DSL sync is being established
 - Solid when DSL sync is present

We can't completely resemble this behavior in OpenWrt. Currently, the
Power LED is completely off, when DSL sync is missing. This is not
really helpful, as a user might have the impression, that he bricked his
device.

Instead, map the Info-LED to the state of the DSL connection.
There is no consistent behavior for the Info-LED in the stock
firmware, as the user can set it's function by himself. The DSL
connection state is one possible option for the Info LED there.

Also use the red Power LED to indicate a running upgrade, in case the
board has a two-color Power LED.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 3032bf7f89e8ad5b69ab2f031287f475e5d2b829)

5 years agoRevert "ath79: make target source-only"
Jo-Philipp Wich [Tue, 13 Aug 2019 17:05:31 +0000 (19:05 +0200)]
Revert "ath79: make target source-only"

This reverts commit 2b074654b0f259518aa56e0975ca8e26c0c12bc9.

Due to popular demand, I've decided to revert this commit after
deliberating with Petr. This means that 19.07 will ship ath79 binary
images after all.

We do however consider the ath79 target on Kernel 4.14 in the 19.07
branch to be beta quality at best.

Acked-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agokernel: bump 4.14 to 4.14.138
Koen Vandeputte [Mon, 12 Aug 2019 08:32:59 +0000 (10:32 +0200)]
kernel: bump 4.14 to 4.14.138

Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agotools/patch: apply upstream patch for cve-2019-13638
Russell Senior [Sun, 11 Aug 2019 20:57:08 +0000 (13:57 -0700)]
tools/patch: apply upstream patch for cve-2019-13638

GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed style

diff payload with shell metacharacters. The ed editor does not need to be
present on the vulnerable system. This is different from CVE-2018-1000156.

https://nvd.nist.gov/vuln/detail/CVE-2019-13638

Signed-off-by: Russell Senior <russell@personaltelco.net>
(cherry picked from commit bcfd1d76852974170780dbe368e6194dbb0e123e)

5 years agolantiq: add led-upgrade alias for Fritz!Box 7412
David Bauer [Sat, 10 Aug 2019 14:16:19 +0000 (16:16 +0200)]
lantiq: add led-upgrade alias for Fritz!Box 7412

This adds the led-upgrade alias for the AVM Fritz!Box 7412 to indicate a
running firmware upgrade.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 920abb9b5865fe0994a5c8115cde616dac63d5ae)

5 years agolantiq: enable second VPE on Fritz!Box 7412
David Bauer [Fri, 9 Aug 2019 21:45:56 +0000 (23:45 +0200)]
lantiq: enable second VPE on Fritz!Box 7412

The AVM Fritz!Box 7412 does not use the VMMC part of the Lantiq chip but
rather a proprietary solution based on the DECT chip for the FXS ports.

Therefore, the second VPE can be enabled for use with OpenWrt.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 891a7007598d5d396bf621fcc6ab0cc083b192b6)

5 years agolantiq: correct Fritz!Box 7412 button logic level
David Bauer [Fri, 9 Aug 2019 22:45:49 +0000 (00:45 +0200)]
lantiq: correct Fritz!Box 7412 button logic level

The AVM FRITZ!Box 7412 buttons are both active low, which is currently
incorrectly defined in the device-tree.

This leads to the device booting directly into failsafe.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit c12947b39e96c82974cbe0fc3557259713f37770)

5 years agolantiq: use wpad-basic for boards with enough storage
Johann Neuhauser [Mon, 29 Jul 2019 17:44:17 +0000 (19:44 +0200)]
lantiq: use wpad-basic for boards with enough storage

This commit selects wpad-basic for the FRITZ!Box 7312 and 7412 as
wpad-mini is only selected on boards with small flash.

Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
[add short description]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit c3c3cd5e4a86acfc83449c47c5f87779a800bdc7)

5 years agoodhcpd: fix lingering uloop socket descriptor
Hans Dedecker [Sat, 10 Aug 2019 08:16:51 +0000 (10:16 +0200)]
odhcpd: fix lingering uloop socket descriptor

e9e8240 router: fix lingering uloop socket descriptor

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agoar71xx: ag71xx: init rings with GFP_KERNEL
Koen Vandeputte [Fri, 9 Aug 2019 16:51:07 +0000 (18:51 +0200)]
ar71xx: ag71xx: init rings with GFP_KERNEL

ar71xx got lost during final rebase ..

Fixes: c8a6ce71e49c ("ar71xx/ath79: ag71xx: init rings with GFP_KERNEL")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoar71xx/ath79: ag71xx: init rings with GFP_KERNEL
Koen Vandeputte [Fri, 9 Aug 2019 07:51:29 +0000 (09:51 +0200)]
ar71xx/ath79: ag71xx: init rings with GFP_KERNEL

Upstream commit 246902bdf562d45ea3475fac64c93048a7a39f01

Which contains following explanation:

--
There is no need to use GFP_ATOMIC here, GFP_KERNEL should be enough.
The 'kcalloc()' just a few lines above, already uses GFP_KERNEL.
--

Looking at the code, all other descriptors also use plain GFP_KERNEL

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoar71xx/ath79: ag71xx: fix sleep in atomic
Koen Vandeputte [Mon, 5 Aug 2019 13:20:22 +0000 (15:20 +0200)]
ar71xx/ath79: ag71xx: fix sleep in atomic

When enabling atomic-sleep-debugging options in the kernel,
following splat is seen when disabling the interface (which happens on boot):

[   10.892878] eth0: link down
[   10.896788] BUG: sleeping function called from invalid context at net/core/dev.c:5563
[   10.904730] in_atomic(): 1, irqs_disabled(): 1, pid: 425, name: ip
[   10.911004] 2 locks held by ip/425:
[   10.914539]  #0:  (rtnl_mutex){....}, at: [<80377474>] rtnetlink_rcv_msg+0x2d8/0x380
[   10.922441]  #1:  (&(&ag->lock)->rlock){....}, at: [<80330158>] ag71xx_hw_disable+0x24/0x94
[   10.930976] CPU: 0 PID: 425 Comm: ip Not tainted 4.14.136 #0
[   10.936716] Stack : 805e0000 80589228 80557404 876998ec 80610000 80610000 87cdcafc 805b5327
[   10.945233]         80551534 000001a9 8061386c 87699ccc 87cfb180 00000001 876998a0 84f70903
[   10.953751]         00000000 00000000 80b00000 8769979c 6a7407fa 00000000 00000007 00000000
[   10.962270]         000000b7 16d0954a 000000b6 00000000 80000000 87cb658c 87cb65b0 00000001
[   10.970787]         8046f97c 87699ccc 87cfb180 87ff2810 00000003 802ce724 0806e098 80610000
[   10.979306]         ...
[   10.981797] Call Trace:
[   10.984287] [<8006cb0c>] show_stack+0x58/0x100
[   10.988814] [<800aab34>] ___might_sleep+0x100/0x120
[   10.993774] [<8035c434>] napi_disable+0x30/0xd8
[   10.998377] [<80330198>] ag71xx_hw_disable+0x64/0x94
[   11.003418] [<8033069c>] ag71xx_stop+0x24/0x38
[   11.007959] [<80359e30>] __dev_close_many+0xcc/0x104
[   11.013009] [<80362eac>] __dev_change_flags+0xc8/0x1ac
[   11.018227] [<80362fb8>] dev_change_flags+0x28/0x70
[   11.023182] [<80376890>] do_setlink+0x31c/0x91c
[   11.027786] [<80379360>] rtnl_newlink+0x3ec/0x7f8
[   11.032563] [<80377498>] rtnetlink_rcv_msg+0x2fc/0x380
[   11.037799] [<8039a734>] netlink_rcv_skb+0xd4/0x178
[   11.042754] [<80399d10>] netlink_unicast+0x168/0x250
[   11.047796] [<8039a2d4>] netlink_sendmsg+0x3d8/0x434
[   11.052841] [<8033f0e4>] ___sys_sendmsg+0x1dc/0x290
[   11.057794] [<80340140>] __sys_sendmsg+0x54/0x84
[   11.062495] [<8007212c>] syscall_common+0x34/0x58

This is caused by calling napi_disable() while holding the spinlock.

Fix it by omitting the spinlock, which is not required here
Extensively tested on GL-MiFi, RB-912 and RB-922 hardware

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.14 to 4.14.137
Koen Vandeputte [Wed, 7 Aug 2019 11:55:05 +0000 (13:55 +0200)]
kernel: bump 4.14 to 4.14.137

Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoconfig: introduce separate CONFIG_SIGNATURE_CHECK option
Jo-Philipp Wich [Tue, 6 Aug 2019 19:22:27 +0000 (21:22 +0200)]
config: introduce separate CONFIG_SIGNATURE_CHECK option

Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value
of CONFIG_SIGNED_PACKAGES and thus is enabled by default.

This option is needed to support building target opkg with enabled
signature verification while having the signed package lists disabled.

Our buildbots currently disable package signing globally in the
buildroot and SDK to avoid the need to ship private signing keys to
the build workers and to prevent the triggering of random key generation
on the worker nodes since package signing happens off-line on the master
nodes.

As unintended side-effect, updated opkg packages will get built with
disabled signature verification, hence the need for a new override option.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f565f276e2c06ac8f3176e0b16d6f2d40cd653d4)

5 years agoadb: fix build breakage on recent musl
Petr Štetiar [Mon, 5 Aug 2019 09:48:47 +0000 (11:48 +0200)]
adb: fix build breakage on recent musl

Fix build breakage as upstream has removed implicit include of
sys/sysmacros.h from sys/types.h:

 remove implicit include of sys/sysmacros.h from sys/types.h

 this reverts commit f552c792c7ce5a560f214e1104d93ee5b0833967, which
 exposed the sysmacros.h macros (device major/minor calculations) for
 BSD and GNU profiles to mimic an unintentional glibc behavior some
 code depended on. glibc has deprecated and since removed them as the
 resolution to bug #19239, so it makes no sense for us to keep this
 behavior. affected code should all have been fixed by now, and if it's
 not yet fixed it needs to be for use with modern glibc anyway.

Ref: https://git.musl-libc.org/cgit/musl/commit/include/sys/types.h?id=a31a30a0076c284133c0f4dfa32b8b37883ac930
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 79596f782e2c8daa1ebb8e480b6373c8142714c6)

5 years agopackages: apply usign padding workarounds to package indexes if needed
Jo-Philipp Wich [Wed, 7 Aug 2019 05:15:07 +0000 (07:15 +0200)]
packages: apply usign padding workarounds to package indexes if needed

Since usign miscalculates SHA-512 digests for input sizes of exactly
64 + N * 128 + 110 or 64 + N * 128 + 111 bytes, we need to apply some
white space padding to avoid triggering the hashing edge case.

While usign itself has been fixed already, there is still many firmwares
in the wild which use broken usign versions to verify current package
indexes so we'll need to carry this workaround in the forseeable future.

Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Ref: https://git.openwrt.org/5a52b379902471cef495687547c7b568142f66d2
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit e1f588e446c7ceb696b644b37aeab9b3476e2a57)

5 years agousign: update to latest Git HEAD
Jo-Philipp Wich [Tue, 6 Aug 2019 18:55:39 +0000 (20:55 +0200)]
usign: update to latest Git HEAD

This update fixes usign signature verification on files with certain
file sizes triggering a bug in the shipped SHA-512 implementation.

5a52b37 sha512: fix bad hardcoded constant in sha512_final()
3e6648b README: replace unicode character
716c3f2 README: add reference to OpenBSD signify
86d3668 README: provide reference for ed25519 algorithm
939ec35 usign: main.c: describe necessary arguments for -G

Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 991dd5a89340367920315a3fd0390a7423e6b34a)

5 years agokernel: bump 4.14 to 4.14.136
Koen Vandeputte [Mon, 5 Aug 2019 10:18:03 +0000 (12:18 +0200)]
kernel: bump 4.14 to 4.14.136

Refreshed all patches.

Altered patches:
- 306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch

Remove upstreamed:
- 100-powerpc-4xx-uic-clear-pending-interrupt-after-irq-ty.patch
- 088-0002-i2c-qup-fixed-releasing-dma-without-flush-operation.patch
- 500-arm64-dts-marvell-Fix-A37xx-UART0-register-size.patch

Fixes:
- CVE-2019-13648
- CVE-2019-10207

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agompc85xx: correct OCEDO Panda LED definition
David Bauer [Mon, 5 Aug 2019 20:37:46 +0000 (22:37 +0200)]
mpc85xx: correct OCEDO Panda LED definition

WLAN0 and the unused LED are currently swapped. Fix this, so the LED
behavior matches the other OCEDo devices.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit a3a2b4857eb9c926bdbce7809bf5bd92f777e967)

5 years agotools/patch: apply upstream patch for CVE-2019-13636
Russell Senior [Mon, 29 Jul 2019 19:09:09 +0000 (12:09 -0700)]
tools/patch: apply upstream patch for CVE-2019-13636

In GNU patch through 2.7.6, the following of symlinks is mishandled in
certain cases other than input files. This affects inp.c and util.c.

https://nvd.nist.gov/vuln/detail/CVE-2019-13636

Signed-off-by: Russell Senior <russell@personaltelco.net>
(cherry picked from commit 995bcc532943639f3df36dbcaa361f9167f9f4d5)

5 years agoscripts/ubinize-image.sh: fix buildbot breakage
Petr Štetiar [Sat, 27 Jul 2019 05:47:10 +0000 (07:47 +0200)]
scripts/ubinize-image.sh: fix buildbot breakage

New Docker based buildslaves install just bare minimum of packages, thus
not having bsdmainutils package installed which provides `hexdump`
utility, leading to the following build breakage on buildbots:

 ubinize-image.sh: 12: /builder/scripts/ubinize-image.sh: hexdump: not found

So this patch simply replaces `hexdump` with `od` utility provided by
coreutils package, which should be likely available.

Co-authored-by: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit c6d41c320c795b0bb9a9350c7d4b1ce55f25769a)

5 years agoar71xx: fix HiveAP 121 PLL for 1000M
David Bauer [Tue, 30 Jul 2019 17:16:21 +0000 (19:16 +0200)]
ar71xx: fix HiveAP 121 PLL for 1000M

The Aerohive HiveAP 121 has the wrong PLL value set for Gigabit speeds,
leading to packet-loss. 10M and 100M work fine.

This commit sets the Gigabit Ethernet PLL value to the correct value,
fixing packet loss.

Confirmed with iperf and floodping.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit cb49e46a8a4526d86270ced3ba3aa90225ca82d7)

5 years agoar71xx: really fix Mikrotik board detection
Koen Vandeputte [Thu, 1 Aug 2019 10:08:12 +0000 (12:08 +0200)]
ar71xx: really fix Mikrotik board detection

commit e09da0169a08 ("ar71xx: fix Mikrotik board detection")
was generated based on testing a rb-912 board, on which detection failed.

Testing on more hardware shows something fun:

machine : MikroTik RouterBOARD 922UAGS-5HPacD
machine : Mikrotik RouterBOARD 912UAG-5HPnD

Both lowercase and uppercase are used.
So ensure we support both now ..

Fixes: e09da0169a08 ("ar71xx: fix Mikrotik board detection")

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 845b2a1cfe307394f3f2144cce085bbb5e171ecc)

5 years agotoolchain/musl: bump to version 1.1.23
Koen Vandeputte [Tue, 30 Jul 2019 11:01:59 +0000 (13:01 +0200)]
toolchain/musl: bump to version 1.1.23

new features:
- riscv64 port
- configure now allows customizing AR and RANLIB vars
- header-level support for new linux features in 5.1

major internal changes:
- removed extern __syscall; syscall header code is now fully self-contained

performance:
- new math library implementation for log/exp/pow
- aarch64 dynamic tlsdesc function is streamlined

compatibility & conformance:
- O_TTY_INIT is now defined
- sys/types.h no longer pollutes namespace with sys/sysmacros.h in any profile
- powerpc asm is now compatible with clang internal assembler

changes for new POSIX interpretations:
- fgetwc now sets stream error indicator on encoding errors
- fmemopen no longer rejects 0 size

bugs fixed:
- static TLS for shared libraries was allocated wrong on "Variant I" archs
- crash in dladdr reading through uninitialized pointer on non-match
- sigaltstack wrongly errored out on invalid ss_size when doing SS_DISABLE
- getdents function misbehaved with buffer length larger than INT_MAX
- set*id could deadlock after fork from multithreaded process

arch-specfic bugs fixed:
- s390x SO_PEERSEC definition was wrong
- passing of 64-bit syscall arguments was broken on microblaze
- posix_fadvise was broken on mips due to missing 7-arg syscall support
- vrregset_t layout and member naming was wrong on powerpc64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.14 to 4.14.134
Koen Vandeputte [Mon, 29 Jul 2019 11:52:04 +0000 (13:52 +0200)]
kernel: bump 4.14 to 4.14.134

Refreshed all patches.

Remove upstreamed:
- 049-v4.20-mips-remove-superfluous-check-for-linux.patch

Fixes:
- CVE-2019-3846
- CVE-2019-3900

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoimx6: bump SDMA firmware to 3.5
Koen Vandeputte [Mon, 29 Jul 2019 13:15:02 +0000 (15:15 +0200)]
imx6: bump SDMA firmware to 3.5

- add uart rom script address in header of sdma firmware to support
  the uart driver of latest kernel working well while old firmware
  assume ram script used for uart driver as NXP internal legacy
  kernel.
- add multi-fifo SAI/PDM scripts.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 819b6345a206ad182dd3c2d786a3d7f04e33f751)

5 years agoath79: make target source-only
Petr Štetiar [Mon, 29 Jul 2019 15:42:07 +0000 (17:42 +0200)]
ath79: make target source-only

In order to prevent build of images for this release as ath79 is going
to deprecate ar71xx in the next release.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agoar71xx: fix Mikrotik board detection
Koen Vandeputte [Mon, 29 Jul 2019 08:10:02 +0000 (10:10 +0200)]
ar71xx: fix Mikrotik board detection

Fix a typo in the machine type being extracted from /proc/cpuinfo
which causes all Mikrotik board to be undetected properly.

This lead to sysupgrade issues and probably some others too.

Fixes: 76c963bb01fb ("ar71xx: base-files: fix board detect on new MikroTik devices")

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoar71xx: fix WLAN LED names for Archer C7
Tomislav Požega [Thu, 18 Jul 2019 19:37:39 +0000 (21:37 +0200)]
ar71xx: fix WLAN LED names for Archer C7

Update WLAN LED colour identifier for both interfaces on Archer C7

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
(cherry picked from commit 65762cdd2223d759f5836214143888e32ce5766b)

5 years agoar71xx: fix system LED names on Archer C5/C7
Tomislav Požega [Thu, 18 Jul 2019 15:59:37 +0000 (17:59 +0200)]
ar71xx: fix system LED names on Archer C5/C7

Move system LED board definitions of Archer C5/C7 to reflect
actual system LED colour used

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
(cherry picked from commit a73934fc9ad05207e79a3e58abc3d14eee28b6f2)

5 years agoar71xx: Archer C7 v1 LED names and RFKILL fixes
Tomislav Požega [Thu, 18 Jul 2019 14:55:58 +0000 (14:55 +0000)]
ar71xx: Archer C7 v1 LED names and RFKILL fixes

All leds on these boards are green. v1 has RFKILL GPIO 23 for production
units (it had GPIO 13 only for test phase units, and these are rather
very rare to find). As for the previous attempt to fix this and revert
due to WDR boards have blue leds, it was wrong: WDR board does not use
common setup (false).

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
(cherry picked from commit c79c001b593bd826d51722f2c83ad8770255f3b3)

5 years agoar71xx: update qca-usb-quirks patch
Tomislav Požega [Fri, 19 Jul 2019 04:04:54 +0000 (06:04 +0200)]
ar71xx: update qca-usb-quirks patch

Base address for USB0 has changed from 0x18116c94 on AR934X
to 0x18116d94 on QCA9558. CP Typo remained for years here...

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
(cherry picked from commit fd5aa19480b92045db224a2d2450680e9fe66385)

5 years agomac80211: brcm: improve brcmfmac debugging of firmware crashes
Rafał Miłecki [Sun, 28 Jul 2019 12:09:20 +0000 (14:09 +0200)]
mac80211: brcm: improve brcmfmac debugging of firmware crashes

This provides a complete console messages dump.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 6a7b201b6c5c82d3d8d392ae931100c1909869e0)

5 years agomac80211: brcm: update brcmfmac 5.4 patches
Rafał Miłecki [Sun, 28 Jul 2019 11:52:47 +0000 (13:52 +0200)]
mac80211: brcm: update brcmfmac 5.4 patches

Use commits from wireless-drivers-next.git.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 8e466fb7e315f33d0d2bbc06c4fa7c27b81d9a3b)

5 years agotfa-layerscape: fix create_pbl and byte_swap host build
Biwen Li [Fri, 26 Jul 2019 08:23:53 +0000 (16:23 +0800)]
tfa-layerscape: fix create_pbl and byte_swap host build

- make create_pbl and byte_swap as host tools

- fix a bug that maybe use the cross compiler
to compile create_pbl and byte_swap:

# -a option appends the image for Chassis 3 devices in case of non secure boot
aarch64-openwrt-linux-musl-gcc -Wall -Werror -pedantic -std=c99 -O2
 -DVERSION=v1.5(release):reboot-10604-ge9216b3336 -D_GNU_SOURCE -D_XOPEN_SOURCE=700
 -c -o create_pbl.o create_pbl.c
cc1: note: someone does not honour COPTS correctly, passed 0 times
  LD      create_pbl
/usr/bin/ld: create_pbl.o: Relocations in generic ELF (EM: 183)
/usr/bin/ld: create_pbl.o: Relocations in generic ELF (EM: 183)
/usr/bin/ld: create_pbl.o: Relocations in generic ELF (EM: 183)
create_pbl.o: error adding symbols: File in wrong format
collect2: error: ld returned 1 exit status
Makefile:43: recipe for target create_pbl failed
make[4]: *** [create_pbl] Error 1
plat/nxp/tools/pbl_ch2.mk:45: recipe for target pbl failed
make[3]: *** [pbl] Error 2

- add tfa- prefix to all tools in order to avoid future clashes with
  other toolnames

Signed-off-by: Biwen Li <biwen.li@nxp.com>
[added missing HOST_CFLAGS, added tfa- prefix to the tools]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 83d5ca2186f7801d94f336e09f8db0a2c5c5d97f)

5 years agotfa-layerscape: fix fiptool host build
Petr Štetiar [Wed, 24 Jul 2019 14:00:39 +0000 (14:00 +0000)]
tfa-layerscape: fix fiptool host build

fiptool is a host tool, used in a firmware generation pipeline, but it's
not treated as such, leading to the build breakage on the hosts which
don't have {Open,Libre}SSL dev package installed:

 In file included from fiptool.h:16:0,
                 from fiptool.c:19:
 fiptool_platform.h:18:27: fatal error: openssl/sha.h:
 No such file or directory
  #  include <openssl/sha.h>

So this patch promotes fiptool into the host tool with proper host
include and library paths under STAGING_DIR.

Ref: https://github.com/openwrt/openwrt/pull/2267
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b8249cef9fedb1e2e3ed4f1b16382c6815e08df1)

5 years agoopenwrt-keyring: update to Git HEAD
Jo-Philipp Wich [Thu, 25 Jul 2019 17:39:51 +0000 (19:39 +0200)]
openwrt-keyring: update to Git HEAD

8080ef3 usign: add 19.07 release build pubkey
e24fe0d usign: use distro agnostic comments
251ded7 usign: fix filename of Stijn's usign key
14f0efc gpg: update snapshots public signing key
14f845b gpg: replace my public GPG key
4f735b8 gpg: add OpenWrt 19.07 signing key
228f8da gpg: add OpenWrt 18.06 v2 signing key
36057d9 gpg: update LEDE 17.01 public signing key
f2989ab Add my public GPG and usign key

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit e9216b3336f7a774be7021dd663a433d9ec5edc7)

5 years agourngd: move project to git.openwrt.org
Petr Štetiar [Mon, 17 Jun 2019 13:25:40 +0000 (15:25 +0200)]
urngd: move project to git.openwrt.org

Let's move project to a proper place.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit bec8fb1ee7188bfe7eff0f39e060039623e2575e)

5 years agobuild: add urandom-seed and urngd to default packages set
Petr Štetiar [Mon, 20 May 2019 14:47:23 +0000 (16:47 +0200)]
build: add urandom-seed and urngd to default packages set

urandom-seed content was split from base-files into separate package so
in order to preserve the current functionality and to provide some
fallback mechanism in case jent-rng initialization fails in urngd we
need to add it back.

urngd is OpenWrt's micro non-physical true random number generator based
on timing jitter.

Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f5387b754f98f85bf4a1c8c392a965bdbcb96db6)

5 years agobase-files: move urandom seed bits into separate package
Petr Štetiar [Mon, 20 May 2019 14:38:33 +0000 (16:38 +0200)]
base-files: move urandom seed bits into separate package

So it's possible to install or remove it as needed.

Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 27bfde9c9f789dbfabebf13047e8b042c27cdeef)

5 years agoubox: move getrandom into separate getrandom package
Petr Štetiar [Mon, 20 May 2019 14:41:43 +0000 (16:41 +0200)]
ubox: move getrandom into separate getrandom package

So it's possible to install or remove it as needed.

Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 9b4de712cae9b3d745ea4331a804242505f58619)

5 years agourngd: add micro non-physical true RNG based on timing jitter
Petr Štetiar [Mon, 20 May 2019 12:02:20 +0000 (14:02 +0200)]
urngd: add micro non-physical true RNG based on timing jitter

μrngd is OpenWrt's micro non-physical true random number generator based
on timing jitter.

Using the Jitter RNG core, the rngd provides an entropy source that
feeds into the Linux /dev/random device if its entropy runs low. It
updates the /dev/random entropy estimator such that the newly provided
entropy unblocks /dev/random.

The seeding of /dev/random also ensures that /dev/urandom benefits from
entropy. Especially during boot time, when the entropy of Linux is low,
the Jitter RNGd provides a source of sufficient entropy.

Acked-by: Jo-Philip Wich <jow@mein.io>
Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 714bd89fceee494282984d0ed76e4a3acde419e0)

5 years agomac80211: brcm: backport first set of 5.4 brcmfmac changes
Rafał Miłecki [Sun, 21 Jul 2019 09:23:32 +0000 (11:23 +0200)]
mac80211: brcm: backport first set of 5.4 brcmfmac changes

This doesn't include 9ff8614a3dbe ("brcmfmac: use separate Kconfig file
for brcmfmac") due to a few conflicts with backports changes.

An important change is:
[PATCH 2/7] brcmfmac: change the order of things in brcmf_detach()
which fixes a rmmod crash in the brcmf_txfinalize().

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit db8e08a5a4469f98ed5d9b0ff3189e356f53d924)

5 years agoramips: add support for ASUS RT-AC57U
David Bauer [Wed, 3 Jul 2019 12:50:14 +0000 (14:50 +0200)]
ramips: add support for ASUS RT-AC57U

SoC:   MediaTek MT7621AT
RAM:   128M (Winbond W631GG6KB-15)
FLASH: 16MB (Spansion S25FL128SA)
WiFi:  MediaTek MT7603EN bgn 2SS
WiFi:  MediaTek MT7612EN nac 2SS
BTN:   Reset - WPS
LED:    - Power
        - LAN {1-4}
        - WAN
        - WiFi 2.4 GHz
        - WiFi 5 GHz
        - USB
UART:  UART is present next to the Power LED.
       TX - RX - GND - 3V3 / 57600-8N1
       3V3 is the nearest one to the Power LED.

Installation
------------
Via TFTP:
1. Set your computers IP-Address to 192.168.1.75.
2. Power up the Router with the Reset button pressed.
3. Release the Reset button after 5 seconds.
4. Upload OpenWRT sysupgrade image via TFTP:
 > tftp -4 -v -m binary 192.168.1.1 -c put <IMAGE>

Via SSH:
Note: User/password for SSH is identical with the one used in the
Web-interface.
1. Complete the initial setup wizard.
2. Activate SSH under "Administration" -> "System".
3. Transfer the OpenWrt sysupgrade image via scp:
 > scp owrt.bin admin@192.168.1.1:/tmp
4. Connect via SSH to the router.
 > ssh admin@192.168.1.1
5. Write the OpenWrt image to flash.
 > mtd-write -i /tmp/owrt.bin -d linux
6. Reboot the router
 > reboot

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 14e0e4f138e35c3e2a15cc3a836c939547ee053b)

5 years agoath79: add support for devolo WiFi pro 1750x
David Bauer [Tue, 11 Jun 2019 15:27:51 +0000 (17:27 +0200)]
ath79: add support for devolo WiFi pro 1750x

Hardware
--------
CPU:   Qualcomm Atheros QCA9558
RAM:   128M DDR2
FLASH: 16MiB
ETH:   1x Atheros AR8035 (PoE in)
WiFi2: QCA9558 3T3R
WiFi5: QCA9880 3T3R
BTN:   1x Reset
LED:   1x LED Power (non-controllable)
       1x LED Status (internal)
       1x LED LAN (controlled by PHY)
       1x LED WLAN
BEEP:  1x GPIO attached piezo beeper
UART:  3.3V GND TX RX (115200-N-8) (3.3V is square pad)
       Header is located next to external-LED header.

Installation
------------
Make sure you set a password for the root user as prompted on first
setup!

1. Upload OpenWRT sysupgrade image via SSH to the device.
Use /tmp as the destination folder on the device.
User is root, password the one set in the web interface.

2. Install OpenWRT with

> sysupgrade -n -F /tmp/<openwrt-image-name>

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit cb3cd526948af3f69da1af18e035177a0a8f58e3)

5 years agoar71xx: enable SGMII fixup on Mikrotik wAP AC
Etienne Champetier [Sun, 14 Jul 2019 02:43:28 +0000 (19:43 -0700)]
ar71xx: enable SGMII fixup on Mikrotik wAP AC

fixes intermittent loss of connectivity on 1Gbit port, with log message:
> 803x_aneg_done: SGMII link is not ok

Thanks to David Bauer for pointing me in the right direction.
I just had to figure out the right bus_id, which you find in this log:
> ag71xx ag71xx.1: connected to PHY at gpio-1:00 [uid=004dd074,
  driver=Atheros 8031 ethernet]

Fixes FS#2236

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
[Wrapped commit message - Fixed whitespace erors]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 2a7519e29d6cbbe1eb73623ef35add0ef596fb5f)

5 years agomt7620: disable image generation for Netgear EX2700
Petr Štetiar [Sat, 20 Jul 2019 21:40:20 +0000 (23:40 +0200)]
mt7620: disable image generation for Netgear EX2700

Image generation is currently failing on builbots due to the following
error:

 WARNING: Image file [...] mt7620-ex2700-squashfs-factory.bin is too big

Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agox86: add modern network modules to Generic target
Alberto Bursi [Sun, 14 Jul 2019 01:11:00 +0000 (03:11 +0200)]
x86: add modern network modules to Generic target

Many Atom-based embedded/industrial x86 boards can't run 64bit operating
systems due to either processor or board firmware limitations, but they
have modern interfaces (PCIe) or have modern Intel gigabit controllers
onboard.  With the current default package selection for x86 Generic
target their network won't work.

Add the modern gigabit network modules needed or most likely going to be
used as add-in cards, similar to what is the list on x86_64 target.

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
[fixed whitespace issue]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit bb27cde2579b0273c464e5ccd3dda7d14e84fd23)

5 years agoath25: disable image generation for ubnt2 and ubnt5 devices
Petr Štetiar [Sat, 20 Jul 2019 06:57:23 +0000 (08:57 +0200)]
ath25: disable image generation for ubnt2 and ubnt5 devices

Image generations is currently failing on builbots due to the following
errors:

 mkfwimage -B XS2 -v XS2 [...] ath25-ubnt2-squashfs-sysupgrade.bin
 ERROR: Failed creating firmware layout description - error code: -2

 mkfwimage -B XS5 -v XS5 [...] ath25-ubnt5-squashfs-sysupgrade.bin
 ERROR: Failed creating firmware layout description - error code: -2

That cryptic -2 error simply means, that kernel+rootfs doesn't fit into
the firmware partition.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agogpio-button-hotplug: unify polled and interrupt code
David Bauer [Tue, 2 Jul 2019 21:57:18 +0000 (23:57 +0200)]
gpio-button-hotplug: unify polled and interrupt code

This patch unifies the polled and interrupt-driven gpio_keys code
paths as well implements consistent handling of the debounce
interval set for the GPIO buttons and switches.

Hotplug events will only be fired if

1. The input changes its state and remains stable for the duration
   of the debounce interval (default is 5 ms).

2. In the initial stable (no state-change for duration of the
   debounce interval) state once the driver module gets loaded.

   Switch type inputs will always report their stable state.
   Unpressed buttons will not trigger an event for the initial
   stable state. Whereas pressed buttons will trigger an event.
   This is consistent with upstream's gpio-key driver that uses
   the input subsystem (and dont use autorepeat).

Prior to this patch, this was handled inconsistently for interrupt-based
an polled gpio-keys. Hence this patch unifies the shared logic into the
gpio_keys_handle_button() function and modify both implementations to
handle the initial state properly.

The changes described in 2. ) . can have an impact on the
failsafe trigger. Up until now, the script checked for button
state changes. On the down side, this allowed to trigger the
failsafe by releasing a held button at the right time. On the
plus side, the button's polarity setting didn't matter.

Now, the failsafe will only engage when a button was pressed
at the right moment (same as before), but now it can
theoretically also trigger when the button was pressed the
whole time the kernel booted and well into the fast-blinking
preinit phase. However, the chances that this can happen are
really small. This is because the gpio-button module is usually
up and ready even before the preinit state is entered. So, the
initial pressed button event gets lost and most devices behave
as before.

Bisectors: If this patch causes a device to permanently go into
failsafe or experience weird behavior due to inputs, please
check the following:
 - the GPIO polarity setting for the button
 - the software-debounce value

Run-tested for 'gpio-keys' and 'gpio-keys-polled' on

 - devolo WiFi pro 1200e
 - devolo WiFi pro 1750c
 - devolo WiFi pro 1750x
 - Netgear WNDR4700
 - Meraki MR24
 - RT-AC58U

Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [further
cleanups, simplification and unification]
(cherry picked from commit 27f3f493de0610c74de2ea406641b256bfcc13a9)

5 years agogpio-button-hotplug: fix 4.19 build breakage on malta/be64
Petr Štetiar [Sat, 15 Jun 2019 09:28:05 +0000 (09:28 +0000)]
gpio-button-hotplug: fix 4.19 build breakage on malta/be64

While testing 4.19 build on malta/be64, I've encountered following
error:

 gpio-button-hotplug/gpio-button-hotplug.c:529:18: error: implicit
 declaration of function 'gpio_to_desc'

which is caused by the missing include fixed by this patch.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit dd6d82112a10796dd5aa0f9e9c76ec8e77e7e211)

5 years agoath79: Use -v1 suffix for TP-Link WDR3600/4300
Adrian Schmutzler [Sun, 16 Jun 2019 10:51:57 +0000 (12:51 +0200)]
ath79: Use -v1 suffix for TP-Link WDR3600/4300

In ath79, identifiers tplink_tl-wdr3600 and tplink_tl-wdr4300 have
been used while most other TP-Link devices include the revision.

Although there actually is only one major revision of these
devices, they bear the revision on their bottom (v1.x). TP-Link
also refers to the devices as V1 on its web page.

This patch thus adds -v1 to both so it is more consistent
with other devices and with what you would expect from reading
the on-device sticker and the support pages.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
5 years agoopenvpn: fix handling of list options
Matt Merhar [Sat, 22 Jun 2019 07:05:14 +0000 (03:05 -0400)]
openvpn: fix handling of list options

This addresses an issue where the list option specified in
/etc/config/openvpn i.e. 'tls_cipher' would instead show up in the
generated openvpn-<name>.conf as 'ncp-ciphers'. For context,
'ncp_ciphers' appears after 'tls_cipher' in OPENVPN_LIST from
openvpn.options.

Also, the ordering of the options in the UCI config file is now
preserved when generating the OpenVPN config. The two currently
supported list options deal with cipher preferences.

Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
(cherry picked from commit 1d4c4cbd20580dd211431ab58460a6eebd5e021e)

5 years agoath79: ar9330: add missing watchdog node
Petr Štetiar [Wed, 17 Jul 2019 13:19:54 +0000 (15:19 +0200)]
ath79: ar9330: add missing watchdog node

It was reported in FS#2385, that Carambola2 doesn't currently have
working watchdog so fix it by adding watchdog node.

Ref: FS#2385
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 0893f28e19afbd9d4081f59df10631d6ef02e0d7)

5 years agoiptables: update to 1.8.3
Deng Qingfang [Wed, 5 Jun 2019 20:24:44 +0000 (04:24 +0800)]
iptables: update to 1.8.3

Update iptables to 1.8.3

ChangeLog:
  https://netfilter.org/projects/iptables/files/changes-iptables-1.8.3.txt

Removed upstream patches:
- 001-extensions_format-security_fixes_in_libip.patch
- 002-include_fix_build_with_kernel_headers_before_4_2.patch
- 003-ebtables-vlan-fix_userspace_kernel_headers_collision.patch

Altered patches:
- 200-configurable_builtin.patch
- 600-shared-libext.patch

No notable size changes

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [lipibtc ABI_VERSION fix]
(cherry picked from commit 299f6cb2da0a443484339aaa51b3d9edcc21ce4e)

5 years agolibroxml: bump to the 3.0.2 version
Rafał Miłecki [Sun, 14 Jul 2019 20:24:54 +0000 (22:24 +0200)]
libroxml: bump to the 3.0.2 version

* Fix for memory leak regression
* Support for (un)escaping

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 430d65c544551f9af88cdc6f0b9c6c12364b28f9)

5 years agofstools: add direct dependencies on libblobmsg-json and libjson-c
Petr Štetiar [Sun, 14 Jul 2019 20:10:37 +0000 (22:10 +0200)]
fstools: add direct dependencies on libblobmsg-json and libjson-c

The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefore add all libraries linked by
block-mount and blockd as direct dependencies to the corresponding
binary package definition.

This ensures that block-mount and blockd is automatically rebuilt and
relinked if any of these libraries has its ABI_VERSION updated in the
future.

Fixes: FS#2373
[jow: similar fix for procd and 98.42% of commit message]
Signed-off-by: Jo-Philip Wich <jow@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit cbae306815bdfc335eeedc35dc5df3d2d4021a2a)

5 years agobusybox: strip off ALTERNATIVES spec
Yousong Zhou [Fri, 14 Jun 2019 01:49:42 +0000 (01:49 +0000)]
busybox: strip off ALTERNATIVES spec

Now that busybox is a known alternatives provider by opkg, we remove the
ALTERNATIVES spec and add a note to make the implicit situation clear

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry-picked from commit 62be427067ee3883b68bcfb08dfc0c43dce22fa3)

5 years agoopkg: bump to version 2019-06-14
Yousong Zhou [Fri, 14 Jun 2019 01:44:15 +0000 (01:44 +0000)]
opkg: bump to version 2019-06-14

Opkg starting from this version special-cases busybox as alternatives
provider.  There should be no need to add entries to ALTERNATIVES of
busybox package

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry-picked from commit e51b513f75d28306a744637b0fbe7fdd6e3fb813)

5 years agoar71xx: fix nand init issues on some rb2011 devices
Koen Vandeputte [Wed, 27 Mar 2019 09:36:41 +0000 (10:36 +0100)]
ar71xx: fix nand init issues on some rb2011 devices

While flashing lots of RB2011 devices, I noticed that
some of them refused to boot properly, failing over the NAND parameters.

Checking in detail shows that some device seem to use another NAND flash
which only support standard 2048-byte pages, without 512-byte subpage support.

This commit disables usage of these small subpage completely.

Advantages:
- Both NAND's with(out) subpage support are working now
- The nand speed increases a bit (measured roughly 1%) in typical usecases

Disadvantages:
- The maximum storage capacity decreases by ~0.2%
as small changes can consume a full page (2048 bytes) now.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: delete leftovers from unused kernel versions
Koen Vandeputte [Fri, 12 Jul 2019 07:35:23 +0000 (09:35 +0200)]
kernel: delete leftovers from unused kernel versions

Commit 000d400baa0a ("kernel: drop everything not on kernel version 4.14")
dropped everything not related to kernel 4.14, but forgot
to remove the parts in kernel-version.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.14 to 4.14.133
Koen Vandeputte [Wed, 10 Jul 2019 14:51:07 +0000 (16:51 +0200)]
kernel: bump 4.14 to 4.14.133

Refreshed all patches.

Fixes:

- CVE-2019-3900

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agomac80211: Do not build b43legacy on BRCM47xx mips74 subtarget
Hauke Mehrtens [Thu, 11 Jul 2019 23:12:11 +0000 (01:12 +0200)]
mac80211: Do not build b43legacy on BRCM47xx mips74 subtarget

b43legacy needs ssb support and we do not compile the mips74 subtarget
of the brcm47xx target with SSB support. This causes a build failure in
the mac80211 package and only some of the kernel modules are being
created.

I am not aware of any device with a BRCM47xx mips74 CPU which uses a
b43legacy compatible device.

Fixes: FS#2334
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e05310b9b80f944c718374b449b6fe48d06d412d)

5 years agokernel: cherry pick patch removing __linux__ check
Fredrik Olofsson [Thu, 4 Jul 2019 11:58:15 +0000 (13:58 +0200)]
kernel: cherry pick patch removing __linux__ check

This is already included in newer upstream. Needed to build BPF programs
using the MIPS kernel include files.

Without this patch, clang fails with "#error Use a Linux compiler or
give up." in sgidefs.h when building BPF programs.

Signed-off-by: Fredrik Olofsson <fredrik.olofsson@anyfinetworks.com>
(cherry-picked from commit 7d96c301d6afc9f360c26b404e435e8e03c1e207)

5 years agobase-files: Fix path check in get_mac_binary
Adrian Schmutzler [Mon, 8 Jul 2019 08:17:28 +0000 (10:17 +0200)]
base-files: Fix path check in get_mac_binary

Logic was inverted when changing from string check to file check.
Fix it.

Fixes: 8592602d0a88 ("base-files: Really check path in get_mac_binary")
Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 6ed3349308b24a6bac753643970a1f9f56ff6070)

5 years agokernel: bump 4.14 to 4.14.132
Koen Vandeputte [Tue, 9 Jul 2019 10:18:31 +0000 (12:18 +0200)]
kernel: bump 4.14 to 4.14.132

Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agowolfssl: Fix package hash
Hauke Mehrtens [Mon, 8 Jul 2019 14:55:14 +0000 (16:55 +0200)]
wolfssl: Fix package hash

Fixes: 3167a57f7262 ("wolfssl: update to 3.15.7, fix Makefile")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
5 years agonetsupport: move out mqprio from kmod-sched
Konstantin Demin [Fri, 28 Jun 2019 18:30:50 +0000 (21:30 +0300)]
netsupport: move out mqprio from kmod-sched

Currently, there's unable to install "kmod-sched-mqprio" after
"kmod-sched" (or vice versa), because "sch_mqprio.ko" is
shipped in both packages.

Fixes: f83522fa6361 ("linux: Add kmod-sched-mqprio")
Fixes: 6af639e0bf78 ("linux: Add kmod-sched-act-vlan")
Fixes: 72c7e2dc467c ("linux: Add kmod-sched-flower")
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
[Add cls_flower and act_vlan]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
5 years agowolfssl: update to 3.15.7, fix Makefile
Eneas U de Queiroz [Mon, 1 Jul 2019 16:39:59 +0000 (13:39 -0300)]
wolfssl: update to 3.15.7, fix Makefile

This includes a fix for a medium-level potential cache attack with a
variant of Bleichenbacher’s attack.  Patches were refreshed.
Increased FP_MAX_BITS to allow 4096-bit RSA keys.
Fixed poly1305 build option, and some Makefile updates.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 2792daab5ad26e916619052fc7f581cddc1ea53c)

5 years agobase-files: Really check path in get_mac_binary
Adrian Schmutzler [Thu, 4 Jul 2019 21:28:44 +0000 (23:28 +0200)]
base-files: Really check path in get_mac_binary

Currently, path argument is only checked for being not empty.

This changes behavior to actually check whether path exists.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
5 years agompc85xx: Use gzip compressed kernel on HiveAP-330
Pawel Dembicki [Thu, 4 Jul 2019 11:17:02 +0000 (13:17 +0200)]
mpc85xx: Use gzip compressed kernel on HiveAP-330

After commit 1e41de2f48 ("mpc85xx: convert TL-WDR4900 v1 to simpleImage")
XZ compression of zImage was enabled. This change exposed a problem with
the HiveAP-330 images, which was fixed by foregoing the compression on
the kernel altogether with commit 98089bb8ba8
("mpc85xx: Use uncompressed kernel on the HiveAP-330").

This patch adds back the gzip compression of the kernel image by
utilizing the generic OpenWRT uImage method instead of relying on
the PowerPC bootwrapper script that did it previously.

Compile-tested: p1020/hiveap-330

Tested-by: Chris Blake <chrisrblake93@gmail.com> [run-tested]
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[filled in even more text]

5 years agolantiq: enable STP where referenced
Mathias Kresin [Wed, 3 Jul 2019 07:23:35 +0000 (09:23 +0200)]
lantiq: enable STP where referenced

While moving common used parts to dtsi files, the was disabled by
default but not enabled for all boards using the STP.

Fixes: f519fea4c6db ("lantiq: kernel 4.14: cleanup dts files")

Reported-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
5 years agoar71xx: fix ath79/rb4xx IRQ initialization on kernel 4.14
W. Michael Petullo [Sun, 30 Jun 2019 00:06:20 +0000 (20:06 -0400)]
ar71xx: fix ath79/rb4xx IRQ initialization on kernel 4.14

Apply the same approach as in commit 3b53d6fdbc24 ("ar71xx: fix pci irq
init on kernel 4.14") to fix IRQ initialization for ath79-based chipsets
on rb4xx.

Ref: PR#2182
Acked-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: W. Michael Petullo <mike@flyn.org>
[commit ref fix]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8c7d6c47a7893db689e50e1917479ad07a96547a)

5 years agofstools: block-mount: fix restart of fstab service
Karel Kočí [Wed, 5 Jun 2019 11:18:41 +0000 (13:18 +0200)]
fstools: block-mount: fix restart of fstab service

Restarting service causes file-systems to be unmounted without being
mounted back. When this service was obsoleted it should have been
implemented in a way that all actions are ignored. Up to this commit
default handler was called when restart was requested. This default
handler just simply calls stop and start. That means that stop called
unmount but start just printed that this service is obsoleted.

This instead implements restart that just prints same message like start
does. It just calls start in reality. This makes restart unavailable for
call.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit 3ead9e7b743b1fbd3b07f5a72a16999abbec9347)

5 years agomvebu: Fix platform.sh for non-generic espressobin versions
Brett Mastbergen [Tue, 25 Jun 2019 20:03:48 +0000 (16:03 -0400)]
mvebu: Fix platform.sh for non-generic espressobin versions

When the non-generic espressobin targets were added these board checks
were not updated.   One side effect of this is that config is not saved
during an upgrade of -emmc,-v7, or -v7-emmc devices.

Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
(cherry picked from commit 95c1dc5e8678a1fd87234a4d77c8c6643703023c)

5 years agomvebu: fix regression for non-generic ESPRESSObin versions
Vladimir Vid [Fri, 7 Jun 2019 13:50:50 +0000 (15:50 +0200)]
mvebu: fix regression for non-generic ESPRESSObin versions

When targets for multiple ESPRESSObin devices were added, not all
files were updated which means any ESPRESSObin version beside generic
won't have proper networking, sysupgrade and uboot-env. This patch
fixes the issue.

* fixup network detection
* fixup uboot-env
* fixup platform.sh for sysupgrade

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
(cherry picked from commit bc47285cb3c0125424e628521f905f1f0d7b4cef)

5 years agomvebu: image: fix generic-arm64.bootscript mmc selection
Vladimir Vid [Fri, 7 Jun 2019 13:58:15 +0000 (15:58 +0200)]
mvebu: image: fix generic-arm64.bootscript mmc selection

Not all versions of ESPRESSObin require SD card, but can
be booted from the internal emmc flash (mmc dev 1) instead.
Add a simple check in the bootscript to see which mmc device
is detected and boot from it using mmcdev variable.

Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
(cherry picked from commit 008b41b9b0ddd4c5c877a769a85d27eb9c4e21a4)

5 years agobase-files: use OPENWRT prefix for os-release variables
Bjørn Mork [Tue, 25 Jun 2019 12:20:53 +0000 (14:20 +0200)]
base-files: use OPENWRT prefix for os-release variables

Just stumbled across this LEDE legacy, without finding any real reason
to keep it.  There is a single LEDE_DEVICE_MANUFACTURER_URL dependency
in the luci feed repo which needs to be syncronized.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
[re-added missing commit message]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8a34a54b6aa6e9a5e2983d554fd5b97bec97e891)

5 years agoramips: mt7621: add IRQ for GPIO node
Chuanhong Guo [Tue, 25 Jun 2019 15:19:41 +0000 (23:19 +0800)]
ramips: mt7621: add IRQ for GPIO node

This makes interrupt-based gpio-keys working.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit 110daa16e44bb53941a18396ab6a7d9fdd1fa362)

5 years agouqmi: bump to latest git HEAD
Koen Vandeputte [Thu, 20 Jun 2019 11:08:30 +0000 (13:08 +0200)]
uqmi: bump to latest git HEAD

1965c7139374 uqmi: add explicit check for message type when expecting a response
01944dd7089b uqmi_add_command: fixed command argument assignment

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 47986dc6ea1d643cd348501da09cd2e3ee2f9ee1)

5 years agokernel: bump 4.14 to 4.14.131
Koen Vandeputte [Thu, 27 Jun 2019 10:37:28 +0000 (12:37 +0200)]
kernel: bump 4.14 to 4.14.131

Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agolayerscape: drop pause frame support for aquantia phy
Yangbo Lu [Wed, 12 Jun 2019 06:11:32 +0000 (14:11 +0800)]
layerscape: drop pause frame support for aquantia phy

An aquantia phy patch which dropped pause frame support was
missing when integrated LSDK-19.03 kernel patches into OpenWrt.
Without this patch, LS1043A 10G port would not work. So apply it.

Patch link
https://source.codeaurora.org/external/qoriq/qoriq-components/
linux/commit/?h=linux-4.14&id=66346b115818365cfaf99d292871b19f0a1d2850

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
5 years agokernel: bump 4.14 to 4.14.130
Koen Vandeputte [Tue, 25 Jun 2019 10:54:12 +0000 (12:54 +0200)]
kernel: bump 4.14 to 4.14.130

Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoapm821xx: fix bogus key-presses on boot
Christian Lamparter [Sat, 15 Jun 2019 17:13:30 +0000 (19:13 +0200)]
apm821xx: fix bogus key-presses on boot

"There are often transient line events when
the system is powered up and initialized and it
is often necessary for the gpio_chip driver to
clear any interrupt flags in hardware before
setting up the gpio chip, especially the
irqchip portions of it."
<http://lists.infradead.org/pipermail/openwrt-devel/2019-June/017630.html>

This patch adds a fix for the APM821XX's interrupt
controller to clear any bogus pending toggled
interrupts that happens on various APM821XX boards
on boot.

The patch also changes the debouce-interval from the
default 5ms debounce interval to 60ms all around.
The default setting caused on occasions that the button
state became stuck in a pressed state, even though the
button was released.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
5 years agompc85xx: Use uncompressed kernel on the HiveAP-330
Chris Blake [Mon, 24 Jun 2019 11:32:45 +0000 (06:32 -0500)]
mpc85xx: Use uncompressed kernel on the HiveAP-330

It seems that newer builds of OpenWRT have a gzip kernel
larger than 2MB~, which for some reason fails to boot on this board.

However, we have 8MB of kernel space and currently the uncompressed
kernel is 6.5MB~, so we have some space to grow until a better
solution is worked out.

Before:
 ## Booting kernel from Legacy Image at ee840000 ...
  Image Name:   Linux-4.19.53
  Created:      2019-06-22  11:17:48 UTC
  Image Type:   PowerPC Linux Kernel Image (gzip compressed)
  Data Size:    2315724 Bytes =  2.2 MB
  Load Address: 00000000
  Entry Point:  00000000
  Verifying Checksum ... OK
 ## Loading init Ramdisk from Legacy Image at 02000000 ...
  Image Name:   OpenWrt fake ramdisk
  Created:      2019-06-22  11:17:48 UTC
  Image Type:   PowerPC Linux RAMDisk Image (uncompressed)
  Data Size:    0 Bytes =  0 kB
  Load Address: 00000000
  Entry Point:  00000000
  Verifying Checksum ... OK
 ## Flattened Device Tree blob at ec000000
  Booting using the fdt blob at 0xec000000
  Uncompressing Kernel Image ... Error: Bad gzipped data
  GUNZIP: uncompress, out-of-mem or overwrite error -
must RESET board to recover
  Loading Ramdisk to 10000000, end 10000000 ... OK
  Loading Device Tree to 00ffa000, end 00fffc78 ... OK
  ft_fixup_l2cache: FDT_ERR_NOTFOUND

After:
 ## Booting kernel from Legacy Image at ee840000 ...
  Image Name:   POWERPC OpenWrt Linux-4.19.53
  Created:      2019-06-22  11:17:48 UTC
  Image Type:   PowerPC Linux Kernel Image (uncompressed)
  Data Size:    6724584 Bytes =  6.4 MB
  Load Address: 00000000
  Entry Point:  00000000
  Verifying Checksum ... OK
 ## Loading init Ramdisk from Legacy Image at 02000000 ...
  Image Name:   OpenWrt fake ramdisk
  Created:      2019-06-22  11:17:48 UTC
  Image Type:   PowerPC Linux RAMDisk Image (uncompressed)
  Data Size:    0 Bytes =  0 kB
  Load Address: 00000000
  Entry Point:  00000000
  Verifying Checksum ... OK
 ## Flattened Device Tree blob at ec000000
  Booting using the fdt blob at 0xec000000
  Loading Kernel Image ... OK
  OK
  Loading Ramdisk to 10000000, end 10000000 ... OK
  Loading Device Tree to 00ffa000, end 00fffc78 ... OK

Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [75 cpl limit]