Commit Graph

16359 Commits (3d7f76383f87f490ba611aa18af89d33170997ff)

Author SHA1 Message Date
Michal Cieslakiewicz d47b687006 ath79: update uboot-envtools for Netgear WNR routers
Boards added: WNR1000v2, WNR2000v3, WNR612v2, WNDR3700.

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2019-11-08 14:48:48 +01:00
Henrique de Moraes Holschuh 8eab0a0036 busybox: disable default config option FEATURE_SUID=y
Commit ad7c6102f2 ("busybox: fix missing install with suid bit set if
FEATURE_SUID=y") actually fixes BUSYBOX_CONFIG_FEATURE_SUID option and
thus would install busybox setuid root by default which would result in
possibly unwanted change of current behaviour, so let's disable this
option by default in order to preserve the current status-quo.

For the record: disabling FEATURE_SUID to preserve the status-quo does
*not* imply the current status-quo is "safer", or for that matter, in
any way desireable.  That is a discussion to be had on the mailing
lists.

Switching the FEATURE_SUID default to "n" is simply a compromise to
facilitate the merge of the changes that unbreak FEATURE_SUID.

Ref: PR#2502
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
[commit title/description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-07 22:51:37 +01:00
Henrique de Moraes Holschuh ad7c6102f2 busybox: fix missing install with suid bit set if FEATURE_SUID=y
With FEATURE_SUID=y one can install busybox binary belonging to root
with the suid bit set, enabling some applets to perform root-level
operations even when run by ordinary users. Busybox then drops
privileges for applets that don't need root access, before entering
their main() function.

Currently we don't install busybox binary with suid bit set, rendering
this feature unusable.

Note that we can't just "chmod u+s /bin/busybox" at runtime as a
"cheaper" solution: it would waste approximately 200KiB of FLASH (the
whole /bin/busybox binary gets copied into the overlay).

Ref: PR#2502
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
[commit title/description facelift, use INSTALL_SUID variable]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-07 22:50:16 +01:00
Adrian Schmutzler 22b8a6263d Revert "base-files: rename hostname with EUI of mac address"
This reverts commit 6170c46b47.

There has been demand for further evaluation of the impact of a
changed hostname, so this is reverted for now. The default hostname
will be "OpenWrt" again after this commit.

The macaddr_geteui() function is not removed by this revert.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-11-07 18:19:55 +01:00
Rosy Song 6170c46b47 base-files: rename hostname with EUI of mac address
If a label MAC address is provided for device, system
will rename the hostname with OpenWrt_{eui mac address}.
This helps to distinguish between different devices.

Since it's no good idea to nest json_* functions, this code does
not use get_mac_label directly, but only get_mac_label_dt as
external resource.

Signed-off-by: Rosy Song <rosysong@rosinson.com>
[merged with commit introducing macaddr_geteui, rebased on updated
label MAC address storage, extended commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-11-07 17:13:18 +01:00
Adrian Schmutzler a6fbdd3a78 base-files: don't store label MAC address in uci system config
If set, label MAC address is available from one of two sources,
device tree or board.json. So far, the function get_mac_label
was meant for retrieving the address, while an option in uci
system config was specified only for case 2 (board.json).

The uci config option has several drawbacks:
- it is only used for a fraction of devices (those not in DT)
- label MAC address is a device property, while config implies
  user interaction
- label_macaddr option will only be set if /etc/config/system
  does not exist (i.e. only for new installations)

Thus, this patch changes the behavior of get_mac_label:
Instead of writing the value in board.json to uci system config
and reading from this location afterwards, get_mac_label now
extracts data from board.json directly. The uci config option
won't be used anymore.
In addition, two utility functions for extraction only from DT
or from board.json are introduced.

Since this is only changing the access to the label MAC address, it
won't interfere with the addresses stored in the code base so far.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-11-07 17:13:18 +01:00
Eneas U de Queiroz 3540a37a97 kernel: add crypto_user mod to crypto-user pkg
This is needed to export crypto information to netfilter, allowing
the alt. afalg openssl engine to obtain information about the drivers
being used.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-11-06 23:27:20 +01:00
Eneas U de Queiroz f4853f7cca wolfssl: update to v4.2.0-stable
Many bugs were fixed--2 patches removed here.

This release of wolfSSL includes fixes for 5 security vulnerabilities,
including two CVEs with high/critical base scores:

- potential invalid read with TLS 1.3 PSK, including session tickets
- potential hang with ocspstaping2 (always enabled in openwrt)
- CVE-2019-15651: 1-byte overread when decoding certificate extensions
- CVE-2019-16748: 1-byte overread when checking certificate signatures
- DSA attack to recover DSA private keys

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-11-06 23:23:53 +01:00
Petr Štetiar 80a799125b libnl-tiny: update to latest Git head
Includes following changes:

 0230d0698e59 add initial GitLab CI support
 5e13b797a988 iron out all extra compiler warnings
 802fbd4d6f39 cmake: enable extra compiler checks
 050bb5c4431b convert into CMake project
 5b350e42d1fd refactor into separate Git project

and converts the package build to utilize CMake.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-06 16:31:42 +01:00
David Bauer 4c6fe32468 mac80211 ath9k: force QCA953x clock to 25MHz
The QCA953x only supports 25 MHz refclk, however some OEMs set an
invalid bootstrap value for the REF_CLK option, which would break the
clock detection in ath9k.

Force the QCA953x refclk to 25MHz in ath9k, as this is (according to the
datasheet) the only valid frequency.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-11-05 22:55:54 +01:00
Koen Vandeputte f96af28272 ath10k-firmware: update Candela Tech firmware images
The release notes since last time for wave-1:

  *  October 5,  2019:  Fix too-short msg caused by invalid use of PayloadLen in receive path.
                        This appears to resolve the issue of getting (and ignoring) too-short commands
                        when we detect loss of CE interrupts and go into polling mode.

  *  October 12, 2019:  Fix regression in IBSS mode that caused SWBA overrun issues.  Related to
                        regression added during the ct-station logic, specifically TSF allocation.
                        Thanks for Ahmed Zaki @ Mage-Networks for helping to diagnose and test.

  *  October 15, 2019:  Only send beacon tx completion events if we can detect CT driver is being
                        used (based on CT_STATS_OK flag being set).  This should help CT firmware work
                        better on stock driver.

The release notes since last time for wave-2:

  *  October 15, 2019:  Only send beacon tx completion events if we can detect CT driver is being
                        used (based on ATH10k_USE_TXCOMPL_TXRATE2 | ATH10k_USE_TXCOMPL_TXRATE1 flags being set).
                        This should help CT firmware work better on stock driver.

  *  October 31, 2019:  Compile out peer-ratecode-list-event.  ath10k driver ignores the event.

  *  November 1, 2019:  Fix rate-ctrl related crash when nss and other things were changed while
                        station stays associated.  See bug: https://github.com/greearb/ath10k-ct/issues/96

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-11-05 15:43:22 +01:00
Jo-Philipp Wich 6f9157e6bd ustream-ssl: update to latest Git HEAD
c9b6668 ustream-ssl: skip writing pending data if .eof is true after connect

Fixes: CVE-2019-5101, CVE-2019-5102
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-05 14:43:20 +01:00
Felix Fietkau fa37dbbc43 mac80211: fix build without CONFIG_PCI
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-11-05 14:22:01 +01:00
Felix Fietkau 8b15e7f661 mac80211: add support for multiple wiphys behind a single device
The device path will be the same for the first phy. For all subsequent
phys, the path gets an extra +1, +2, ...
Move the code for converting path to phy and vice versa to a separate
library script shared by config detection code and the netifd wireless
handler script

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-11-05 12:09:36 +01:00
Felix Fietkau d64daf7026 mac80211: add pcie apsm backport changes
Required for newer versions of mt76

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-11-05 12:09:26 +01:00
David Bauer 3034f8c3b8 hostapd: enable PMKSA and OK caching for WPA3-Personal
This enables PMKSA and opportunistic key caching by default for
WPA2/WPA3-Personal, WPA3-Personal and OWE auth types.
Otherwise, Apple devices won't connect to the WPA3 network.

This should not degrade security, as there's no external authentication
provider.

Tested with OCEDO Koala and iPhone 7 (iOS 13.1).

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-11-04 18:46:54 +01:00
Hauke Mehrtens 6f3a293532 procd: Update to version 2019-11-02
f47622e instance: Warn about unexpected number of parameters
564ecdf instance: ujail: Fix allocated size for no_new_privs parameter
7fb2e1d procd: simplify code in procd_inittab_run
4a127c3 procd: replace exit(-1) with exit(EXIT_FAILURE)
bc0a73e procd: add upgraded binary to .gitignore
ba4c4db procd: add start-console support
3e39fe5 procd: shift arguments for askfirst only once
5d62829 procd: skip respawn in case device disappeared
d27949f procd: guard fork_worker calls

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-03 20:25:07 +01:00
Daniel Golle 43ae50978a mac80211: rt2x00: remove errornous duplicate condition
https://patchwork.kernel.org/patch/11224189/
--
On 2019-10-28 06:07, wbob wrote:
> Hello Roman,
>
> while reading around drivers/net/wireless/ralink/rt2x00/rt2800lib.c
> I stumbled on what I think is an edit of yours made in error in march
> 2017:
>
> https://github.com/torvalds/linux/commit/41977e86#diff-dae5dc10da180f3b055809a48118e18aR5281
>
> RT6352 in line 5281 should not have been introduced as the "else if"
> below line 5291 can then not take effect for a RT6352 device. Another
> possibility is for line 5291 to be not for RT6352, but this seems
> very unlikely. Are you able to clarify still after this substantial time?
>
> 5277: static int rt2800_init_registers(struct rt2x00_dev *rt2x00dev)
> ...
> 5279:  } else if (rt2x00_rt(rt2x00dev, RT5390) ||
> 5280:         rt2x00_rt(rt2x00dev, RT5392) ||
> 5281:         rt2x00_rt(rt2x00dev, RT6352)) {
> ...
> 5291:  } else if (rt2x00_rt(rt2x00dev, RT6352)) {
> ...

Hence remove errornous line 5281 to make the driver actually
execute the correct initialization routine for MT7620 chips.

As it was requested by Stanislaw Gruszka remove setting values of
MIMO_PS_CFG and TX_PIN_CFG. MIMO_PS_CFG is responsible for MIMO
power-safe mode (which is disabled), hence we can drop setting it.
TX_PIN_CFG is set correctly in other functions, and as setting this
value breaks some devices, rather don't set it here during init, but
only modify it later on.

Fixes: 41977e86c984 ("rt2x00: add support for MT7620")
Reported-by: wbob <wbob@jify.de>
Reported-by: Roman Yeryomin <roman@advem.lv>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>
--

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-03 18:31:02 +01:00
Yousong Zhou e4af39d563 fstools: bump to version 2019-11-03
2f2a09a block: mount_device: err log only when mp deviates from spec
da4edc1 block: mount_device: skip extroot earlier
32c3126 block: mount_action: handle mount/umount deps
fb0700f block: support hierarchical mount/umount
1212b5b block: umount: skip / unless -a is given
eda8b3f block: use fsck.fat instead of dosfsck
d05276d libblkid-tiny: ntfs: fix use-after-free

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-11-03 04:25:37 +00:00
Yousong Zhou 51e7624776 libubox: bump to version 2019-10-29
It contains a single change to vlist.h header file: "vlist: add more
macros for loop iteration".  This is needed for newer version of fstools

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-11-03 04:24:54 +00:00
Kyle Copperfield 87f9292300 hostapd: add IEEE 802.11k support
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Enables radio resource management to be reported by hostapd to clients.

Ref: https://github.com/lede-project/source/pull/1430
Co-developed-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
2019-11-02 20:51:52 +01:00
Michal Cieslakiewicz 9b6f89c37f ath79: add support for Netgear WNDR4300
This patch adds ath79 support for Netgear WNDR4300.
Router was previously supported by ar71xx target only.
Note: device requires 'ar934x-nand' driver in kernel.

Specification
=============
  * Description: Netgear WNDR4300
  * Loader: U-boot
  * SOC: Atheros AR9344 (560 MHz)
  * RAM: 128 MiB
  * Flash: 128 MiB (NAND)
	- U-boot binary: 256 KiB
	- U-boot environment: 256 KiB
	- ART: 256 KiB
	- POT: 512 KiB
	- Language: 2 MiB
	- Config: 512 KiB
	- Traffic Meter: 3 MiB
	- Firmware: 25 MiB
	- ART Backup: 256 KiB
	- Reserved: 96 MiB
  * Ethernet: 5 x 10/100/1000 (4 x LAN, 1 x WAN) (AR8327)
  * Wireless:
	- 2.4 GHz b/g/n (internal)
	- 5 GHz a/n (AR9580)
  * USB: yes, 1 x USB 2.0
  * Buttons:
	- Reset
	- WiFi (rfkill)
	- WPS
  * LEDs:
	- Power (amber/green)
	- WAN (amber/green)
	- WLAN 2G (green)
	- WLAN 5G (blue)
	- 4 x LAN (amber/green)
	- USB (green)
	- WPS (amber/green)
  * UART: 4-pin connector JP1, 3.3V (Vcc, TX, RX, GND), 115200 8N1
  * Power supply: DC 12V 2.5A
  * MAC addresses: LAN=WLAN2G on case label, WAN +1, WLAN5G +2

Installation
============
  * TFTP recovery
  * TFTP via U-boot prompt
  * sysupgrade
  * Web interface

Note about partitioning: firmware partition offset (0x6c0000) is
hardcoded into vendor's u-boot, so this partition cannot be moved
and resized to include Netgear-specific flash areas (pot, language,
config, traffic_meter) not used by OpenWrt.

Test build configuration
========================
CONFIG_TARGET_ath79=y
CONFIG_TARGET_ath79_nand=y
CONFIG_TARGET_ath79_nand_DEVICE_netgear_wndr4300=y
CONFIG_ALL_KMODS=y
CONFIG_DEVEL=y
CONFIG_CCACHE=y
CONFIG_COLLECT_KERNEL_DEBUG=y
CONFIG_IMAGEOPT=y

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2019-11-02 19:29:30 +01:00
DENG Qingfang 2d00cf7515 libnl: update to 3.5.0
Update libnl to 3.5.0

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-11-01 21:19:40 +01:00
Vladimir Vid b2fdfe0727 uboot-mvebu: add support for Macronix mx25u12835f flash
Some of A3700 boards use mx25u12835f, specifically uDPU and ESPRESSObin v7.

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
2019-11-01 21:19:40 +01:00
Hauke Mehrtens 57ff06405e ustream-ssl: Update to latest git HEAD
465f8dc wolfssl: adjust to new API in v4.2.0
3b06c65 Update example certificate & key, fix typo
1c38fd8 wolfssl: enable CN validation
33308ee ustream-io-cyassl.c: fix client-mode connections
79d91aa Remove CyaSSL, WolfSSL < 3.10.4 support

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-01 21:19:40 +01:00
Hauke Mehrtens ddab758997 lantiq: Allow PKG_ASLR_PIE for DSL and voice drivers
When ASLR_PIE was activated globally these drivers failed to build
because the user space LDFLAGS leaked into the kernel build process.
This was fixed in upstream Linux kernel commit ce99d0bf312d ("kbuild:
clear LDFLAGS in the top Makefile") which went into Linux 4.17. The
lantiq target is now on Linux 4.19 only and these exceptions are not
needed any more.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-01 21:19:40 +01:00
Michal Cieslakiewicz f85d56bb03 ath79: add support for Netgear WNR2200
This patch adds ath79 support for Netgear WNR2200.
Router was previously supported by ar71xx target only (8 MiB variant).
Netgear WNR2200 has two flash versions - 8MiB sold in EU, US etc. and
16 MiB for Russia and China markets. Apart from flash size both variants
share the same hardware specification.

Specification
=============
  * Description: Netgear WNR2200
  * Loader: U-boot
  * SOC: Atheros AR7241 (360 MHz)
  * RAM: 64 MiB
  * Flash: 8 MiB or 16 MiB (SPI NOR)
	- U-boot binary: 256 KiB
	- U-boot environment: 64 KiB
	- Firmware: 7808 KiB or 16000 KiB
	- ART: 64 KiB
  * Ethernet: 4 x 10/100 LAN + 1 x 10/100 WAN
  * Wireless: 2.4 GHz b/g/n (Atheros AR9287)
  * USB: yes, 1 x USB 2.0
  * Buttons:
	- Reset
	- WiFi (rfkill)
	- WPS
  * LEDs:
	- Power (amber/green)
	- WAN (amber/green)
	- WLAN (blue)
	- 4 x LAN (amber/green)
	- WPS (green)
  * UART: 4-pin connector JP1, 3.3V (Vcc, TX, RX, GND), 115200 8N1
  * Power supply: DC 12V 1.5A
  * MAC addresses: LAN on case label, WAN +1, WLAN +2

Installation
============
  * TFTP recovery
  * TFTP via U-boot prompt
  * sysupgrade
  * Web interface

Test build configuration
========================
CONFIG_TARGET_ath79=y
CONFIG_TARGET_ath79_generic=y
CONFIG_TARGET_ath79_generic_DEVICE_netgear_wnr2200-8m=y
CONFIG_ALL_KMODS=y
CONFIG_DEVEL=y
CONFIG_CCACHE=y
CONFIG_COLLECT_KERNEL_DEBUG=y
CONFIG_IMAGEOPT=y
CONFIG_KERNEL_DEBUG_INFO=y
CONFIG_KERNEL_DEBUG_KERNEL=y

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2019-11-01 21:14:55 +01:00
Jo-Philipp Wich c2675bb0ce rpcd: update to latest Git HEAD
d442d62 plugin: fix double free in finish callback
ee26d83 main: exec_self: make clang analyzer happy
90e40bd file: exec: properly free memory on error
9ecfada uci: free configs list memory on return
32fba36 exec: always call finish_cb to allow plugin to free up memory
ca3e2d5 plugin: do not free method name separately
02c6e1d exec: properly free memory on rpc_exec() error
cc50263 plugin: exec: properly free memory on parse error
bd0ed25 uci: reset uci_ptr flags when merging set operations
37aa919 plugin: fix leaking invoked method name for exec plugins

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-01 13:26:59 +01:00
Yousong Zhou 289d532ddd dropbear: rebuild libs on config change
Required as dependency on dropbear config headers is not tracked in
dropbear build system

Fixes FS#2275

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-11-01 06:59:51 +00:00
Yousong Zhou 4bf9bec361 kernel: mark kmod-usb-serial-wwan as hidden
The kconfig symbol is an invisible one since its introduction.  It is
not supposed to be enabled on its own.

Resolves FS#1821

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-30 12:43:17 +00:00
Yousong Zhou f526e85426 base-files: hotplug-call: exit success when dir is absent
"block mount" invokes "hotplug-call mount".  It emits the following
error when mount is not present

	hotplug-call call failed

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-29 13:28:49 +00:00
David Bauer 641a93f0f2 ath10k-firmware: update wave 1 firmware to 10.2.4-1.0-00047
This fixes frequent crashes observed on a UniFi AC Mesh using OpenWrt
master and 19.07. 18.06 seems not affected from our testing.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-27 17:56:23 +01:00
David Bauer a3914783a3 ath10k-firmware: retrieve wave 1 firmware from kvalo
This commit changes the source of the Wave 1 ath10k-firmware
from linux-firmware to Kall Valos ath10k-firmware repository.

This is necessary as the firmware selected in linux-firmware produces
frequent crashes in some circumstances.

This patch can be removed as soon as linux-firmware carries
10.2.4-1.0-00047 firmware.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-27 14:51:24 +01:00
Rosen Penev cf8f9af0e0 util-linux: Disable utils requiring libpam
When the build system finds libpam, it enables building of these tools,
causing linker failures. Explicitly disable them as they are unused.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-10-27 14:25:30 +01:00
Jeff Kletsky 29b4f08405 ath79: uboot-envtools: Add GL-AR300M-Lite
Add the GL.iNet GL-AR300M-Lite to the list of supported boards.

Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
2019-10-24 23:06:41 +02:00
Yousong Zhou 49db2026e5 kernel: netfilter: reuse kconfig and files info from include dir
Less chance of missing out kconfig symbols at least

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-24 12:11:02 +00:00
Yousong Zhou 69b9f0161e toolchain: gcc: enable sanitizers for glibc toolchain
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-24 11:40:00 +00:00
David Bauer 7f187229a8 ipq40xx: add support for AVM FRITZ!Repeater 1200
Hardware
--------
SoC:   Qualcomm IPQ4019
RAM:   256M DDR3
FLASH: 128M NAND
WiFi:  2T2R IPQ4019 bgn
       2T2R IPQ4019 a/n/ac
ETH:   Atheros AR8033 RGMII PHY
BTN:   1x Connect (WPS)
LED:   Power (green/red/yellow)

Installation
------------

1. Grab the uboot for the Device from the 'u-boot-fritz1200'
   subdirectory. Place it in the same directory as the 'eva_ramboot.py'
   script. It is located in the 'scripts/flashing' subdirectory of the
   OpenWRT tree.

2. Assign yourself the IP address 192.168.178.10/24. Connect your
   Computer to one of the boxes LAN ports.

3. Connect Power to the Box. As soon as the LAN port of your computer
   shows link, load the U-Boot to the box using following command.

   > ./eva_ramboot.py --offset 0x85000000 192.168.178.1 uboot-fritz1200.bin

4. The U-Boot will now start. Now assign yourself the IP address
   192.168.1.70/24. Copy the OpenWRT initramfs (!) image to a TFTP
   server root directory and rename it to 'FRITZ1200.bin'.

5. The Box will now boot OpenWRT from RAM. This can take up to two
   minutes.

6. Copy the U-Boot and the OpenWRT sysupgrade (!) image to the Box using
   scp. SSH into the Box and first write the Bootloader to both previous
   kernel partitions.

   > mtd write /path/to/uboot-fritz1200.bin uboot0
   > mtd write /path/to/uboot-fritz1200.bin uboot1

7. Remove the AVM filesystem partitions to make room for our kernel +
   rootfs + overlayfs.

   > ubirmvol /dev/ubi0 --name=avm_filesys_0
   > ubirmvol /dev/ubi0 --name=avm_filesys_1

8. Flash OpenWRT peristently using sysupgrade.

   > sysupgrade -n /path/to/openwrt-sysupgrade.bin

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-23 01:17:28 +02:00
David Bauer c0f4078164 ipq-wifi: add AVM FRITZ!Repeater 1200 bdf
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-23 01:17:28 +02:00
David Bauer 36f43b61a7 uboot-fritz4040: update to latest HEAD
f92be9d add support for AVM FRITZ!Repeater 1200
d651302 enable support for Atheros AR8033 PHY
e4c857c add machtype override hack

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-23 01:17:28 +02:00
Hans Dedecker bf4ffa3cbe procd: update to latest git HEAD
258aa04 procd: Add cached and available to memory table

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-10-22 21:47:34 +02:00
David Bauer 2dd1755fe4 mac80211: fix build of rtw88
This commit fixes failing builds because of an incorrect configuration
for the kmod-rtw88 package.

RTW88_8822BE as well as RTW88_8822CE have to bes selected as "y" even
when building the driver as a module.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-22 15:16:41 +02:00
Roman Yeryomin 940844e077 base-files: uci-defaults: do config flush in one shot
Moving a file between tmpfs and other fs is neither
faster nor safer, thus no point in doing it in two steps.
Use new jshn option to write output directly to file.

Originally discussed here:
http://lists.openwrt.org/pipermail/openwrt-devel/2017-December/010127.html

Signed-off-by: Roman Yeryomin <roman@advem.lv>
2019-10-22 11:39:28 +02:00
Roman Yeryomin c0e7ec91a0 libubox: update to latest git HEAD
eb30a03 libubox, jshn: add option to write output to a file

Signed-off-by: Roman Yeryomin <roman@advem.lv>
2019-10-22 11:38:40 +02:00
David Bauer 7a577e9a59 firmware: add Realtek RTL8822BE/RTL8822CE firmware
This commit adds packages for the Realtek RTl8822BE/RTL8822CE firmware
to be used with the rtw88 driver.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-22 09:16:24 +02:00
David Bauer bb84bbe8fc mac80211: add rtw88 driver
This commits adds packaging for the new RTW88 driver from Realtek.
It supports the Realtek 8822BE/8822CE PCIe wireless chips.

For operation, the complementary firmware has to be loaded.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-22 09:16:24 +02:00
Petr Štetiar ed67b137c7 urngd: update to latest Git head
* 40f939d57c67 Tag version 1.0.1
 * 9e758e6e6aec jitterentropy-rngd: update to version v1.1.0 + clang compile fix
 * 193586a25adc Fix wrong types in format strings used in debug build
 * d474977bb611 Add initial GitLab CI support

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-10-21 22:04:20 +02:00
John Crispin f4aaee01fa Revert "build: separate signing logic"
This reverts commit 4a45e69d19.

This broke the buildbots

Signed-off-by: John Crispin <john@phrozen.org>
2019-10-21 16:26:24 +02:00
Paul Spooren 4a45e69d19 build: separate signing logic
This separates the options for signature creation and verification

* SIGNED_PACKAGES create Packages.sig
* SIGNED_IMAGES add ucert signature to created images
* CHECK_SIGNATURE add verification capabilities to images
* INSTALL_LOCAL_KEY add local key-build to /etc/opkg/keys

Right now the buildbot.git contains some hacks to create images that
have signature verification capabilities while not storing private keys
on buildbot slaves. This commit allows to disable these steps for the
buildbots and only perform signing on the master.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2019-10-21 14:06:42 +02:00
Tim Harvey f4f483f3ff uboot-envtools: remove erasesize from MMC config
Erasesize doesn't belong in the u-boot env config for block devices as it is
known to be 512 byte aligned.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2019-10-21 12:28:03 +02:00
Yousong Zhou e8f79474c9 libpcap: build with cmake
The main motivation is to drop and stop maintaining
"100-debian_shared_lib.patch".  It lacks the logic to include custom
implementation of several functions like pcap_strlcpy() which can cause
build failures when glibc is used [2]

CAN and CAN-USB support related symbols are now handled by general linux
support, see [1]

"-ffunction-sections -fdata-sections" were removed as they should help
much for shared libraries

Size comparison before and after the change

  -rw-r--r-- 1 yunion yunion 238042 Oct 18 11:42 ipkg-x86_64/libpcap/usr/lib/libpcap.so.1

  lrwxrwxrwx 1 yunion yunion     16 Oct 18 13:03 ipkg-x86_64/libpcap/usr/lib/libpcap.so.1 -> libpcap.so.1.9.1
  -rwxr-xr-x 1 yunion yunion 229867 Oct 18 13:03 ipkg-x86_64/libpcap/usr/lib/libpcap.so.1.9.1

[1] On Linux, handle all CAN captures with pcap-linux.c, in cooked mode,
    93ca5ff703
[2] https://github.com/openwrt/packages/issues/10270

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-21 01:37:43 +00:00
Eneas U de Queiroz cebf024c4d openssl: Add engine configuration to openssl.cnf
This adds engine configuration sections to openssl.cnf, with a commented
list of engines.  To enable an engine, all you have to do is uncomment
the engine line.

It also adds some useful comments to the devcrypto engine configuration
section.  Other engines currently don't have configuration commands.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-10-20 13:01:43 +02:00
Josef Schlehofer 9ba5cd86b8 strace: update to version 5.3
Makefile changes:
- moves PKG_MAINTAINER above PKG_LICENSE
- Change PKG_LICENSE to LGPL-2.1-or-later and correct PKG_LICENSE_FILES
- changes URL to a more appropriate one, which uses HTTPS
- adds 2 spaces as an indentation in description

Compile and run tested on Turris Omnia, mvebu

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-10-20 12:33:40 +02:00
leo chung 56ab58fb6c bzip2: add linker option LDFLAGS
if gcc not linker whith this LDFLAGS, "file libbz2.so.1.0.8" will
recognize as pie executable ELF file ( which should be shared object).

this because the file command version before 5.36 not recognize
correctly.

Signed-off-by: leo chung <gewalalb@gmail.com>
2019-10-19 12:49:11 +02:00
Mathew McBride 97bcbc690c kernel: add package for Epson RX-8025 and compatible I2C RTC
RX-8025 is an I2C RTC from Epson, some newer products such as the
RX-8035 are also compatible.

Signed-off-by: Mathew McBride <matt@traverse.com.au>
2019-10-19 12:49:11 +02:00
Hauke Mehrtens e6cadb215c mac80211: Update to version 5.4-rc2
This updates mac80211 to backports based on kernel 5.4-rc2

ath10k-ct was updated to match the API changes and iw now uses the new
nl80211.h header file.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-10-19 12:35:55 +02:00
Hauke Mehrtens 67dc023f87 mac80211: Update to version 5.3.6
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-10-19 12:35:55 +02:00
Florian Eckert c7c14aaad3 wwan: Double quote to prevent globbing and word splitting
Fix some shellcheck warnings.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-18 19:48:41 +02:00
Florian Eckert a78a539afd wwan: add ec25 to database
Add ec25 to database.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-18 19:48:21 +02:00
Florian Eckert 68b1b0bb39 wwan: add mc7304 to database
Add mc7304 to database.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-18 19:47:58 +02:00
Florian Eckert c45c7606cc wwan: check new uci bus option on proto setup event
If system has more then one and different wwan interface (modem). Then the
wwan protohandler will always take the modem which is discovered first.
The protohandler will always setup the same interface. To fix this add a
new usb "bus" option which is associated with wwan device and so will set
the specified interface up. With this change more then one interface
could be mananged by the wwan protohandler.

If the "bus" option is not set in the uci network config then the protohandler
behaves as before the change. The protohanldler will take the first
interface which he founds.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-10-18 19:46:21 +02:00
Alin Nastac ddf6ec29b4 procd: allow usage of * as procd_running() instance parameter
service_running() implementation in /etc/rc.common use it.
It is preferable to use wildcard than assuming the instance
name is the default one.

jsonfilter returns all matches when wildcards are used, hence
the -l 1 argument used to limit output to only one value.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2019-10-18 19:28:11 +02:00
Lucian Cristian 91aabae895 util-linux: add more command
at least vtysh needs it for proper listing, busybox is not modular so add it here

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-10-18 19:28:11 +02:00
Sean Kenny 9105057cc0 6in4: add rfc1918 check function
This is a precursor to adding proper support for multiple
6in4 tunnels with the already programmed tunlink parameter.
This is an essential sanity check so as to not break existing
and working behind NAT setups.

Signed-off-by: Sean Kenny <skenny@wfap.ca>

6in4: add myip he.net api parameter logic

This is to add proper support for multiple 6in4 tunnels
with the already programmed tunlink parameter.
As it stands before this commit, if there is a multi wan setup that
consists of dynamic ips, there is no way to use the
dynamic update feature as the he.net api is implicitly using
the ip address of the caller. This will explicitly use the
ipaddr specified in the interface config OR the ip of the
tunlink interface specified in the dynamic update api call instead
ONLY if the final resolved ipaddr variable is not an rfc1918 address.

Signed-off-by: Sean Kenny <skenny@wfap.ca>
2019-10-18 19:23:07 +02:00
Alin Nastac d3b0459c93 lua: install luac symlink on host
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2019-10-18 19:23:07 +02:00
Christian Franke d544bc84a0 lantiq: Fix fw_cutter LzmaWrapper
The destination buffer size `d_len` is passed to `lzma_inflate` as a
pointer. Therefore, it needs to be dereferenced to compare its content.

Signed-off-by: Christian Franke <nobody@nowhere.ws>
2019-10-18 13:39:34 +02:00
Bjørn Mork 07b5c59232 kernel: fix MBIM description
Signed-off-by: Bjørn Mork <bjorn@mork.no>
2019-10-17 21:40:22 +02:00
Jo-Philipp Wich 889b841048 fwtool: do not omit final 16 byte when image does not contain signature
The fwutil command will interpret the final 16 byte of a given firmware
image files as "struct fwimage_trailer".

In case these bytes do look like a valid trailer, we must ensure that we
print them out along with the remainder of the image to not accidentally
truncate non-trailer-images by 16 bytes when they're piped through fwtool,
e.g. as part of an image verification command sequence.

Some command sequences pipe images through fwtool in order to strip any
possible metadata, certificate or signature trailers and do not expect
bare images without any of that metadata to get truncated as other non-
fwtool specific metadata is expected at the end of the file, e.g. an
information block with an md5sum in case of the combined image format.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-17 17:07:12 +02:00
Kevin Darbyshire-Bryant 9d5e266cb1 wireguard: bump to latest snapshot 20191012
8eb8443 version: bump snapshot
be09cf5 wg-quick: android: use Binder for setting DNS on Android 10
4716f85 noise: recompare stamps after taking write lock
54db197 netlink: allow preventing creation of new peers when updating
f1b87d1 netns: add test for failing 5.3 FIB changes
a3539c4 qemu: bump default version

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-10-16 16:13:39 +01:00
Jo-Philipp Wich bc61458b73 iwinfo: update to latest Git HEAD
07315b6 nl80211: handle hidden SSIDs in wpa_supplicant scan results
3ac846e lua: fix string description of mixed WPA3 modes

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-16 16:48:40 +02:00
Florian Eckert a5ec41b0e5 mac80211: add new acs_exclude_dfs option
The channel can be selected automatically at run time by setting
channel=acs_survey or channel=0, both of which will enable the ACS survey
based algorithm in hostapd. If the option acs_exclude_dfs is set in the
hostpad config DFS channels from ACS are excluded on channel selection.

This commit will add the possibilty to exclude the dfs channel on ACS
survey.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-10-15 23:27:47 +02:00
Martin Schiller 71e04091a9 lantiq: fix dsl_control status handling.
Commit 7519a36774 ("base-files,procd: add generic service status")
introduced the generic 'status' command which broke the previous
dsl_control status output. To fix this, let's rename the "old" command
to "dslstat".

Fixes: 7519a36774 ("base-files,procd: add generic service status")
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2019-10-15 23:23:08 +02:00
Daniel Engberg f351beedfd libevent2: Update to 2.1.11
Update libevent to 2.1.11
Use CMake instead GNU Autotools
Backport following commits:
f05ba67193
..and partially
7201062f3e
to fix compilation

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-10-15 22:35:14 +02:00
Rosen Penev 4533ba6810 lua: fix linking under glibc
Compilation of liblua itself works, but when other packages link against
it, the linker starts throwing undefined references to a bunch of math
functions in libm.

First discovered in a failed attempt to transition a package to uClibc++.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[fix commit title capitalization]
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-15 18:13:54 +02:00
Adrian Schmutzler 48b5d08a48 treewide: use a single ath10k MAC patching function with checksum
While all ath10k eeproms have a checksum field, so far two
functions for patching ath10k MAC address have been present (and
been used).

This merges code to provide a single function ath10k_patch_mac
in caldata.sh, having its name in accordance with ath9k functions.
By doing so, correct MAC patching for current and future ath10k
devices should be ensured.

This patch adds checksum adjustments for several targets on
ath79 and lantiq.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-10-15 18:13:54 +02:00
Koen Vandeputte 089b4f16aa gdb: bump to 8.3.1
GDB 8.3.1 brings the following fixes and enhancements over GDB 8.3:

PR c++/20020 (GDB segfault on printing objects)
PR gdb/24454 (nat/x86-linux-dregs.c failed assertion)
PR breakpoints/24541 (Incorrect evaluation of systemtap probes due to register being signed and probe expression assuming unsigned)
PR symtab/24545 (Symbol loading performance regression with cc1)
PR gdb/24592 (amd64->i386 linux syscall restart problem)
PR gdb/25009 (terminate called after throwing an instance of 'srchilite::ParserException')
PR gdb/25010 (Calls to error () can cause SIGTTOU to send gdb to the background)
PR breakpoints/25011 (Breakpoints on file reloads broken for PIE binaries)

This corrective release also brings the following testsuite fixes and
enhancements:

PR testsuite/25005 (gdb-caching-proc.exp takes a lot of time on skip_opencl_tests)
PR testsuite/25016 (Test-case failures for -pie)

GDB 8.3 includes the following changes and enhancements:

* Support for new native configurations (also available as a target configuration):
     - RISC-V GNU/Linux (riscv*-*-linux*)
     - RISC-V FreeBSD (riscv*-*-freebsd*)

* Support for new target configurations:
     - CSKY ELF (csky*-*-elf)
     - CSKY GNU/Linux (csky*-*-linux)
     - NXP S12Z ELF (s12z-*-elf)
     - OpenRISC GNU/Linux (or1k*-*-linux*)

* Native Windows debugging is only supported on Windows XP or later.

* The Python API in GDB now requires Python 2.6 or later.

* GDB now supports terminal styling for the CLI and TUI.
  Source highlighting is also supported by building GDB with GNU
  Highlight.

* Experimental support for compilation and injection of C++ source
  code into the inferior (requires GCC 7.1 or higher, built with
  libcp1.so).

* GDB and GDBserver now support IPv6 connections.

* Target description support on RISC-V targets.

* Various enhancements to several commands:
     - "frame", "select-frame" and "info frame" commands
     - "info functions", "info types", "info variables"
     - "info thread"
     - "info proc"
     - System call alias catchpoint support on FreeBSD
     - "target remote" support for Unix Domain sockets.

* Support for displaying all files opened by a process

* DWARF index cache: GDB can now automatically save indices of DWARF
  symbols on disk to speed up further loading of the same binaries.

* Various GDB/MI enhancements.

* GDBserver on PowerPC GNU/Linux now supports access to the PPR,
  DSCR, TAR, EBB/PMU, and HTM registers.

* Ada task switching support when debugging programs built with
  the Ravenscar profile added to aarch64-elf.

* GDB in batch mode now exits with status 1 if the last executed
  command failed.

* Support for building GDB with GCC's Undefined Behavior Sanitizer.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-15 16:11:28 +02:00
Jo-Philipp Wich 57b834281b iwinfo: update to latest Git HEAD
a29b7d4 nl80211: align path to phy mapping logic with mac80211.sh

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-15 15:52:01 +02:00
Hans Dedecker 34c4741da0 odhcpd: update to latest git HEAD
9a4531a ndp: fix endian issue

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-10-14 21:35:09 +02:00
Adrian Schmutzler 2c60de0e3f treewide: move MAC address patch functions to common library
This unifies MAC address patch functions and moves them to a
common script. While those were implemented differently for
different targets, they all seem to do the same. The number of
different variants is significantly reduced by this patch.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-10-14 12:36:02 +02:00
Adrian Schmutzler 5b6a809092 treewide: move calibration data extraction function to library
This moves the almost identical calibration data extraction
functions present multiple times in several targets to a single
library file /lib/functions/caldata.sh.

Functions are renamed with more generic names to merge different
variants that only differ in their names.

Most of the targets used find_mtd_chardev, while some used
find_mtd_part inside the extraction code. To merge them, the more
abundant version with find_mtd_chardev is used in the common code.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[rebase on latest master; add mpc85xx]
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-13 21:48:58 +02:00
Adrian Schmutzler c1388a2deb base-files: move xor() from caldata extraction to functions.sh
The xor() function is defined in each of the caldata extraction
scripts for several targets. Move it to functions.sh to reduce
duplicate code.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-10-13 19:03:57 +02:00
Stijn Tintel 4b9a07336a kernel: add kmod-iio-bme680
This driver supports the Bosch Sensortec BME680 gas, humidity, pressure
and temperature sensor.

Tested I2C and SPI modes on a Raspberry Pi Zero W.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-10-13 13:08:04 +03:00
Ali MJ Al-Nasrawy 10f5eb0398 trelay: log "started" and "stopped"
It is informative especially when using multiple device pairs.

Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
2019-10-12 23:51:29 +02:00
Ali MJ Al-Nasrawy c2635b871d trelay: fix deadlock on remove
Upon writing to "remove" file, debugfs_remove_recursive() blocks while
holding rtnl_lock. This is because debugfs' file_ops callbacks are
executed in debugfs_use_file_*() context which prevents file removal.

Fix this by only flagging the device for removal and then do the cleanup
in file_ops.release callback which is executed out of that context.

Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
2019-10-12 23:51:29 +02:00
Ali MJ Al-Nasrawy 77cfc0739d trelay: handle netdevice events correctly
Since v3.11, netdevice notification data are of type
"struct netdev_notifier_info". Handle it as such!

This should fix a critical bug in which devices are unable get released
because trelay does not release resources in response to UNREGISTER
event spamming the log with something like:

unregister_netdevice: waiting for eth0.1 to become free. Usage count = 1

Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
2019-10-12 23:51:29 +02:00
Ruixi Zhou b30e481b6c kernel: NFSD: add dependency kmod-crypto-arc4 for kmod-fs-nfs-common-rpcsec
crypto-arc4 move into a module with commit c3a78955f3,
fs-nfs-common-rpcsec compile error without arc4 support.

Ref: https://github.com/openwrt/packages/issues/9912

Fixes: c3a78955f3 ("kernel: move crypto-arc4 into a module")
Signed-off-by: Ruixi Zhou <zhouruixi@gmail.com>
2019-10-12 23:51:08 +02:00
Val Kulkov b10a453367 base-files: coreutil-date breaks setting kernel timezone
"coreutil-date" package from the packages feed replaces the Busybox date
applet by symlinking /usr/bin/gnu-date to /bin/date. This prevents the system
init script from setting kernel timezone because the GNU date utility does not
provide such functionality:

   root@OpenWrt:~# date -k
   date: invalid option -- 'k'
   Try 'date --help' for more information.

A specific reference to the Busybox date applet prevents alternative date
utilities from breaking the system init script.

Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
2019-10-12 23:43:08 +02:00
Eneas U de Queiroz ee5a3f6d60 hostapd: adjust to removal of WOLFSSL_HAS_AES_GCM
WolfSSL is always built with AES-GCM support now.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-10-12 23:43:08 +02:00
Rosen Penev 6ab386c9bc uClibc++: Fix three bugs
The first allows usage of several functions in the std namespace, which
broke compilation of gddrescue specifically with uClibc-ng and uClibc++.

The second allows usage of long long with normal C++11, which is part of
the standard. Before, std=gnu++11 needed to be passsed to work around it.

As a result of the second patch, the pedantic patch can safely be removed.

Both patches are upstream backports.

Added -std=c++11 to CFLAGS to guarentee proper inclusion of long long.

Added another patch that fixes a typo with the long long support. Sent to
upstream.

Fixed up license information according to SPDX.

Small cleanups for consistency.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-10-12 23:43:08 +02:00
Sungbo Eo 9f73fad359 kernel: fix typos in video KernelPackage description
Fixes: 4b3d17b709 ("kernel: add kmod-fb-sys-ram")
Fixes: b774acb479 ("package/modules: add missing gspca video drivers for 2.6.32 (patch from #6595)")

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2019-10-12 23:37:00 +02:00
Sungbo Eo 60acddc960 uboot-oxnas: remove unnecessary execute permission bit
.c files do not need to be executable. 644 is enough.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2019-10-12 23:37:00 +02:00
DENG Qingfang 394273c066 tcpdump: update to 4.9.3
Fixed CVEs:
	CVE-2017-16808
	CVE-2018-10103
	CVE-2018-10105
	CVE-2018-14461
	CVE-2018-14462
	CVE-2018-14463
	CVE-2018-14464
	CVE-2018-14465
	CVE-2018-14466
	CVE-2018-14467
	CVE-2018-14468
	CVE-2018-14469
	CVE-2018-14470
	CVE-2018-14879
	CVE-2018-14880
	CVE-2018-14881
	CVE-2018-14882
	CVE-2018-16227
	CVE-2018-16228
	CVE-2018-16229
	CVE-2018-16230
	CVE-2018-16300
	CVE-2018-16301
	CVE-2018-16451
	CVE-2018-16452
	CVE-2019-15166
	CVE-2019-15167

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-10-12 23:37:00 +02:00
DENG Qingfang 44f11353de libpcap: update to 1.9.1
Fixed CVEs:
	CVE-2018-16301
	CVE-2019-15161
	CVE-2019-15162
	CVE-2019-15163
	CVE-2019-15164
	CVE-2019-15165

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-10-12 23:37:00 +02:00
Hauke Mehrtens 9caa86fba5 kernel: kmod-rtc-pcf2127: Fix dependencies
Add missing dependencies to i2c-core and regmap-spi. These get activated
when these modules are build in this driver, which is the case when we
build all modules. This fixes the build on some targets. This was found
by the buildbot.

Fixes: 34e2526f9f ("kernel: add kmod-rtc-pcf2127")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-10-12 22:36:23 +02:00
Petr Štetiar 36c6f4a011 libnl-tiny: fix package mirror hash
Current hash doesn't match with the content of the source tarball.

Fixes: a92f74ba8d ("libnl-tiny: move source code into separate Git repository")
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-10-11 22:48:06 +02:00
Felix Fietkau 7a8bcf36c7 mt76: update to the latest version
71c2ef0420b5 mt76: fix aggregation stop issue
5b02a078d4a7 mt76: add missing locking around ampdu action
7d8764d320cf mt76: avoid enabling interrupt if NAPI poll is still pending
d94cc81d3980 mt76: drop rcu read lock in mt76_rx_aggr_stop
c11a4ad06d9d mt76: mt76x0: eeprom: add support for MAC address from OF
01642d8bed33 mt76: mt76x02: fix use-after-free in tx status code handling airtime
391e1488f885 mt76: add sanity check for a-mpdu rx wcid index
d3a589586d1b mt76: fix a-mpdu boundary detection issue for airtime reporting

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-10-10 23:10:01 +02:00
Hans Dedecker f8b58757d0 ppp: update to version 2.4.7.git-2019-10-04
0d004db Revert "pppd: Include time.h before using time_t"
e400854 pppdump: Eliminate printf format warning by using %zd
7f2f0de pppd: Refactor setjmp/longjmp with pipe pair in event wait loop
4e71317 make: Avoid using host include for cross-compiling
3202f89 pppoe: Remove the use of cdefs
d8e8d7a pppd: Remove unused rcsid variables
486f854 pppd: Fix GLIBC version test for non-glibc toolchains
b6cd558 pppd: Include time.h before using time_t
ef8ec11 radius: Fix compiler warning
f6330ec magic: Remove K&R style of arguments
347904e Add Submitting-patches.md

Remove patches 130-no_cdefs_h.patch, 131-missing_prototype_macro.patch,
132-fix_linux_includes.patch as fixed upstream
Refresh patches

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-10-10 22:37:10 +02:00
Stefan Lippers-Hollmann f690b6f472 mac80211: fix scan when operating on DFS channels in ETSI domains
In non-ETSI regulatory domains scan is blocked when operating channel
is a DFS channel. For ETSI, however, once DFS channel is marked as
available after the CAC, this channel will remain available (for some
time) even after leaving this channel.

Therefore a scan can be done without any impact on the availability
of the DFS channel as no new CAC is required after the scan.

Enable scan in mac80211 in these cases.

Signed-off-by: Aaron Komisar <aaron.komisar@tandemg.com>
Link: https://lore.kernel.org/r/1570024728-17284-1-git-send-email-aaron.komisar@tandemg.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2019-10-09 21:00:02 +02:00
Klaus Kudielka 3a4f587c46 base-files: upgrade: add case to export_bootdevice
The factory uboot of the Turris Omnia boots with "root=b301", and we
instruct new users to sysupgrade from there (e.g. method 1, step 7).
Currently, this will fail with "Unable to determine upgrade device".
Add a new case to export_bootdevice, which parses the hex argument.

Fixes commit 2e5a0b81 ("mvebu: sysupgrade: sdcard: keep user added ...")

Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
2019-10-09 21:00:02 +02:00
Paul Spooren a9e4e595e1 openssl: add gcc-8 -ffile-prefix-map filter
gcc-8 switch -ffile-prefix-map helps a lot with reproducible build paths
in the resulting binaries.

Ref: https://reproducible-builds.org/docs/build-path/
Signed-off-by: Paul Spooren <mail@aparcar.org>
[refactored into separate commit]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-10-09 09:13:44 +02:00
Petr Štetiar a92f74ba8d libnl-tiny: move source code into separate Git repository
In order to make the source code usable and testable separately out of
buildroot.

Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-10-09 09:13:44 +02:00
Felix Fietkau 9c033242b1 mac80211: add an improved moving average algorithm to minstrel
Improves rate control responsiveness and performance

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-10-08 19:34:45 +02:00
David Bauer 97c37f8dd0 mac80211: ath10k: fix latency issue for QCA988x
This backport fixes high latency (>100ms) on the WiFi link when using a
QCA988x Wave 1 radio. The ath10k-ct driver is not affected by this bug
from my testing, hence why it hasn't been discovered earlier.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-06 21:28:49 +02:00
Robert Marko 34e2526f9f kernel: add kmod-rtc-pcf2127
Add kernel module to support NXP PCF2127 and PCF2129 RTC clocks.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2019-10-06 21:26:11 +02:00
Hans Dedecker 27bf8abe69 firewall: update to latest git HEAD
daed0cf utils: fix resource leak

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-10-04 20:42:26 +02:00
Hans Dedecker 1ed5c1b146 odhcpd: update to latest git HEAD
e76ad06 netlink: fix potential infinite loops

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-10-04 20:42:17 +02:00
Hauke Mehrtens 9a4fb78e7c iw: Update to version 5.3
Wifi HE (ieee80211ax) parsing is currently only activated in the full
version because it increases the compressed size by 2.5KBytes.

This also activates link time optimization (LTO) again, the problem was
fixed upstream

This increases the uncompressed binary size of iw-tiny by about 1.7%

old:
34446 iw_5.0.1-1_mipsel_24kc.ipk
new:
35064 iw_5.3-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-10-03 17:59:19 +02:00
Felix Fietkau 9f07d1519c grub2: fix a build regression on non-linux systems
Merge an upstream commit to correct a missing rename in generic code

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-10-02 13:16:21 +02:00
Daniel Golle 0714a11bee mac80211: rt2x00: backport 'rt2x00: initialize last_reset'
https://patchwork.kernel.org/patch/11161981/
--
From: Stanislaw Gruszka <sgruszka@redhat.com>
Subject: [PATCH] rt2x00: initialize last_reset

Initialize last_reset variable to INITIAL_JIFFIES, otherwise it is not
possible to test H/W reset for first 5 minutes of system run.

Fixes: e403fa31ed71 ("rt2x00: add restart hw")
Reported-and-tested-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
--

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-10-01 15:54:53 +02:00
Hans Dedecker 6077cde98a ethtool: bump to 5.3
76c4682 Release version 5.3.
3870efc ethtool: dump nested registers
7c06fa8 gitignore: ignore vim swapfiles and patches
49d1401 ethtool: igb: dump RR2DCDELAY register

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-30 21:53:35 +02:00
Jo-Philipp Wich f2b9181bb1 iwinfo: update to latest Git HEAD
2a95086 nl80211: recognize SAE encrypted mesh

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-30 12:44:13 +02:00
Felix Fietkau fca9b5e4fb mt76: update to the latest version
0167bfa7b277 mt76: make mt76_rx_convert static
1d2acd5639d7 mt76: mt76x0: remove redundant chandef copy
496c78e4f0d3 mt76: mt76x0: remove unneeded return value on set channel
67973788f47f mt76: mt7615: introduce mt7615_txwi_to_txp utility routine
c7f82146ef96 mt76: mt7615: add support to read temperature from mcu
e07407ac1279 mt7603: fix build with CONFIG_KERNEL_DYNAMIC_DEBUG=y
8739f87e9aeb mt76: mt7615: fix control frame rx in monitor mode
9c5df3cb6a6d mt76: remove aggr_work field from struct mt76_wcid
0efbc5d1c271 mt76: use cancel_delayed_work_sync in mt76_rx_aggr_shutdown
0308d75f28e4 mt76: remove empty flag in mt76_txq_schedule_list
a20c20bbe88d mt76: usb: add lockdep_assert_held in __mt76u_vendor_request
b140512e73bf mt76: mt76x0e: make array mt76x0_chan_map static const, makes object smaller
63e815254075 mt76: mt7615: enable SCS by default
f3792b550fdb mt76: mt76x02: move mac_reset_counter in mt76x02_lib module
0355b7ae2b05 mt76: mt76x2: move mt76x02_mac_reset_counters in mt76x02_mac_start
c39488772d6b mt76: mt76x0u: reset counter starting the device
0b01aceeeff8 mt76: mt76x02u: move mt76x02u_mac_start in mt76x02-usb module
fbc59e64396e mt76: move queue debugfs entry to driver specific code
1118b5ea76be mt76: mt7615: add queue entry in debugfs
23e8aed3ac99 mt76: move aggr_stats array in mt76_dev
696c0fc5516a mt76: mt7615: collect aggregation stats
081926aa7b27 mt76: mt7603: collect aggregation stats
ea3ab68c7589 mt76: mt7615: fix mt7615 firmware path definitions
1ddcadb72e96 mt76: mt7603: remove q_rx field from struct mt7603_dev
202776352b0a mt76: report rx a-mpdu subframe status
b0429879eab2 mt76: rename mt76_driver_ops txwi_flags to drv_flags and include tx aligned4
a1d6891501a1 mt76: store current channel survey_state in struct mt76_dev
f34b1ae42cd0 mt76: track rx airtime for airtime fairness and survey
ee310307ad42 mt76: mt7603: track tx airtime for airtime fairness and survey
fdf0163fd101 mt76: mt7603: switch to a different counter for survey busy time
de118bb403d1 mt76: unify channel survey update code
3429cc7d36da mt76: mt76x02: move MT_CH_TIME_CFG init to mt76x02_mac_cc_reset
0e5050ee799c mt76: mt76x02: track approximate tx airtime for airtime fairness and survey
028071d9594c mt76: mt7615: report tx_time, bss_rx and busy time to mac80211
d91f7c1bcdf7 mt76: mt7615: fix survey channel busy time
2579122ba209 mt76: mt7615: introduce mt7615_mac_wtbl_update routine
81f2be0c459f mt76: mt7615: track tx/rx airtime for airtime fairness
e7199f944793 mt76: enable airtime fairness
8f22de061129 mt76: do not use devm API for led classdev
6f7d0f503d10 mt76: fix use-after-free bug in airtime fairness code

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-09-29 22:16:27 +02:00
Felix Fietkau d25cc3207d iw: add patch to include local BSS rx time in survey information
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-09-29 22:16:27 +02:00
Felix Fietkau 6a3739dc42 mac80211: add patch to include local BSS rx time in survey information
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-09-29 22:16:27 +02:00
DENG Qingfang eddbd68b6d iproute2: update to 5.3.0
Update iproute2 to 5.3.0

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-09-28 21:26:53 +02:00
Brandy Krueger 1fe1a200d9 wireguard: bump to 0.0.20190913
Changes since 0.0.20190702:

define conversion constants for ancient kernels
android: refactor and add incoming allow rules
enforce that unused bits of flags are zero
immediately rekey all peers after changing device private key
support running in OpenVZ environments
do not run bc on clean target
skip peers with invalid keys
account for upstream configuration maze changes
openbsd: fix alternate routing table syntax
account for android-4.9 backport of addr_gen_mode
don't fail down when using systemd-resolved
allow specifying kernel release
enforce named pipe ownership and use protected prefix
work around ubuntu breakage
support newer PaX
don't rewrite siphash when it's from compat
squelch warnings for stack limit on broken kernel configs
support rhel/centos 7.7

Signed-off-by: Brandy Krueger <krueger.brandy24@gmail.com>
2019-09-28 21:01:53 +02:00
David Bauer af63436d2d uboot-fritz4040: update to 2019-09-07
572ff7f fritzcreator: actually add checksum spacer
6edce1a fritzcreator: replace obscure padding generation with something more portable
2ff189f add ASUS RT-AC58U "easy install" factory u-boot shim
b91f9c2 readd spi-nand support
486ae53 improve cmd_sysupgrade
b0933f1 replace sstrip with strip
882e48a do not include generated files into git
0c5aa5f fix bugs in ipq40xx_cdp.c

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-09-25 22:42:03 +02:00
Jo-Philipp Wich ced4c0e635 iwinfo: update to latest Git HEAD
313e827 nl80211: keep awaiting wpa_supplicant scan results on busy response
a766751 nl80211: fix parsing of mixed wpa encryption in wpa_supp scan results
f096bfd utils: support parsing SAE and OWE key management suites from IEs

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-22 18:58:50 +02:00
Hauke Mehrtens 49cc712b44 hostapd: Add mesh support for wpad full
This increases the size of the binary slightly:

old:
427722 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
431696 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk

new:
442109 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
445997 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-22 17:39:51 +02:00
Hauke Mehrtens 998686364d hostapd: use getrandom syscall
hostapd will not use the getrandom() syscall and as a fallback use
/dev/random, the syscall is supported since Linux 3.17 and in the musl,
glibc and uclibc version used by OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-22 17:39:51 +02:00
Hauke Mehrtens 0d86bf518a hostapd: Remove unneeded patch
All the content of this function is proceeded by IEEE8021X_EAPOL no code
accesses the ssid variable outside of this ifdef.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-22 17:39:51 +02:00
Hauke Mehrtens 9b4a27455c hostapd: use config option CONFIG_NO_LINUX_PACKET_SOCKET_WAR
Instead of patching the workaround away, just use the config option.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-22 17:39:51 +02:00
Hauke Mehrtens 167028b750 hostapd: Update to version 2.9 (2019-08-08)
The size of the ipkgs increase a bit (between 0.7% and 1.1%):

old 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk

new 2019-08-08 (2.9):
290217 wpad-basic_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
258745 wpad-mini_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
431732 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
427641 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-22 17:39:38 +02:00
Hauke Mehrtens 8af79550e6 hostapd: Update to version 2.8 (2019-04-21)
This also syncs the configuration files with the default configuration
files, but no extra options are activated or deactivated.

The mesh patches were partially merged into hostapd 2.8, the remaining
patches were extracted from patchwork and are now applied by OpenWrt.
The patches still have open questions which are not fixed by the author.
They were taken from this page:
https://patchwork.ozlabs.org/project/hostap/list/?series=62725&state=*

The changes in 007-mesh-apply-channel-attributes-before-running-Mesh.patch
where first applied to hostapd, but later reverted in hostapd commit
3e949655ccc5 because they caused memory leaks.

The size of the ipkgs increase a bit (between 1.3% and 2.3%):

old 2018-12-02 (2.7):
283337 wpad-basic_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
252857 wpad-mini_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
417473 wpad-openssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
415105 wpad-wolfssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk

new 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2019-09-22 17:39:26 +02:00
Daniel Golle 4fc0a61ed3 ltq-vdsl-fw: update firmware filename and download URL
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-09-21 15:12:45 +02:00
Jo-Philipp Wich 2a603cfcfc rpcd: update to latest Git HEAD
95f0973 file: increase minimum read buffer size to 4096 bytes

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-21 15:04:18 +02:00
Hauke Mehrtens 81e93fff7d usign: update to latest Git HEAD
f34a383 main: fix some resource leaks

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-21 01:12:35 +02:00
Hauke Mehrtens 541a321070 fstools: update to latest Git HEAD
4327ed4 mkdev: Avoid out of bounds read
9b3eb63 libblkid-tiny: use blkid_probe_set_utf8label for label set
c9d0462 libblkid-tiny: adds blkid_probe_set_utf8label support

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-21 01:12:35 +02:00
Hauke Mehrtens a700b5353a procd: update to the latest git HEAD
8e9fb51 procd: Switch to nanosleep
c844ace system: Fix possible integer overflows

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-21 01:12:35 +02:00
Hauke Mehrtens a6981604b3 hostapd: Fix AP mode PMF disconnection protection bypass
This fixes
* CVE-2019-16275 AP mode PMF disconnection protection bypass
https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-21 01:12:35 +02:00
Hal Martin 3819c1638a sunxi: Add support for Banana Pi M2 Ultra
CPU: Allwinner R40 Quad-Core Cortex-A7 @ 1.2GHz
GPU: Mali 400 MP2
Memory: 2GB DDR3 onboard (shared with GPU)
Onboard: Storage microSD card slot
Onboard: Storage 8GB eMMC
Onboard: Network 10/100/1000M Ethernet RJ45
Onboard: Network WiFi 802.11b/g/n 1x1 (AMPAK AP6212; brcmfmac)
Onboard header: SPI, I2C, GPIO, UART
USB: Two USB 2.0 Host, One USB 2.0 OTG

Known issues:
- WiFi doesn't work
- eMMC not supported

Signed-off-by: Hal Martin <hal.martin@gmail.com>
2019-09-21 01:12:35 +02:00
Rosen Penev f4da28c301 elfutils: Add host build
Needed for glib2 host build:

gresource-tool.c:32:20: fatal error: libelf.h: No such file or directory
 #include <libelf.h>

Changed PKG_LICENSE to the SPDX version.

Switched build dependency for argp-standalone to !USE_GLIBC. argp is a
glibc extension. Treat it as such.

Adjusted patch to use strerror_l, which works properly with both glibc
and musl. The patch errors under glibc with:

dwfl_error.c:158:7: error: ignoring return value of 'strerror_r', declared
with attribute warn_unused_result [-Werror=unused-result]
       strerror_r (error & 0xffff, s, sizeof(s));

void casting does not fix the error.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-09-21 01:09:30 +02:00
Eneas U de Queiroz ab19627ecc wolfssl: allow building with hw-crytpo and AES-CCM
Hardware acceleration was disabled when AES-CCM was selected as a
workaround for a build failure.  This applies a couple of upstream
patches fixing this.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-20 20:54:10 +02:00
Magnus Kroken 49d96ffc5c mbedtls: update to 2.16.3
Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch,
the issue has been fixed upstream.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2019-09-20 19:32:04 +02:00
Rosen Penev 977a8fc5fc uClibc++: Remove faulty patch
This patch was originally added to fix compilation with v4l2rtspserver.
Turns out it was v4l2rtspserver that was broken, not uClibc++. This now
causes issues with a different package where the arguments are being
split.

Note that with this patch, shellcheck throws an error:

SC2068: Double quote array expansions to avoid re-splitting elements.

More: https://github.com/openwrt/packages/pull/9972#discussion_r324878373

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-09-20 19:30:51 +02:00
Jo-Philipp Wich d6bd3fd5c4 iwinfo: update to latest Git HEAD
02112f9 cli: fix reporting of mixed WPA2/WPA3 versions
7faeaea nl80211: properly detect WEP encryption in wpa_supp scan results
629b5ff nl80211: do not confuse open connections with WEP ones
3d47ddd nl80211: rework hostapd and wpa_supplicant wpa suite parsing

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-20 13:32:49 +02:00
Jo-Philipp Wich abb4f4075e hostapd: mirror ieee80211w ap mode defaults in station mode
For AP mode, OpenWrt automatically sets ieee80211w to either 1 or 2, depending
on whether the encryption is set to sae-mixed, or sae/owe/eap suite-b.

Mirror the same defaults for client mode connections, in order to allow an
OpenWrt station to associate to an OpenWrt ap with SAE, OWE or Suite-B encryption
without the need to manually specify "option ieee80211w" on the station.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-20 13:27:28 +02:00
Jo-Philipp Wich 4209b28d23 hostapd: fix OWE settings in client mode
This changes fixes the generation of the wpa_supplicant client configuration
in WPA3 OWE client mode. Instead of incorrectly emitting key_mgmt=NONE, use
the proper key_mgmt=OWE setting instead.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-20 13:27:21 +02:00
Alberto Bursi 827f47749b kernel: add module for Emulex OneConnect 10Gbit
add module to support Emulex OneConnect
common in 10Gbit SFP+ cards by Dell/HP/IBM
supports OneConnect OCe10xxx OCe11xxx OCe14xxx, 
LightPulse LPe12xxx

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2019-09-19 23:43:27 +02:00
Leon M. George f974f8213b hostapd: declare struct wpa_bss early
wps_supplicant.h assumes that 'struct wpa_bss' is forward declared if
CONFIG_WPS is not defined.  With the later inclusion of
600-ubus_support, the issue manifests in warnings like these:

wps_supplicant.h:113:15: warning: 'struct wpa_bss' declared inside parameter list will not be visible outside of this definition or declaration
        struct wpa_bss *bss)
               ^~~~~~~

This patch forward declares 'struct wpa_bss' regardless.

Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-19 23:43:27 +02:00
Leon M. George a123df2758 hostapd: revert signature change in patch
The original wpa_hexdump uses a 'void *' for the payload.  With patch
410-limit_debug_messages, the signature changes and compiler warnings
occur at various places.  One such warning is:

 wpa_debug.h:106:20: note: expected 'const u8 * {aka const unsigned char *}' but argument is of type 'struct wpa_eapol_key *'

Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-19 23:43:27 +02:00
Adrian Schmutzler 469e347f19 base-files: provide option to specify label MAC address in board.d
For many devices, MAC addresses cannot be retrieved via the
device tree alias.

To still provide the label MAC address for those, this implements
a second mechanism that will put the address into uci config.
Note that this stores the actual MAC address, whereas in DTS
we reference the bearing device.

This is based on the work of Rosy Song <rosysong@rosinson.com>

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-09-19 23:43:27 +02:00
Adrian Schmutzler 0340718863 base-files: add function to retrieve label MAC address
To refer to the MAC address on a device's label, one can
specify the alias label-mac-device in the DTS which should
point to the bearer of the corresponding MAC address.

With the function get_mac_label, the user can retrieve then
retrieve this address and use it as a value that uniquely
identifies his device.

This is severely helpful for several downstream functionalities,
e.g. define MAC addresses of custom netifs or change the SSID to
be easily recognizable.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-09-19 23:43:27 +02:00
Hans Dedecker 71cf4a272c curl: bump to 7.66.0
Refresh patches, for changes in version 7.66.0 see https://curl.haxx.se/changes.html#7_66_0

Fixes CVEs:
    CVE-2019-5481
    CVE-2019-5482

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-19 22:23:01 +02:00
Eneas U de Queiroz d868d0a5d7 openssl: bump to 1.1.1d
This version fixes 3 low-severity vulnerabilities:

- CVE-2019-1547: ECDSA remote timing attack
- CVE-2019-1549: Fork Protection
- CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
		 CMS_decrypt_set1_pkey

Patches were refreshed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-19 21:28:53 +02:00
Álvaro Fernández Rojas b400179ca6 brcm2708-gpu-fw: update to latest firmware
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-09-19 17:37:43 +02:00
Jo-Philipp Wich c933b6d224 procd: fix invalid JSON filter expression in procd_running()
Since service and instance names may contain characters which are not allowed
in JSON path labels, such as dashes or spaces, change the filter expression
to array square bracket notation to properly match these cases as well.

Fixes: 2c3dd70741 ("procd: add procd_running() helper for checking running state")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-19 07:20:32 +02:00
Jo-Philipp Wich 5ef9e4f107 firewall: update to latest Git HEAD
383eb58 ubus: do not overwrite ipset name attribute

Ref: https://forum.openwrt.org/t/fw3-ipset-procd-objects/44044
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-18 10:51:24 +02:00
Rafał Miłecki 04e912d217 procd: update to the latest git HEAD
62dc8c0 system: sysupgrade: send reply on error
2710c65 system: refuse sysupgrade with backup if it's unsupported

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-18 07:33:41 +02:00
Rafał Miłecki f39f4b2f6d mac80211: brcmfmac: backport the last 5.4 changes
This makes brcmfmac use the same wiphy after PCIe reset to help user
space handle corner cases (e.g. firmware crash).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-16 08:37:06 +02:00
Petr Štetiar 2cf209ce91 firewall: update to latest git HEAD
c26f8907d1d2 firewall3: fix typo that affects ICMPv6 rules with numeric icmp_type

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-15 22:56:09 +02:00
Robert Marko 3fe30b28ae ath10k-ct: update to version 2019-09-09
Update the ath10k-ct driver version to 5e8cd86f90dac966d12df6ece84ac41458d0e95f
to enable dynamic VLANs to work. Patches refreshed during the bump.

Signed-off-by: Robert Marko <robimarko@gmail.com>
[commit description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-15 22:56:09 +02:00
Robert Marko 7c930990af ath10k-firmware: update Candela Tech firmware images
This enables a feature flag in the wave-2 firmware wmi-services indicating it can send
software-encrypted raw frames.  This should in turn allow the AP-VLAN feature to work.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2019-09-15 22:56:09 +02:00
Petr Štetiar 296e1f253c netifd,lldpd,rpcd,log: use generic service_running
commit eb204d14f75c ("base-files: implement generic service_running")
introduced generic service_running so it's not needed to copy&paste same
3 lines over and over again.

I've removed service_running from netifd/network init script as well,
because it was not working properly, looked quite strange and I didn't
understand the intention:

 $ /etc/init.d/network stop
 $ service network running && echo "yes" || echo "nope"
     ( have to wait for 30s )
 Command failed: Request timed out
 yes

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-15 22:53:01 +02:00
Luiz Angelo Daros de Luca 7519a36774 base-files,procd: add generic service status
Adds a default status action for init.d scripts.

procd "service status" will return:

 0) for loaded services (even if disabled by conf or dead)
 3) for inactive services
 4) when filtering a non-existing instance

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[rebased, cleaned up]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-15 22:53:01 +02:00
Petr Štetiar ed5b9129d7 base-files: implement generic service_running
DRY is good, otherwise we're going to suffer with a copy&paste disease
in the init scripts.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-15 20:58:30 +02:00
Hans Dedecker a33d60c896 odhcpd: update to latest git HEAD
1d24009 netlink: rename netlink callback handlers
91a28e4 ndp: answer global-addressed NS manually
fd93e36 dhcpv6: retry failed PD assignments on addrlist change

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-15 20:43:14 +02:00
Hans Dedecker ce6311d301 odhcpd: fix update to git HEAD
Fixes commit 7ff5b12e90

e73bf11 config: ra_management compatibility support
d818380 odhcpd: router: Fix out of scope memory access
94a1c94 dhcpv6-ia: free assignment when validity timer expires
752fc2c router: speed up initial router advertisements
09aa022 router: close socket upon NETEV_IFINDEX_CHANGE fixed
79eb160 router: fix previous commit
6034b5c router: close socket upon NETEV_IFINDEX_CHANGE
000182f router: fix lingering uloop socket descriptor
f6c2242 router: support ra_lifetime being 0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-12 22:37:54 +02:00
Ingo Feinerer ca0ad9e0e9 umbim: update to latest git HEAD
184b707 umbim: add home provider query support

Signed-off-by: Ingo Feinerer <feinerer@logic.at>
2019-09-12 22:29:47 +02:00
Hans Dedecker 7ff5b12e90 odhcpd: update to latest git HEAD (FS#2019)
e73bf11 config: ra_management compatibility support
d818380 odhcpd: router: Fix out of scope memory access
94a1c94 dhcpv6-ia: free assignment when validity timer expires
752fc2c router: speed up initial router advertisements
09aa022 router: close socket upon NETEV_IFINDEX_CHANGE fixed
79eb160 router: fix previous commit
6034b5c router: close socket upon NETEV_IFINDEX_CHANGE
000182f router: fix lingering uloop socket descriptor
f6c2242 router: support ra_lifetime being 0
d111809 router: make RA flags configurable (FS#2019)

Update odhcpd defaults according to the new RA flags implementation

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-12 22:22:29 +02:00
Felix Fietkau 8176431963 mt76: probe load mt7615 driver asynchronously
It can take a long time to load the firmware

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-09-12 17:16:44 +02:00
David Bauer 7db2f1a71f iwinfo: update to latest Git HEAD
a88fb42 iwinfo: add device id for Qualcomm Atheros QCA9886
1b69d86 iwinfo: add device id for Qualcomm Atheros QCA9887

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-09-12 15:38:08 +02:00
Rafał Miłecki a858db3136 treewide: sysupgrade: use $UPGRADE_BACKUP to check for backup
Now that $UPGRADE_BACKUP is set conditionally there is no need to check
the $UPGRADE_OPT_SAVE_CONFIG anymore. All conditions can be simplified.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-11 09:05:35 +02:00
Rafał Miłecki 9785a9121d procd: update to the latest git HEAD
b8238df sysupgrade: support "backup" attribute

This update requires "sysupgrade" method callers to pass "backup"
attribute if $UPGRADE_BACKUP is used in the project.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-11 09:03:36 +02:00
Rafał Miłecki c5223b26a4 base-files: sysupgrade: pass "backup" ubus attribute
This explicitly tells procd what backup file should be used during
sysupgrade (if any). It's much more generic this way compared to the
magic /tmp/sysupgrade.tgz file that had to be created before a call.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-11 08:57:24 +02:00
Hauke Mehrtens 7bed9bf10f hostapd: SAE/EAP-pwd side-channel attack update
Fixes this security problem:
* SAE/EAP-pwd side-channel attack update
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-10 21:51:41 +02:00
Hauke Mehrtens 9f34bf51d6 hostapd: Fix security problem
This fixes:
CVE-2019-11555 "EAP-pwd message reassembly issue with unexpected fragment"
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt

This shouöld not affect OpenWrt in the default settings as we do not use
EAP-pwd.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-10 21:51:26 +02:00
Jo-Philipp Wich d6a405280f rpcd: update to latest Git HEAD
e2a7bc4 iwinfo: add WPA3 support

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-10 15:25:12 +02:00
Rafał Miłecki 681acdcc54 mac80211: brcmfmac: backport more kernel 5.4 changes
Patch getting RAM info got upstreamed. A debugging fs entry for testing
reset feature was added.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-09 09:38:55 +02:00
Jo-Philipp Wich 2f9f8769e3 rpcd: update to latest Git HEAD
69eeb1b file: refactor message parsing and permission checking
f65527a iwinfo: expose all rate info fields in assoclist reply
7fec636 sys: fix symbol redeclaration
27c24c7 rpcd: sys: actually move timespec declaration
345363b file: add remove operation
604db20 rpcd: Switch to nanosleep

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-08 18:48:15 +02:00
Hauke Mehrtens 359bff6052 firewall: update to latest git HEAD
487bd0d utils: Fix string format message

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-08 18:39:13 +02:00
Rafał Miłecki 1c510fe298 base-files: validate firmware for compatibility with backup
This allows platform code to check if firmware image can be used with
preserving a backup. It may be used e.g. when installing vendor
firmwares that won't restore appended backup archive.

Suggested-by: Luis Araneda <luaraneda@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-08 09:10:30 +02:00
Hans Dedecker 7db6559914 firewal: update to latest git HEAD
4d0c703 firewall3: Fix some format string problems
8c404ef iptables.c: lock the xtables.lock
c1d3a4d utils: implement fw3_lock_path() & fw3_unlock_path()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-07 21:23:43 +02:00
Hans Dedecker 1855c23794 odhcp6c: update to latest git HEAD
e199804 dhcpv6: sanitize oro options

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-07 13:11:53 +02:00
Yousong Zhou 40e3f660c1 uboot-fritz4040: build with ipq40xx "generic" subtarget
Fixes: 853e4dd3 ("ipqx0xx: add Generic subtarget")
Ref: https://forum.openwrt.org/t/ipq40xx-snapshot-not-updated-since-22nd-august/44126
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-09-06 08:33:30 +00:00
Rafał Miłecki 641f6b6c26 treewide: use new procd sysupgrade $UPGRADE_BACKUP variable
It's a variable set by procd that should replace hardcoded
/tmp/sysupgrade.tgz.

This change requires the most recent procd with the commit 0f3c136
("sysupgrade: set UPGRADE_BACKUP env variable").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-05 23:33:19 +02:00
Rafał Miłecki e8dcbbc865 procd: update to the latest git HEAD
0f3c136 sysupgrade: set UPGRADE_BACKUP env variable
0bcbbbf system: fix uninitialized variables in firmware validation code

This update includes a fix for uninitialized variable usage.

Fixes: 7290963d09 ("procd: update to the latest git HEAD")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-05 23:16:54 +02:00
Adrian Schmutzler 45600124fc base-files: use get_mac_binary() in mtd_get_mac_binary_ubi()
The actual retrieval of the MAC address in mtd_get_mac_binary_ubi()
is the same as in get_mac_binary(). Thus, use the latter function
in the former to reduce duplicate code.

This will also allow to benefit from the enhanced path check there
and bring mtd_get_mac_binary_ubi() more in line with the similar
mtd_get_mac_binary().

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-09-05 20:42:08 +02:00
David Bauer 4c060228cb base-files: fix mtd_get_mac_text not accepting hex offsets
The mtd_get_mac_text helper method did not support hexadecimal offset
values, resulting them to break after 75bfc393ba ("treewide:
convert MAC address location offsets to hexadecimal")

This commit fixes this by evaluating the hexadecimal input,
converting them to decimal.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-09-05 20:31:56 +02:00
Rafał Miłecki bf39047872 treewide: don't hardcode "sysupgrade.tgz" file name
1) Add BACKUP_FILE and use it when copying an archive to be restored
   after sysupgrade (on the next preinit).
2) Use CONF_TAR for copying backup prepared by the /sbin/sysupgrade

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-05 14:33:19 +02:00
Hauke Mehrtens 1184e1f2b6 uboot-envtools: Update to U-Boot version 2019.07
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-04 22:35:22 +02:00
Álvaro Fernández Rojas da3f5b2196 brcm2708-gpu-fw: update to latest firmware
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-09-04 18:09:34 +02:00
Rafał Miłecki 7290963d09 procd: update to the latest git HEAD
34ac88c system: reject sysupgrade of invalid firmware images by default
f55c235 system: reject sysupgrade of broken firmware images
e990e21 system: add "validate_firmware_image" ubus method

This update changes "sysupgrade" ubus method API. It's now required to
pass "force" attribute whenever invalid firmware is meant to be
installed.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-04 11:17:06 +02:00
Rafał Miłecki b71962da16 base-files: pass "force" parameter to the "sysupgrade" call
This makes sysupgrade work with the most recent procd that validates
firmware before proceeding.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-04 11:07:41 +02:00
Hauke Mehrtens 6aa962a622 uci: update to latest Git HEAD
415f9e4 uci/file: replace mktemp() with mkstemp()

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-01 19:53:30 +02:00
Hauke Mehrtens 6658447534 iwinfo: update to latest Git HEAD
f599a8d iwinfo: Fix rate buffer size
71ec9be iwinfo: Fix buffer size
f8ef450 iwinfo: Add support for WPA3

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-01 19:48:43 +02:00
Tomasz Maciej Nowak 3fa0f32a68 grub2: bump to 2.04
* GCC 8 and 9 support.
* Gnulib integration overhaul.
* RISC-V support.
* Xen PVH support.
* Native UEFI secure boot support.
* UEFI TPM driver.
* New IEEE 1275 obdisk driver.
* Btrfs RAID 5 and RIAD 6 support.
* bootin from F2FS support.
* PARTUUID support.
* VLAN support.
* Native DHCP support.
* Many ARM and ARM64 fixes.
* Many SPARC fixes.
* Many IEEE 1275 fixes.
* ...and tons of other fixes and cleanups...

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-09-01 18:38:05 +02:00
Luis Araneda 5ca243153b uboot-zynq: update to 2019.07
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2019-09-01 18:38:05 +02:00
Konstantin Demin b74f1f335a nftables: bump to version 0.9.2
- exclude Python-related stuff from build
- drop patches:
  * 010-uclibc-ng.patch, applied upstream

ipkg size decrease by 2.8%:
old:
194.851 nftables_0.9.0-2_arm_cortex-a7_neon-vfpv4.ipk
new:
189.581 nftables_0.9.2-1_arm_cortex-a7_neon-vfpv4.ipk

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-09-01 18:38:04 +02:00
Konstantin Demin 699955a684 libnftnl: bump to version 1.1.4
ABI version is same.

The ipkg size increase by about 2.2%:
old:
47.909 libnftnl11_1.1.3-1_arm_cortex-a7_neon-vfpv4.ipk
new:
48.985 libnftnl11_1.1.4-1_arm_cortex-a7_neon-vfpv4.ipk

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-09-01 18:38:04 +02:00
Jo-Philipp Wich 02169bd3f8 rpcd: update to latest Git HEAD
821045f file: add path based read/write/exec ACL checks
fb337e5 file: add stat() information to directory listings

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-01 18:33:21 +02:00
Eneas U de Queiroz 7f2b230b3b uhttpd: add support to generate EC keys
This adds the key_type and ec_curve options to enable the generation of
EC keys during initialization, using openssl or the new options added to
px5g.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-01 00:35:11 +02:00
Eneas U de Queiroz a552ababd4 px5g: support EC keys
This adds an 'eckey' command to generate an EC key, with an optional
curve name argument, with P-256 as default.

For the 'selfsigned' command, it adds an 'ec' algorithm argument to the
'-newkey' option, and a '-pkeyopt ec_paramgen_curve:<curvename>' option,
mirroring the way openssl specifies the curve name.

Notice that curve names are not necessarily the same in mbedtls and
openssl.  In particular, secp256r1 works for mbedtls, but openssl uses
prime256v1 instead. px5g uses mbedtls, but short NIST curve names P-256
and P-384 are specifically supported.

Package size increased by about 900 bytes (arm).

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-01 00:34:30 +02:00
Eneas U de Queiroz f40262697f openssl: always build with EC support
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-01 00:16:08 +02:00
Rosen Penev 926157c2cc libnfnetlink: Avoid passing both -fPIC and -fpic
Instead, instruct the configure script to use $(FPIC) only.

Mixing -fPIC and -fpic can cause issues on some platforms like PPC.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-08-31 12:08:23 +02:00
Rosen Penev e2ecf39e8e ncurses: Do not pass both -fPIC and -fpic
The configure scripts matches Linux with -fPIC, which is not exactly what
is desired. Since we are already passing $(FPIC), added a CONFIGURE_VAR to
avoid passing -fPIC.

Removed PKG_BUILD_DIR as it is already the default value.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-08-31 12:08:23 +02:00
David Bauer 9b0ce1789b lua: create lua symlink for host installation
Since the binaries for both lua as well as lua5.3 contain the version
number, invocations of the "lua" binary are failing, as it's not created
anymore for the host package.

Fixes: fe59b46 ("lua: include version number in installed files")
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-08-31 10:31:00 +02:00
Rafał Miłecki f522047958 base-files: use JSON for storing firmware validation info
So far firmware validation result was binary limited: it was either
successful or not. That meant various limitations, e.g.:
1) Lack of proper feedback on validation problems
2) No way of marking firmware as totally broken (impossible to install)

This change introduces JSON for storing detailed validation info. It
provides a list of performed validation tests and their results. It
allows marking firmware as non-forceable (broken image that can't be
even forced to install).
Example:
{
        "tests": {
                "fwtool_signature": true,
                "fwtool_device_match": true
        },
        "valid": true,
        "forceable": true
}

Implementation is based on *internal* check_image bash script that:
1) Uses existing validation functions
2) Provides helpers for setting extra validation info

This allows e.g. platform_check_image() to call notify_check_broken()
when needed & prevent user from bricking a device.

Right now the new JSON info is used by /sbin/sysupgrade only. It still
doesn't make use of "forceable" as that is planned for later
development.

Further plans for this feature are:
1) Expose firmware validation using some new ubus method
2) Move validation step from /sbin/sysupgrade into "sysupgrade" ubus
   method so:
   a) It's possible to safely sysupgrade using ubus only
   b) /sbin/sysupgrade can be more like just a CLI

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-08-30 08:34:10 +02:00
John Crispin 63c722c0be linux-firmware: add mediatek BT firmware
Signed-off-by: John Crispin <john@phrozen.org>
2019-08-30 07:27:51 +02:00
Daniel Golle a58bfb7377 mac80211: rt2x00: revert commit causing regression in 5GHz band
From: Stanislaw Gruszka <sgruszka@redhat.com>
This reverts commit 9ad3b55654455258a9463384edb40077439d879f.

As reported by Sergey:

"I got some problem after upgrade kernel to 5.2 version (debian testing
linux-image-5.2.0-2-amd64). 5Ghz client  stopped to see AP.
Some tests with 1metre distance between client-AP: 2.4Ghz  -22dBm, for
5Ghz - 53dBm !, for longer distance (8m + walls) 2.4 - 61dBm, 5Ghz not
visible."

It was identified that rx signal level degradation was caused by
9ad3b5565445 ("rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band").
So revert this commit.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-08-29 22:29:54 +02:00