librecmc/librecmc.git
5 years agorpcd: update to latest Git HEAD
Jo-Philipp Wich [Sun, 8 Sep 2019 16:48:15 +0000 (18:48 +0200)]
rpcd: update to latest Git HEAD

69eeb1b file: refactor message parsing and permission checking
f65527a iwinfo: expose all rate info fields in assoclist reply
7fec636 sys: fix symbol redeclaration
27c24c7 rpcd: sys: actually move timespec declaration
345363b file: add remove operation
604db20 rpcd: Switch to nanosleep

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 2f9f8769e334d2e8d0bac4edadbcf6bcdd229519)

5 years agofwtool: do not omit final 16 byte when image does not contain signature
Jo-Philipp Wich [Thu, 17 Oct 2019 14:59:11 +0000 (16:59 +0200)]
fwtool: do not omit final 16 byte when image does not contain signature

The fwutil command will interpret the final 16 byte of a given firmware
image files as "struct fwimage_trailer".

In case these bytes do look like a valid trailer, we must ensure that we
print them out along with the remainder of the image to not accidentally
truncate non-trailer-images by 16 bytes when they're piped through fwtool,
e.g. as part of an image verification command sequence.

Some command sequences pipe images through fwtool in order to strip any
possible metadata, certificate or signature trailers and do not expect
bare images without any of that metadata to get truncated as other non-
fwtool specific metadata is expected at the end of the file, e.g. an
information block with an md5sum in case of the combined image format.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 889b841048c5eb7f975135cab363f1fdd9b6cfa1)

5 years agoiwinfo: update to latest Git HEAD
Jo-Philipp Wich [Wed, 16 Oct 2019 14:48:40 +0000 (16:48 +0200)]
iwinfo: update to latest Git HEAD

07315b6 nl80211: handle hidden SSIDs in wpa_supplicant scan results
3ac846e lua: fix string description of mixed WPA3 modes

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit bc61458b73c04f900c358be8b7ed37c84298472a)

5 years agoBump v1.5.0 to RC3
RISCi_ATOM [Tue, 15 Oct 2019 17:35:05 +0000 (13:35 -0400)]
Bump v1.5.0 to RC3

5 years agoBump kernel to 4.14.149 w/ Patch refresh
RISCi_ATOM [Tue, 15 Oct 2019 17:03:05 +0000 (13:03 -0400)]
Bump kernel to 4.14.149 w/ Patch refresh

5 years agogdb: bump to 8.3.1
Koen Vandeputte [Mon, 14 Oct 2019 15:37:28 +0000 (17:37 +0200)]
gdb: bump to 8.3.1

GDB 8.3.1 brings the following fixes and enhancements over GDB 8.3:

PR c++/20020 (GDB segfault on printing objects)
PR gdb/24454 (nat/x86-linux-dregs.c failed assertion)
PR breakpoints/24541 (Incorrect evaluation of systemtap probes due to register being signed and probe expression assuming unsigned)
PR symtab/24545 (Symbol loading performance regression with cc1)
PR gdb/24592 (amd64->i386 linux syscall restart problem)
PR gdb/25009 (terminate called after throwing an instance of 'srchilite::ParserException')
PR gdb/25010 (Calls to error () can cause SIGTTOU to send gdb to the background)
PR breakpoints/25011 (Breakpoints on file reloads broken for PIE binaries)

This corrective release also brings the following testsuite fixes and
enhancements:

PR testsuite/25005 (gdb-caching-proc.exp takes a lot of time on skip_opencl_tests)
PR testsuite/25016 (Test-case failures for -pie)

GDB 8.3 includes the following changes and enhancements:

* Support for new native configurations (also available as a target configuration):
     - RISC-V GNU/Linux (riscv*-*-linux*)
     - RISC-V FreeBSD (riscv*-*-freebsd*)

* Support for new target configurations:
     - CSKY ELF (csky*-*-elf)
     - CSKY GNU/Linux (csky*-*-linux)
     - NXP S12Z ELF (s12z-*-elf)
     - OpenRISC GNU/Linux (or1k*-*-linux*)

* Native Windows debugging is only supported on Windows XP or later.

* The Python API in GDB now requires Python 2.6 or later.

* GDB now supports terminal styling for the CLI and TUI.
  Source highlighting is also supported by building GDB with GNU
  Highlight.

* Experimental support for compilation and injection of C++ source
  code into the inferior (requires GCC 7.1 or higher, built with
  libcp1.so).

* GDB and GDBserver now support IPv6 connections.

* Target description support on RISC-V targets.

* Various enhancements to several commands:
     - "frame", "select-frame" and "info frame" commands
     - "info functions", "info types", "info variables"
     - "info thread"
     - "info proc"
     - System call alias catchpoint support on FreeBSD
     - "target remote" support for Unix Domain sockets.

* Support for displaying all files opened by a process

* DWARF index cache: GDB can now automatically save indices of DWARF
  symbols on disk to speed up further loading of the same binaries.

* Various GDB/MI enhancements.

* GDBserver on PowerPC GNU/Linux now supports access to the PPR,
  DSCR, TAR, EBB/PMU, and HTM registers.

* Ada task switching support when debugging programs built with
  the Ravenscar profile added to aarch64-elf.

* GDB in batch mode now exits with status 1 if the last executed
  command failed.

* Support for building GDB with GCC's Undefined Behavior Sanitizer.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agotoolchain/gdb: bump to 8.3.1
Koen Vandeputte [Mon, 14 Oct 2019 14:09:08 +0000 (16:09 +0200)]
toolchain/gdb: bump to 8.3.1

GDB 8.3.1 brings the following fixes and enhancements over GDB 8.3:

PR c++/20020 (GDB segfault on printing objects)
PR gdb/24454 (nat/x86-linux-dregs.c failed assertion)
PR breakpoints/24541 (Incorrect evaluation of systemtap probes due to register being signed and probe expression assuming unsigned)
PR symtab/24545 (Symbol loading performance regression with cc1)
PR gdb/24592 (amd64->i386 linux syscall restart problem)
PR gdb/25009 (terminate called after throwing an instance of 'srchilite::ParserException')
PR gdb/25010 (Calls to error () can cause SIGTTOU to send gdb to the background)
PR breakpoints/25011 (Breakpoints on file reloads broken for PIE binaries)

This corrective release also brings the following testsuite fixes and
enhancements:

PR testsuite/25005 (gdb-caching-proc.exp takes a lot of time on skip_opencl_tests)
PR testsuite/25016 (Test-case failures for -pie)

GDB 8.3 includes the following changes and enhancements:

* Support for new native configurations (also available as a target configuration):
     - RISC-V GNU/Linux (riscv*-*-linux*)
     - RISC-V FreeBSD (riscv*-*-freebsd*)

* Support for new target configurations:
     - CSKY ELF (csky*-*-elf)
     - CSKY GNU/Linux (csky*-*-linux)
     - NXP S12Z ELF (s12z-*-elf)
     - OpenRISC GNU/Linux (or1k*-*-linux*)

* Native Windows debugging is only supported on Windows XP or later.

* The Python API in GDB now requires Python 2.6 or later.

* GDB now supports terminal styling for the CLI and TUI.
  Source highlighting is also supported by building GDB with GNU
  Highlight.

* Experimental support for compilation and injection of C++ source
  code into the inferior (requires GCC 7.1 or higher, built with
  libcp1.so).

* GDB and GDBserver now support IPv6 connections.

* Target description support on RISC-V targets.

* Various enhancements to several commands:
     - "frame", "select-frame" and "info frame" commands
     - "info functions", "info types", "info variables"
     - "info thread"
     - "info proc"
     - System call alias catchpoint support on FreeBSD
     - "target remote" support for Unix Domain sockets.

* Support for displaying all files opened by a process

* DWARF index cache: GDB can now automatically save indices of DWARF
  symbols on disk to speed up further loading of the same binaries.

* Various GDB/MI enhancements.

* GDBserver on PowerPC GNU/Linux now supports access to the PPR,
  DSCR, TAR, EBB/PMU, and HTM registers.

* Ada task switching support when debugging programs built with
  the Ravenscar profile added to aarch64-elf.

* GDB in batch mode now exits with status 1 if the last executed
  command failed.

* Support for building GDB with GCC's Undefined Behavior Sanitizer.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 942f020bf4d0f49e4c5586a59ddf21c00e9d8bbe)

5 years agotoolchain/musl: bump to version 1.1.24
Koen Vandeputte [Mon, 14 Oct 2019 12:51:23 +0000 (14:51 +0200)]
toolchain/musl: bump to version 1.1.24

1.1.24 release notes

new features:
- GLOB_TILDE extension to glob
- non-stub catgets localization API, using netbsd binary catalog format
- posix_spawn file actions for [f]chdir (extension, pending future standard)
- secure_getenv function (extension)
- copy_file_range syscall wrapper (Linux extension)
- header-level support for new linux features in 5.2

performance:
- new fast path for lrint (generic C version) on 32-bit archs

major internal changes:
- functions involving time are overhauled to be time64-ready in 32-bit archs
- x32 uses the new time64 code paths to replace nasty hacks in syscall glue

compatibility & conformance:
- support for powerpc[64] unaligned relocation types
- powerpc[64] and sh sys/user.h no longer clash with kernel asm/ptrace.h
- select no longer modifies timeout on failure (or at all)
- mips64 stat results are no longer limited to 32-bit time range
- optreset (BSD extension) now has a public declaration
- support for clang inconsistencies in wchar_t type vs some 32-bit archs
- mips r6 syscall asm no longer has invalid lo/hi register clobbers
- vestigial asm declarations of __tls_get_new are removed (broke some tooling)
- riscv64 mcontext_t mismatch glibc's member naming is corrected

bugs fixed:
- glob failed to match broken symlinks consistently
- invalid use of interposed calloc to allocate initial TLS
- various dlsym symbol resolution logic errors
- semctl with SEM_STAT_ANY didn't work
- pthread_create with explicit scheduling was subject to priority inversion
- pthread_create failure path had data race for thread count
- timer_create with SIGEV_THREAD notification had data race getting timer id
- wide printf family failed to support l modifier for float formats

arch-specific bugs fixed:
- x87 floating point stack imbalance in math asm (i386-only CVE-2019-14697)
- x32 clock_adjtime, getrusage, wait3, wait4 produced junk (struct mismatches)
- lseek broken on x32 and mipsn32 with large file offsets
- riscv64 atomics weren't compiler barriers
- riscv64 atomics had broken asm constraints (missing earlyclobber flag)
- arm clone() was broken when compiled as thumb if start function returned
- mipsr6 setjmp/longjmp did not preserve fpu register state correctly

Refreshed all patches.
Removed upstreamed.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoiwinfo: update to latest Git HEAD
Jo-Philipp Wich [Tue, 15 Oct 2019 13:51:11 +0000 (15:51 +0200)]
iwinfo: update to latest Git HEAD

a29b7d4 nl80211: align path to phy mapping logic with mac80211.sh

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 57b834281b586839b5e2cb00d7907de50c68ebcc)

5 years agoFix LINUX_KERNEL_HASH-4.14.148 in include/kernel-version.mk
RISCi_ATOM [Tue, 15 Oct 2019 16:47:22 +0000 (12:47 -0400)]
Fix LINUX_KERNEL_HASH-4.14.148 in include/kernel-version.mk

5 years agoBump kernel to 4.14.148 + patch refresh and patches from upstream : c4b514b2003687c4d...
RISCi_ATOM [Tue, 15 Oct 2019 16:45:38 +0000 (12:45 -0400)]
Bump kernel to 4.14.148 + patch refresh and patches from upstream : c4b514b2003687c4d8fb532423afe095e40b6f9c

5 years agoiwinfo: update to latest Git HEAD
Jo-Philipp Wich [Fri, 20 Sep 2019 11:32:49 +0000 (13:32 +0200)]
iwinfo: update to latest Git HEAD

Contains following updates squashed from 3 bump commits in master:

02112f9 cli: fix reporting of mixed WPA2/WPA3 versions
7faeaea nl80211: properly detect WEP encryption in wpa_supp scan results
629b5ff nl80211: do not confuse open connections with WEP ones
3d47ddd nl80211: rework hostapd and wpa_supplicant wpa suite parsing
313e827 nl80211: keep awaiting wpa_supplicant scan results on busy response
a766751 nl80211: fix parsing of mixed wpa encryption in wpa_supp scan results
f096bfd utils: support parsing SAE and OWE key management suites from IEs
2a95086 nl80211: recognize SAE encrypted mesh

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agobuild: adjust gcc/g++ version checks for newer apple compilers
Felix Fietkau [Thu, 10 Oct 2019 11:42:56 +0000 (13:42 +0200)]
build: adjust gcc/g++ version checks for newer apple compilers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 46a129194de0f9e2f71b6526634569e1ec802504)

5 years agobuild: fix xconfig target
leo chung [Fri, 20 Sep 2019 05:33:58 +0000 (13:33 +0800)]
build: fix xconfig target

`make xconfig` fails with following linking error of qconf binary:

 g++ -lQt5Widgets -lQt5Gui -lQt5Core -o qconf qconf.o zconf.tab.o
 /usr/bin/ld: qconf.o: in function ConfigList::metaObject() const': qconf.cc:(.text+0x3eb): undefined reference to QObjectData::dynamicMetaObject() const'
 /usr/bin/ld: qconf.o: in function `ConfigList::qt_metacast(char const*)': link error.

which is caused by the wrong order of the linked objects/libraries so
this patch reorders the linker's arguments which makes the qconf compile
again.

Signed-off-by: leo chung <gewalalb@gmail.com>
[commit subject and message tweaks, whitespace fix]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b2c55d50f8aeb21ef4cd3948034a158f7dd743c2)

5 years agobuild: fix host menu config targets using ncurses
Petr Štetiar [Fri, 20 Sep 2019 12:54:56 +0000 (14:54 +0200)]
build: fix host menu config targets using ncurses

On a recent Gentoo Linux installation, invoking `make menuconfig`, `make
kernel_menuconfig` or `make kernel_nconfig` in the build system fails,
whereas for example `make menuconfig` in the kernel tree alone works as
expected.

This is happening because STAGING_PREFIX is not defined when kernel's
{menu,n}config target calls pkg-config from the toolchain/host and thus
pkg-config returns an empty value, and the fallback values in the kernel
config script are applied but those are off and the linking fails.

Solution is to use system's pkg-config for all ncurses based menu config
targets in order to provide proper compiler/linker flags.

Ref: FS#2423
Cc: Thomas Albers <thomas.gameiro@gmail.com>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 965f341aa9fdb6e07d509d02a6ca188af050292a)

5 years agokernel: Fix off-by-one error in FIT mtd partition search.
Oldřich Jedlička [Wed, 25 Sep 2019 19:45:42 +0000 (21:45 +0200)]
kernel: Fix off-by-one error in FIT mtd partition search.

This fixes off-by-one error introduced in commit dc76900021b8
("kernel: Correctly search for the FIT image in mtd partition.")

Function `mtd_read` starts reading at `offset` and
needs `hdr_len` number of bytes to be available. Suppose
the easiest case when `offset` is `0` and `hdr_len` equals
to `mtd->size` - the `for` loop will not be entered even
when enough bytes are available to be read.

Same happens for any non-zero `offset`, when `hdr_len` is
just enough bytes to be read until `mtd->size` is reached.
Imagine that for example `mtd->size=5`, `offset=4` and
`hdr_len=1`. Then `offset+hdr_len=5` and the check has to
be `offset+hdr_len <= mtd->size`, i.e. `5 <= 5`. The
check for `offset + hdr_len` value needs to be inclusive,
therefore use `<=`.

Fixes: dc76900021b8 ("kernel: Correctly search for the FIT image in mtd partition.")
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
[adjusted commit ref, fixes tag]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit e0ce80d42ace6feba509da16795ab0eb81cf5bf4)

5 years agokernel: Correctly search for the FIT image in mtd partition.
Fredrik Olofsson [Wed, 4 Sep 2019 08:41:22 +0000 (10:41 +0200)]
kernel: Correctly search for the FIT image in mtd partition.

Previously all iterations of the loop checked offset=0 in the partition.

Signed-off-by: Fredrik Olofsson <fredrik.olofsson@anyfinetworks.com>
(cherry picked from commit dc76900021b880820adf981bb7b1cf5ff3ffe1fd)

5 years agobuild: make device tree arg really optional in mkits.sh
Johann Neuhauser [Mon, 16 Sep 2019 09:42:49 +0000 (11:42 +0200)]
build: make device tree arg really optional in mkits.sh

If no device tree is given there is no node generated, but
the configuration does still include the name of the missing node.
This will result in a successful build fit image, but bootm does
throw a error message if we want to boot the bad configuration.

Signed-off-by: Johann Neuhauser <jneuhauser@dh-electronics.com>
(cherry picked from commit 205e0939f0a141a1524d94eaf84407ddcb6a1a09)

5 years agokernel: add missing symbol when enabling PTP support
Koen Vandeputte [Fri, 4 Oct 2019 11:48:12 +0000 (13:48 +0200)]
kernel: add missing symbol when enabling PTP support

Discovered by enabling PTP_1588_CLOCK:

net/sched/Kconfig:44: warning: menuconfig statement without prompt
*
* Restart config...
*
*
* PTP clock support
*
PTP clock support (PTP_1588_CLOCK) [Y/n/?] y
Driver for the National Semiconductor DP83640 PHYTER (DP83640_PHY) [N/m/y/?] (NEW)

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agotreewide: remove 4.19 leftovers
Koen Vandeputte [Fri, 4 Oct 2019 09:27:35 +0000 (11:27 +0200)]
treewide: remove 4.19 leftovers

19.07 branch focuses on kernel 4.14
so remove all remaining 4.19 configs

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoBump Wireguard to 0.0.20190913 v1.5.0-rc2
RISCi_ATOM [Tue, 1 Oct 2019 20:54:53 +0000 (16:54 -0400)]
Bump Wireguard to 0.0.20190913

5 years agoBump libreCMC version to v1.5.0-rc2
RISCi_ATOM [Mon, 30 Sep 2019 12:01:20 +0000 (08:01 -0400)]
Bump libreCMC version to v1.5.0-rc2

5 years agobase-files: use get_mac_binary() in mtd_get_mac_binary_ubi()
Adrian Schmutzler [Thu, 5 Sep 2019 11:29:37 +0000 (13:29 +0200)]
base-files: use get_mac_binary() in mtd_get_mac_binary_ubi()

The actual retrieval of the MAC address in mtd_get_mac_binary_ubi()
is the same as in get_mac_binary(). Thus, use the latter function
in the former to reduce duplicate code.

This will also allow to benefit from the enhanced path check there
and bring mtd_get_mac_binary_ubi() more in line with the similar
mtd_get_mac_binary().

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 45600124fcbd14ece6e289cb59b318ea44c598fe)

5 years agoar71xx: sysupgrade: accept ath79 combined-image
Tomasz Maciej Nowak [Fri, 23 Aug 2019 13:50:48 +0000 (15:50 +0200)]
ar71xx: sysupgrade: accept ath79 combined-image

There is md5 sum of whole image embedded in combined-image header which
is checked on sysupgrade. The check will fail for ath79 images which
may have embedded metadata. This is because metadata are appended after
the combined image is created. To allow smooth transition from ar71xx to
ath79, strip metadata before calculating md5 sum for whole image.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(cherry picked from commit 8b4109c2b4d60495d046157d1baca9b1cdbf8dc8)

5 years agoath79: dts: fix ja76pf2 spi frequency
Tomasz Maciej Nowak [Fri, 23 Aug 2019 13:50:46 +0000 (15:50 +0200)]
ath79: dts: fix ja76pf2 spi frequency

The frequency was filled acording the information from datasheet for
particular chip (Winbond 25Q128BVFG). Unfortunately this led to
coruption and introduced bad blocks on the chip. Reducing the frequency
to commonly used in ath79, made the board more stable and no new bad
blocks were spoted.

Fixes: b3a0c97 ("ath79: add support for jjPlus JA76PF2")
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(cherry picked from commit c1db564cbc7cad88606f3caedf81d07b0a60931f)

5 years agoath79: Restore GL.iNet GL-AR300M-Lite first-boot connectivity
Jeff Kletsky [Sat, 28 Sep 2019 17:39:58 +0000 (10:39 -0700)]
ath79: Restore GL.iNet GL-AR300M-Lite first-boot connectivity

The relationship between GMAC0 and GMAC1 and the kernel devices
eth0 and eth1 was reversed for many ath79 devices by commit 8dde11d521
ath79: dts: drop "simple-mfd" for gmacs in SoC dtsi

The GL-AR300M-Lite is a single-port device, with the "LAN" port of the
GL-AR300M board unpopulated and its sole port now referenced as eth1,
as a result of commit 8dde11d521. The device was unreachable on
first boot or fresh config.

By changing &eth1 (GMAC1) to an MFD, GMAC0 is able to associate with
the phy and is known by the kernel as "eth0".

Thanks to Chuanhong Guo for the suggestion of "simple-mfd"

Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
(cherry picked from commit b90ea19860853dd538e704e3e4402686c316e43c)

5 years agoath79: Correct glinet, gl-ar300m-lite in 02_network
Jeff Kletsky [Sat, 28 Sep 2019 17:39:57 +0000 (10:39 -0700)]
ath79: Correct glinet, gl-ar300m-lite in 02_network

Previously, the board name for the GL-AR300M-Lite was incorrect
in 02_network, resulting in an unintended, fall-through condition
when initializing the network configuration.

While builds prior to commit 8dde11d521 (merged June 5, 2019)
    ath79: dts: drop "simple-mfd" for gmacs in SoC dtsi
functioned properly, the error was noted in resolving first-boot
connectivity issues related to the single-phy nature of the device
and the "swap" of eth0 and eth1 related to that commit.

Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
(cherry picked from commit 549ea4dc1878d95ee2b752b8840d75a64a67b679)

5 years agokernel: port upstream nft_flow_offload changes to xt_FLOWOFFLOAD and fix routing...
Felix Fietkau [Wed, 25 Sep 2019 14:45:05 +0000 (16:45 +0200)]
kernel: port upstream nft_flow_offload changes to xt_FLOWOFFLOAD and fix routing issues

Replace an old cleanup patch that never made it upstream with the proper
upstream fix. This patch was incompatible with the recent changes that
affected the way that the flow tuple dst entry was used.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commits 442ecce76169d and c8933ce533656)

5 years agonetfilter: fix crash in flow offload by adding netns support
HsiuWen Yen [Thu, 20 Jun 2019 16:44:42 +0000 (00:44 +0800)]
netfilter: fix crash in flow offload by adding netns support

Commit fcb41decf6c6 ("config: enable some useful features on
!SMALL_FLASH devices") enabled netns, which in turn lead to the crash in
the flow offload target.

When the flow offloading framework intends to delete a flow from the
hardware table, it is necessary to retrieve the namespace from
nf_flowtable->ft_net. However, no one ever wrote the namespace into
nf_flowtable->ft_net in advance. So the framework will mistakenly use a
NULL namespace to execute dev_get_by_index_rcu(net, ifindex), leading to
the kernel panic.

Ref: FS#2321
Fixes: fcb41decf6c6 ("config: enable some useful features on !SMALL_FLASH devices")
Tested-by: Simon Tretter <simon@mediaarchitectu.re>
Signed-off-by: HsiuWen Yen <y.hsiuwen@gmail.com>
[merged patch into offload patch, fix for 4.19, SOB fix, commit subj/msg touches]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry-picked from commit d344591e72e5ca96a2bf70a2df38961553185ce8)

5 years agokernel: add disable_eap_hack sysfs attribute
Etienne Champetier [Wed, 4 Sep 2019 17:15:51 +0000 (10:15 -0700)]
kernel: add disable_eap_hack sysfs attribute

We are not sure if 640-bridge-only-accept-EAP-locally.patch is still needed
as a first step, add disable_eap_hack sysfs config to allow to disable it

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 7d542dc8047d276517b296132926e722004065e0)

5 years agoopenssl: bump to 1.1.1d
Eneas U de Queiroz [Tue, 17 Sep 2019 13:52:11 +0000 (10:52 -0300)]
openssl: bump to 1.1.1d

This version fixes 3 low-severity vulnerabilities:

- CVE-2019-1547: ECDSA remote timing attack
- CVE-2019-1549: Fork Protection
- CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
 CMS_decrypt_set1_pkey

Patches were refreshed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit d868d0a5d7e1d76bb1a8980346d222fae55fa18b)

5 years agoath79: remove invalid uses of ath9k_patch_fw_mac_crc
Adrian Schmutzler [Wed, 18 Sep 2019 15:11:06 +0000 (17:11 +0200)]
ath79: remove invalid uses of ath9k_patch_fw_mac_crc

Some ar9344-based devices are using ath9k_patch_fw_mac_crc, which
is meant to generate a checksum, for fixing their ath9k MAC
addresses.
However, those do not have a checksum field, and the calculated
checksum offset would be negative.

This patch will use ath9k_patch_fw_mac function for those devices.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit f8d8b3f85d70a85d4fabc9b8ed4dbc8020be0523)

5 years agohostapd: Fix AP mode PMF disconnection protection bypass
Hauke Mehrtens [Fri, 20 Sep 2019 20:20:16 +0000 (22:20 +0200)]
hostapd: Fix AP mode PMF disconnection protection bypass

This fixes
* CVE-2019-16275 AP mode PMF disconnection protection bypass
https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a6981604b30bc1ddc1713b368fe853d89c2ba40d)

5 years agouClibc++: Remove faulty patch
Rosen Penev [Fri, 20 Sep 2019 00:39:15 +0000 (17:39 -0700)]
uClibc++: Remove faulty patch

This patch was originally added to fix compilation with v4l2rtspserver.
Turns out it was v4l2rtspserver that was broken, not uClibc++. This now
causes issues with a different package where the arguments are being
split.

Note that with this patch, shellcheck throws an error:

SC2068: Double quote array expansions to avoid re-splitting elements.

More: https://github.com/openwrt/packages/pull/9972#discussion_r324878373

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 977a8fc5fc2e1be6d159b2d9e1c617826b5d9701)

5 years agombedtls: update to 2.16.3
Magnus Kroken [Wed, 18 Sep 2019 19:22:16 +0000 (21:22 +0200)]
mbedtls: update to 2.16.3

Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch,
the issue has been fixed upstream.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit 49d96ffc5c47e40b7f3d99a91a42ea8a54a38bd9)

5 years agoBump kernel to 4.14.146
RISCi_ATOM [Tue, 24 Sep 2019 20:25:16 +0000 (16:25 -0400)]
Bump kernel to 4.14.146

5 years agoprocd: fix invalid JSON filter expression in procd_running()
Jo-Philipp Wich [Thu, 19 Sep 2019 05:16:49 +0000 (07:16 +0200)]
procd: fix invalid JSON filter expression in procd_running()

Since service and instance names may contain characters which are not allowed
in JSON path labels, such as dashes or spaces, change the filter expression
to array square bracket notation to properly match these cases as well.

Fixes: 2c3dd70741 ("procd: add procd_running() helper for checking running state")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c933b6d22478c1113629ef549beea6337f978d62)

5 years agofirewall: update to latest Git HEAD
Jo-Philipp Wich [Wed, 18 Sep 2019 09:01:29 +0000 (11:01 +0200)]
firewall: update to latest Git HEAD

383eb58 ubus: do not overwrite ipset name attribute
c26f890 firewall3: fix typo that affects ICMPv6 rules with numeric icmp_type
487bd0d utils: Fix string format message
4d0c703 firewall3: Fix some format string problems
8c404ef iptables.c: lock the xtables.lock
c1d3a4d utils: implement fw3_lock_path() & fw3_unlock_path()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[cherry picked and squashed from commits
 7db655991443a98f84e4c39e733232d41d2d6137,
 359bff605244c2cf2bff75bce0f0b16b496a6a77,
 2cf209ce9166575d8259b5b4176ee91d8b48d2ff,
 5ef9e4f107a94c502908403fdf56cf6bcdc08dd2]
Ref: https://forum.openwrt.org/t/fw3-ipset-procd-objects/44044
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agoAdd hnsd from LTS
RISCi_ATOM [Wed, 18 Sep 2019 02:15:06 +0000 (22:15 -0400)]
Add hnsd from LTS

5 years agoPull fix drop-legacy-IRQ-code patch, pull from upstream
RISCi_ATOM [Tue, 17 Sep 2019 14:24:26 +0000 (10:24 -0400)]
Pull fix drop-legacy-IRQ-code patch, pull from upstream

5 years agoar71xx: fix typo in platform_do_upgrade_compex()
Rafał Miłecki [Mon, 16 Sep 2019 04:59:09 +0000 (06:59 +0200)]
ar71xx: fix typo in platform_do_upgrade_compex()

Fixes: a71742882855 ("treewide: use new procd sysupgrade $UPGRADE_BACKUP variable")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 63d611390c4d34a838e744e278529f30f9d2cc20)

5 years agotreewide: sysupgrade: use $UPGRADE_BACKUP to check for backup
Rafał Miłecki [Fri, 6 Sep 2019 05:10:54 +0000 (07:10 +0200)]
treewide: sysupgrade: use $UPGRADE_BACKUP to check for backup

Now that $UPGRADE_BACKUP is set conditionally there is no need to check
the $UPGRADE_OPT_SAVE_CONFIG anymore. All conditions can be simplified.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a858db313687ddfa6ed1ddba76bd74844a7b89dc)

5 years agoprocd: update to the latest git HEAD
Rafał Miłecki [Wed, 11 Sep 2019 07:03:36 +0000 (09:03 +0200)]
procd: update to the latest git HEAD

b8238df sysupgrade: support "backup" attribute

This update requires "sysupgrade" method callers to pass "backup"
attribute if $UPGRADE_BACKUP is used in the project.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9785a9121d2d7a0a25bcd2924ee78fafada056da)

5 years agobase-files: sysupgrade: pass "backup" ubus attribute
Rafał Miłecki [Fri, 6 Sep 2019 05:10:52 +0000 (07:10 +0200)]
base-files: sysupgrade: pass "backup" ubus attribute

This explicitly tells procd what backup file should be used during
sysupgrade (if any). It's much more generic this way compared to the
magic /tmp/sysupgrade.tgz file that had to be created before a call.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c5223b26a40ae61fc7750bf865464048af328ab1)

5 years agoodhcpd: retry failed PD assignments on addrlist change
Hans Dedecker [Sun, 15 Sep 2019 18:49:34 +0000 (20:49 +0200)]
odhcpd: retry failed PD assignments on addrlist change

88d9ab6 dhcpv6: retry failed PD assignments on addrlist change

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agoscripts/feeds: fix accepting "-" in feed type string
Felix Fietkau [Sun, 15 Sep 2019 17:53:17 +0000 (19:53 +0200)]
scripts/feeds: fix accepting "-" in feed type string

Fixes a syntax error in processing the type src-git-full

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 years agoath79: fix UniFi AC LED mapping
David Bauer [Fri, 6 Sep 2019 22:43:19 +0000 (00:43 +0200)]
ath79: fix UniFi AC LED mapping

The UniFi AC LED mapping is currently off. The blue/white LED are used
as WiFi indicators, while the vendor firmware does not feature WiFI
LEDs.

Instead, the LEDs are used to indicate the devices status. Align the LED
mapping to match the vendor firmware as good as possible.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 18fa749df8bd9fe292c93f60ddd3fb963a78274a)

5 years agoiwinfo: update to latest Git HEAD
David Bauer [Sun, 8 Sep 2019 13:48:43 +0000 (15:48 +0200)]
iwinfo: update to latest Git HEAD

a88fb42 iwinfo: add device id for Qualcomm Atheros QCA9886
1b69d86 iwinfo: add device id for Qualcomm Atheros QCA9887

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 7db2f1a71f202023154e80758079193fc47352eb)

5 years agoar71xx: make IRQ fixes target specific
Koen Vandeputte [Sat, 14 Sep 2019 14:28:40 +0000 (16:28 +0200)]
ar71xx: make IRQ fixes target specific

Move the IRQ fix from generic to ar71xx specific.
Other targets like ath79 have specific pathes to delete this code.
This resulted in a build failure on ath79

Fixes: 00d48bcac08a ("ar71xx: Fix potentially missed IRQ handling during
dispatch")

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoBump linux-libre kernel to 4.14.143
RISCi_ATOM [Sat, 14 Sep 2019 14:56:47 +0000 (10:56 -0400)]
Bump linux-libre kernel to 4.14.143

5 years agoar71xx: fix potential IRQ misses during dispatch for qca953x
Koen Vandeputte [Wed, 11 Sep 2019 10:47:27 +0000 (12:47 +0200)]
ar71xx: fix potential IRQ misses during dispatch for qca953x

If both interrupts are set in the current implementation
only the 1st will be handled and the 2nd will be skipped
due to the "if else" condition.

Fix this by using the same approach as done for QCA955x
just below it.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 9e8c36557cc0582986862f5a36e17adf6db2b90e)

5 years agoar71xx: Fix potentially missed IRQ handling during dispatch
Koen Vandeputte [Wed, 11 Sep 2019 10:28:36 +0000 (12:28 +0200)]
ar71xx: Fix potentially missed IRQ handling during dispatch

If both interrupts are set in the current implementation
only the 1st will be handled and the 2nd will be skipped
due to the "if else" condition.

Fix this by using the same approach as done for QCA955x
just below it.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agobase-files: validate firmware for compatibility with backup
Rafał Miłecki [Thu, 5 Sep 2019 11:08:13 +0000 (13:08 +0200)]
base-files: validate firmware for compatibility with backup

This allows platform code to check if firmware image can be used with
preserving a backup. It may be used e.g. when installing vendor
firmwares that won't restore appended backup archive.

Suggested-by: Luis Araneda <luaraneda@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1c510fe2980cd787602786e82f44602549d607d4)

5 years agotreewide: use new procd sysupgrade $UPGRADE_BACKUP variable
Rafał Miłecki [Thu, 5 Sep 2019 21:33:19 +0000 (23:33 +0200)]
treewide: use new procd sysupgrade $UPGRADE_BACKUP variable

It's a variable set by procd that should replace hardcoded
/tmp/sysupgrade.tgz.

This change requires the most recent procd with the commit 0f3c136
("sysupgrade: set UPGRADE_BACKUP env variable").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 641f6b6c26cb9ab5e1198810015e5f4b2b5b34ad)

5 years agotreewide: when copying a backup file always specify dest name
Rafał Miłecki [Wed, 4 Sep 2019 14:57:40 +0000 (16:57 +0200)]
treewide: when copying a backup file always specify dest name

$CONF_TAR shouldn't be assumed to always point to the sysupgrade.tgz.
This change makes code more generic and allows refactoring $CONF_TAR.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 62dbe361a1b1ed1506bc0387bff55eddcb619e49)

5 years agotreewide: don't hardcode "sysupgrade.tgz" file name
Rafał Miłecki [Wed, 4 Sep 2019 14:57:39 +0000 (16:57 +0200)]
treewide: don't hardcode "sysupgrade.tgz" file name

1) Add BACKUP_FILE and use it when copying an archive to be restored
   after sysupgrade (on the next preinit).
2) Use CONF_TAR for copying backup prepared by the /sbin/sysupgrade

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit bf390478727ac5f4f9d6fb684de48b8150bcec67)

5 years agotools: mkimage: fix __u64 typedef conflict with new glibc
Yousong Zhou [Wed, 11 Sep 2019 13:25:17 +0000 (13:25 +0000)]
tools: mkimage: fix __u64 typedef conflict with new glibc

Including "sys/stat.h" from newer glibc will cause __u64 from linux uapi
header to be included, causing compilation failure for u-boot tools
USE_HOSTCC

Remove typedef for __u64 in include/compiler.h to fix the issue.  It should be
safe because as of u-boot-2018.03, no ref to __u64 is found under u-boot tools/
directory

Error message snippet follows

  HOSTCC  tools/mkenvimage.o
In file included from /usr/include/asm-generic/types.h:7,
 from /usr/include/asm/types.h:5,
 from /usr/include/linux/types.h:5,
 from /usr/include/linux/stat.h:5,
 from /usr/include/bits/statx.h:30,
 from /usr/include/sys/stat.h:446,
 from tools/mkenvimage.c:21:
/usr/include/asm-generic/int-ll64.h:31:42: error: conflicting types for '__u64'
   31 | __extension__ typedef unsigned long long __u64;
      |                                          ^~~~~
In file included from <command-line>:
././include/compiler.h:69:18: note: previous declaration of '__u64' was here
   69 | typedef uint64_t __u64;
      |                  ^~~~~
make[5]: *** [scripts/Makefile.host:116: tools/mkenvimage.o] Error 1

Ref: https://forum.openwrt.org/t/compile-error-19-07/44423
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1699194
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
5 years agoRevert "ar71xx: use platform code for qca955x usb0 init"
Koen Vandeputte [Wed, 11 Sep 2019 21:40:42 +0000 (23:40 +0200)]
Revert "ar71xx: use platform code for qca955x usb0 init"

This reverts commit af91a370de2b94a37b8a87a9f95503e96dfcb744.

As Piotr Dymacz pointed out:

In QCA MIPS based WiSOCs, for first USB interface,
device/host mode can be selected _only_ in hardware
see description of 57c641ba6e

QCA955x and QCA9563, second USB can be switched to device
mode in software (tested and confirmed on real hardware).

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoar71xx: qca955x pci init/reset fixes
Tomislav Požega [Tue, 3 Sep 2019 22:48:37 +0000 (00:48 +0200)]
ar71xx: qca955x pci init/reset fixes

Current ar724x code does the reset only on single pci bus, and
in case of qca9558 writes the wrong register (0x10 vs 0x0c).
This change allows the reset of second pci bus, commonly used in
Archer C7 devices, in case host controller is stuck in reset.
If the resetting controller on boot can solve any other issue it
can be enabled unconditionally by removing reset check before
ar724x_pci_hw_init is called.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
[refreshed to apply cleanly]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 76d870871cb12fc0c170e5fd23bce568adfaae6d)

5 years agoar71xx: enable ddr wb flush on qca955x
Tomislav Požega [Tue, 3 Sep 2019 15:10:31 +0000 (17:10 +0200)]
ar71xx: enable ddr wb flush on qca955x

Enable flushing of write buffers on qca955x. GPL code has 0x88 reg
defined for PCI flush which is likely an error since the device
freezes on boot. So use DS default value 0xA8 for PCI flush.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
(cherry picked from commit fe9e702dc94ece2a004f6db68d6fb9a94d9437cb)

5 years agoar71xx: use platform code for qca955x usb0 init
Tomislav Požega [Tue, 3 Sep 2019 15:04:17 +0000 (17:04 +0200)]
ar71xx: use platform code for qca955x usb0 init

Switch from ci_usb_setup to generic platform initialization of
usb0 port.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
(cherry picked from commit 36a0cfd24be1cb79f221964ed2bfe12b98befff3)

5 years agohostapd: SAE/EAP-pwd side-channel attack update
Hauke Mehrtens [Sun, 8 Sep 2019 21:53:18 +0000 (23:53 +0200)]
hostapd: SAE/EAP-pwd side-channel attack update

Fixes this security problem:
* SAE/EAP-pwd side-channel attack update
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7bed9bf10fc8d05df34c7efc66e8b4ade37a1a0c)

5 years agohostapd: Fix security problem in EAP-pwd
Hauke Mehrtens [Sun, 8 Sep 2019 21:27:04 +0000 (23:27 +0200)]
hostapd: Fix security problem in EAP-pwd

This fixes:
CVE-2019-11555 "EAP-pwd message reassembly issue with unexpected fragment"
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt

This should not affect OpenWrt in the default settings as we do not use
EAP-pwd.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 9f34bf51d60a237696b1d4cc9b5f4835b95e7ea2)

5 years agoRevert "build: remove harmful -nopad option from mksquashfs"
Jonas Gorski [Fri, 6 Sep 2019 12:55:36 +0000 (14:55 +0200)]
Revert "build: remove harmful -nopad option from mksquashfs"

This reverts commit 1c0290c5cc6258c48b8ba46b4f9c85a21de4f875.

Dropping the nopad can make the padding overflow into the next erase
block on devices using a non-aligned rootfs start. This breaks the jffs2
overlay partition with the following messages:

[   30.343877] jffs2_scan_eraseblock(): End of filesystem marker found at 0x10000
[   30.376512] jffs2: Cowardly refusing to erase blocks on filesystem with no valid JFFS2 nodes
[   30.385253] jffs2: empty_blocks 196, bad_blocks 0, c->nr_blocks 197

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit f11d90a76b719106336b94d85b166b4ebf19dbb0)

5 years agokernel: net_sched: fix a NULL pointer deref in ipt action
Cong Wang [Sun, 25 Aug 2019 12:35:06 +0000 (05:35 -0700)]
kernel: net_sched: fix a NULL pointer deref in ipt action

The net pointer in struct xt_tgdtor_param is not explicitly
initialized therefore is still NULL when dereferencing it.
So we have to find a way to pass the correct net pointer to
ipt_destroy_target().

The best way I find is just saving the net pointer inside the per
netns struct tcf_idrinfo, which could make this patch smaller.

Fixes: 0c66dc1ea3f0 ("netfilter: conntrack: register hooks in netns when needed by ruleset")
Reported-and-tested-by: Tony Ambardar <itugrok@xxxxxxxxx>
Cc: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
Cc: Jiri Pirko <jiri@xxxxxxxxxxx>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
[Backport for kernel v4.19 and v4.14]
Link: https://bugzilla.kernel.org/show_bug.cgi?id=204681]
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 7735cce0c5c306bd9eea20ca2805e4a492c02be9)

5 years agotreewide: sysupgrade: don't use $ARGV in platform_do_upgrade()
Rafał Miłecki [Sun, 14 Jul 2019 17:03:19 +0000 (19:03 +0200)]
treewide: sysupgrade: don't use $ARGV in platform_do_upgrade()

stage2 passes image path to platform_do_upgrade() as an argument so it
can be simply accessed using $1

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 8b4bc7abe073489a3595eeb2d81818852319c148)
[rmilecki: dropping ARGV without this change broke sysupgrade]
Fixes: 6ac62c4b6cae ("base-files: don't set ARGV and ARGC")

5 years agoodhcp6c: update to latest git HEAD
Hans Dedecker [Sat, 7 Sep 2019 11:08:27 +0000 (13:08 +0200)]
odhcp6c: update to latest git HEAD

e199804 dhcpv6: sanitize oro options

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 1855c237948e211849d79765ca749cdea6a79987)

5 years agotreewide: fix invalid UPGRADE_OPT_SAVE_CONFIG spellings
Rafał Miłecki [Thu, 5 Sep 2019 06:53:44 +0000 (08:53 +0200)]
treewide: fix invalid UPGRADE_OPT_SAVE_CONFIG spellings

That was a result of accidentally running "sed" twice on some files.

Fixes: 9b9412d55cca ("treewide: replace remaining (not working now) $SAVE_CONFIG uses")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1078de96e315f3cc2675b2c5935009e8c6159ad4)

5 years agotreewide: replace remaining (not working now) $SAVE_CONFIG uses
Rafał Miłecki [Thu, 5 Sep 2019 06:40:29 +0000 (08:40 +0200)]
treewide: replace remaining (not working now) $SAVE_CONFIG uses

This var has been replaced by the $UPGRADE_OPT_UPGRADE_OPT_SAVE_CONFIG

Fixes: f25d164aca80 ("base-files: pass "save_config" option to the "sysupgrade" method")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 5797fe84a3b508483f7d82e177157c1bf2f342d9)

5 years agoprocd: update to the latest git HEAD
Rafał Miłecki [Thu, 5 Sep 2019 21:16:17 +0000 (23:16 +0200)]
procd: update to the latest git HEAD

0f3c136 sysupgrade: set UPGRADE_BACKUP env variable
0bcbbbf system: fix uninitialized variables in firmware validation code

This update includes a fix for uninitialized variable usage.

Fixes: db5164d3d056 ("procd: update to the latest git HEAD")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit e8dcbbc865cb6acef1cfbafe77f30c1f003c3dc3)

5 years agoprocd: update to the latest git HEAD
Rafał Miłecki [Wed, 4 Sep 2019 09:12:44 +0000 (11:12 +0200)]
procd: update to the latest git HEAD

34ac88c system: reject sysupgrade of invalid firmware images by default
f55c235 system: reject sysupgrade of broken firmware images
e990e21 system: add "validate_firmware_image" ubus method

This update changes "sysupgrade" ubus method API. It's now required to
pass "force" attribute whenever invalid firmware is meant to be
installed.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 7290963d0992b9aa412e0066dcf721857fbd40f7)

5 years agobase-files: pass "force" parameter to the "sysupgrade" call
Rafał Miłecki [Tue, 3 Sep 2019 12:44:40 +0000 (14:44 +0200)]
base-files: pass "force" parameter to the "sysupgrade" call

This makes sysupgrade work with the most recent procd that validates
firmware before proceeding.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b71962da16c2e2b93d633d7bde1436b3da2bf740)

5 years agosdk: use bundle-libraries.sh to ship kernel objtool tools
Jo-Philipp Wich [Fri, 30 Aug 2019 13:45:06 +0000 (15:45 +0200)]
sdk: use bundle-libraries.sh to ship kernel objtool tools

Ensure that the kernel objtool utilities are processed by the library
bundler in order to ensure that they're usable on foreign systems with
different libc versions.

Fixes: a9f6fceb42 ("sdk: fix building external modules when CONFIG_STACK_VALIDATION=y")
Acked-by: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit efaaadb49e90b51ba3a6adc6fafc330c23b8f764)

5 years agoinclude: kernel-build: pass pkg-config overrides to kernel build
Jo-Philipp Wich [Fri, 30 Aug 2019 13:24:45 +0000 (15:24 +0200)]
include: kernel-build: pass pkg-config overrides to kernel build

Pass suitable pkg-config overrides to the kernel build process in
order to let our pkg-config wrapper discover libraries provided
by tools/.

This mainly affects the use of libelf which is required for the
CONFIG_STACK_VALIDATION features. So far, the build system either
silently used host system libraries or kbuild simply disabled the
feature due to the lack of a suitable libelf.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit fe43969336201f2cc7d103b68fd6e65989bee184)

5 years agotools: libelf: fix headers to trigger -Wundef warnings
Jo-Philipp Wich [Fri, 30 Aug 2019 13:22:01 +0000 (15:22 +0200)]
tools: libelf: fix headers to trigger -Wundef warnings

When libelf from tools/ is used for building the kernel, compilation
aborts due to access to undefined defines since Kbuild adds -Wundef
to the compiler flags.

Patch the header files to use `#if defined(...)` instead of `#if ...`
to prevent such issues.

Ref: https://github.com/NixOS/nixpkgs/issues/59929
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f3ab336d7ceda929dc8dc4a8b09a9552dc6be0b1)

5 years agotools: libelf: install pkg-config file
Jo-Philipp Wich [Fri, 30 Aug 2019 13:28:27 +0000 (15:28 +0200)]
tools: libelf: install pkg-config file

Install the pkg-config definition for libelf in order to allow the
kernel build process discover it later on.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit d3f86c9cc3e465fbca51aaadbb274856831ba56c)

5 years agoscripts/feeds: fix 'src-include' directive
Bjørn Mork [Mon, 2 Sep 2019 11:49:21 +0000 (13:49 +0200)]
scripts/feeds: fix 'src-include' directive

Commit 775b70f8d5df renamed parse_file() parameters without
updating the recursive call. This broke parsing of any feeds.conf
using 'src-include'.

 $ scripts/feeds update -a
 Can't use string ("defaults") as a HASH ref while "strict refs" in use at scripts/feeds line 63, <$fh> line 1.

Fixes: 775b70f8d5df ("scripts/feeds: allow adding parameters to feeds")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
(cherry picked from commit a21b70be31a9d8adda0ae65cc38d1b3b4b6680d4)

5 years agouci: update to latest Git HEAD
Hauke Mehrtens [Sun, 1 Sep 2019 17:52:41 +0000 (19:52 +0200)]
uci: update to latest Git HEAD

415f9e4 uci/file: replace mktemp() with mkstemp()

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6aa962a62288952aec08c1f67fb0735f420f720e)

5 years agoiwinfo: update to latest Git HEAD
Hauke Mehrtens [Sun, 1 Sep 2019 17:47:50 +0000 (19:47 +0200)]
iwinfo: update to latest Git HEAD

f599a8d iwinfo: Fix rate buffer size
71ec9be iwinfo: Fix buffer size
f8ef450 iwinfo: Add support for WPA3

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6658447534152b72a3341b369f1eb545618fa7cf)

5 years agoFix handling of BUILD_SUFFIX in remote-gdb script
Thomas Langer [Thu, 22 Aug 2019 12:21:14 +0000 (12:21 +0000)]
Fix handling of BUILD_SUFFIX in remote-gdb script

When CONFIG_BUILD_SUFFIX is enabled, the target-* folders in build_dir
and staging_dir have this suffix in the name, but not the
toolchain directories. When detecting the names for "arch" and "libc",
also accept the suffix and do not use it for the toolchain path.

Signed-off-by: Thomas Langer <thomas.langer@intel.com>
(cherry picked from commit 035906fd05b2e5543cedd9471731043945fdcf13)

5 years agotools/cmake: Update to 3.15.1
Daniel Engberg [Sat, 16 Mar 2019 21:09:22 +0000 (21:09 +0000)]
tools/cmake: Update to 3.15.1

Update CMake to 3.15.1
Refresh patches
Remove inofficial fossies.org and replace with GitHub (link on official site)
Remove 150-C-feature-checks-Match-warnings-more-strictly.patch as it's
a no longer needed backport from upstream.
Disable ccache if GCC is 4.8, 4.9 or 5.X to avoid build failures.
Reference: https://github.com/openwrt/openwrt/pull/1929

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit 413c68d120043cd8ff1f4aa057d33c140bfc6bfa)

5 years agonftables: bump to version 0.9.2
Konstantin Demin [Wed, 21 Aug 2019 06:25:06 +0000 (09:25 +0300)]
nftables: bump to version 0.9.2

- exclude Python-related stuff from build
- drop patches:
  * 010-uclibc-ng.patch, applied upstream

ipkg size decrease by 2.8%:
old:
194.851 nftables_0.9.0-2_arm_cortex-a7_neon-vfpv4.ipk
new:
189.581 nftables_0.9.2-1_arm_cortex-a7_neon-vfpv4.ipk

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(cherry picked from commit b74f1f335a792a15feb0fd839a69486050d3531f)

5 years agolibnftnl: bump to version 1.1.4
Konstantin Demin [Wed, 21 Aug 2019 06:41:07 +0000 (09:41 +0300)]
libnftnl: bump to version 1.1.4

ABI version is same.

The ipkg size increase by about 2.2%:
old:
47.909 libnftnl11_1.1.3-1_arm_cortex-a7_neon-vfpv4.ipk
new:
48.985 libnftnl11_1.1.4-1_arm_cortex-a7_neon-vfpv4.ipk

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(cherry picked from commit 699955a684eb8f6eb39123632ec7e193fa132753)

5 years agorpcd: update to latest Git HEAD
Jo-Philipp Wich [Sun, 1 Sep 2019 16:33:03 +0000 (18:33 +0200)]
rpcd: update to latest Git HEAD

821045f file: add path based read/write/exec ACL checks
fb337e5 file: add stat() information to directory listings

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 02169bd3f8ccfa3076bb4d46e979d2fdcc7d413e)

5 years agouhttpd: add support to generate EC keys
Eneas U de Queiroz [Mon, 5 Aug 2019 18:34:39 +0000 (15:34 -0300)]
uhttpd: add support to generate EC keys

This adds the key_type and ec_curve options to enable the generation of
EC keys during initialization, using openssl or the new options added to
px5g.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7f2b230b3b9d0a7fb758db3a9b1958845506a5a3)

5 years agopx5g: support EC keys
Eneas U de Queiroz [Mon, 5 Aug 2019 18:34:38 +0000 (15:34 -0300)]
px5g: support EC keys

This adds an 'eckey' command to generate an EC key, with an optional
curve name argument, with P-256 as default.

For the 'selfsigned' command, it adds an 'ec' algorithm argument to the
'-newkey' option, and a '-pkeyopt ec_paramgen_curve:<curvename>' option,
mirroring the way openssl specifies the curve name.

Notice that curve names are not necessarily the same in mbedtls and
openssl.  In particular, secp256r1 works for mbedtls, but openssl uses
prime256v1 instead. px5g uses mbedtls, but short NIST curve names P-256
and P-384 are specifically supported.

Package size increased by about 900 bytes (arm).

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit a552ababd4ff8e91d3f03f7496f12d080a71ba28)

5 years agoopenssl: always build with EC support
Eneas U de Queiroz [Mon, 5 Aug 2019 18:34:37 +0000 (15:34 -0300)]
openssl: always build with EC support

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit f40262697f5aebed25313a1b2eb8f68d37c97e60)

5 years agolibnfnetlink: Avoid passing both -fPIC and -fpic
Rosen Penev [Tue, 27 Aug 2019 22:49:22 +0000 (15:49 -0700)]
libnfnetlink: Avoid passing both -fPIC and -fpic

Instead, instruct the configure script to use $(FPIC) only.

Mixing -fPIC and -fpic can cause issues on some platforms like PPC.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 926157c2ccb02aa06b343662ecbd2571faf6eddd)

5 years agoncurses: Do not pass both -fPIC and -fpic
Rosen Penev [Tue, 27 Aug 2019 22:49:21 +0000 (15:49 -0700)]
ncurses: Do not pass both -fPIC and -fpic

The configure scripts matches Linux with -fPIC, which is not exactly what
is desired. Since we are already passing $(FPIC), added a CONFIGURE_VAR to
avoid passing -fPIC.

Removed PKG_BUILD_DIR as it is already the default value.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit e2ecf39e8e49e43b4d358853f9da51e3897d042c)

5 years agobuild: remove harmful -nopad option from mksquashfs
Christian Lamparter [Fri, 30 Aug 2019 14:52:25 +0000 (16:52 +0200)]
build: remove harmful -nopad option from mksquashfs

While the -nopad option prevents mksquashfs from padding the
image to an arbitrary 4k. It does not take into consideration
that squashfs is programmed to have this 4k padding when it's
being used on on a block device... which is its main "use-case".

Now, after a week long discussion on the ML that included a
back-and-forth between some of the possible options.
But this is likely the best KISS patch to deal with the issue
right away given the limited resources.

From squashfs code point of view, be warned. The 4k padding is
not enough when dealing with devices that have a PAGE_SIZE
bigger than 4k.

if it turns out to be affecting you, then please look-up either:
"FS#2460 - kernel panic reading squashfs from ubi volume" bug
Or the discussion on the OpenWrt-Devel ML in
"amp821xx: use newly added pad-squashfs for Meraki MR24" and
"Squashfs breakage lottery with UBI..."
before making an educated guess.

Note: This will not affect the "tiny"/small flash devices as
much as it seems at first. This is because the the rootfs_data
partition that follows uses jffs2. And it requires to be aligned
to the flash block-size in order to work at all.

So either the involved FSes will meet in the middle as before,
or not at all. But in that latter case the image was already
hoping for the "undefined behaviour" gamble to turn out in its
favour and this is probably why this was unnoticed for so long.

Fixes: FS#2460
Reported-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 1c0290c5cc6258c48b8ba46b4f9c85a21de4f875)

5 years agobase-files: use JSON for storing firmware validation info
Rafał Miłecki [Fri, 23 Aug 2019 06:15:23 +0000 (08:15 +0200)]
base-files: use JSON for storing firmware validation info

So far firmware validation result was binary limited: it was either
successful or not. That meant various limitations, e.g.:
1) Lack of proper feedback on validation problems
2) No way of marking firmware as totally broken (impossible to install)

This change introduces JSON for storing detailed validation info. It
provides a list of performed validation tests and their results. It
allows marking firmware as non-forceable (broken image that can't be
even forced to install).
Example:
{
        "tests": {
                "fwtool_signature": true,
                "fwtool_device_match": true
        },
        "valid": true,
        "forceable": true
}

Implementation is based on *internal* check_image bash script that:
1) Uses existing validation functions
2) Provides helpers for setting extra validation info

This allows e.g. platform_check_image() to call notify_check_broken()
when needed & prevent user from bricking a device.

Right now the new JSON info is used by /sbin/sysupgrade only. It still
doesn't make use of "forceable" as that is planned for later
development.

Further plans for this feature are:
1) Expose firmware validation using some new ubus method
2) Move validation step from /sbin/sysupgrade into "sysupgrade" ubus
   method so:
   a) It's possible to safely sysupgrade using ubus only
   b) /sbin/sysupgrade can be more like just a CLI

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f522047958f99ab7b506ec550f796c0460af1a85)

5 years agoscripts/feeds: allow adding parameters to feeds
Jo-Philipp Wich [Wed, 28 Aug 2019 13:21:35 +0000 (15:21 +0200)]
scripts/feeds: allow adding parameters to feeds

this allows adding "--" prefixed parameters inside feeds.conf between the
target and name. The first parameter is --force which has the same effect
as using -f when installing any of the packages. This allows creating
feeds that will override base packages by default.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 775b70f8d5dfe9830aaf3b79fc8fb38c8148ee1f)

5 years agoprocd: fix compile issue with glibc (FS#2469)
Hans Dedecker [Wed, 28 Aug 2019 13:28:57 +0000 (15:28 +0200)]
procd: fix compile issue with glibc (FS#2469)

0430252 sysupgrade: add missing _GNU_SOURCE define (FS#2469)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 6e45ba4699eb8424951648cfeddc0a8633f8891e)

5 years agoopenssl: refresh patches
Christian Lamparter [Sat, 24 Aug 2019 09:23:55 +0000 (11:23 +0200)]
openssl: refresh patches

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 5ef3fe614c1e8c350ca0083f61577a89c002bc53)

5 years agotreewide: sysupgrade: pass "save_partitions" option to the "sysupgrade" method
Rafał Miłecki [Fri, 16 Aug 2019 15:02:58 +0000 (17:02 +0200)]
treewide: sysupgrade: pass "save_partitions" option to the "sysupgrade" method

This explicitly lets stage2 know if partitions should be preserved. No
more "touch /tmp/sysupgrade.always.overwrite.bootdisk.partmap" hack.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b6f4cd57e19a8cfcd9ff52582b65164ce6213c3d)

5 years agobase-files: pass "save_config" option to the "sysupgrade" method
Rafał Miłecki [Fri, 16 Aug 2019 14:54:38 +0000 (16:54 +0200)]
base-files: pass "save_config" option to the "sysupgrade" method

This explicitly lets stage2 know if config should be preserved.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b534ba96110012d2697d19d71b7dcd60bd4cd375)

5 years agoprocd: update to latest git HEAD
Rafał Miłecki [Thu, 22 Aug 2019 11:45:45 +0000 (13:45 +0200)]
procd: update to latest git HEAD

9558031 system: support passing "options" to the "sysupgrade" ubus method

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 2b1a6d263cc84ac6189447fe971b52d8b34cea51)

5 years agofirewall: update to latest git HEAD
Kevin Darbyshire-Bryant [Tue, 20 Aug 2019 11:29:47 +0000 (12:29 +0100)]
firewall: update to latest git HEAD

bf29c1e firewall3: ipset: Handle reload_set properly

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit bd01346bb463d371627739fad539310ef5bd4146)

5 years agoelfutils: bump to 0.177
Luiz Angelo Daros de Luca [Mon, 19 Aug 2019 03:09:05 +0000 (00:09 -0300)]
elfutils: bump to 0.177

200-uclibc-ng-compat.patch is upstream now.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 0851ce4ff97260a0fab2a507ee8370e60f78370d)

5 years agoiftop: update to HEAD of 2018-10-03 - 77901c
Christian Lamparter [Sun, 18 Aug 2019 00:31:01 +0000 (02:31 +0200)]
iftop: update to HEAD of 2018-10-03 - 77901c

Update iftop to commit 77901c8c53e01359d83b8090aacfe62214658183

git log --pretty=oneline --abbrev-commit 949ed0f7..77901c8c

77901c8 Support scales beyond 1Gbps

Created with the help of the make-package-update-commit.sh script.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit cfd0748497c5c27c6d0f80b0ad3698ffe4428352)