Commit Graph

16429 Commits (5c73bb12c82c078d8a93cb896348b41598ed9e19)

Author SHA1 Message Date
Petr Štetiar 5c73bb12c8 libubox: update to version 2020-01-20
43a103ff17ee blobmsg: blobmsg_parse and blobmsg_parse_array oob read fixes
 5c0faaf4f5e2 tests: prefer dynamically allocated buffers
 1ffa41535369 blobmsg_json: prefer snprintf usage
 132ecb563da7 blobmsg: blobmsg_vprintf: prefer vsnprintf
 a2aab30fc918 jshn: prefer snprintf usage
 b0886a37f39a cmake: add a possibility to set library version
 a36ee96618a9 blobmsg: blobmsg_add_json_element() 64-bit values
 f0da3a4283b7 blobmsg_json: fix int16 serialization
 20a070f08139 tests: blobmsg/json: add more test cases
 379cd33d1992 tests: include json script shunit2 based testing

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-20 20:57:21 +01:00
Petr Štetiar 63000bfaf7 fstools: update to version 2020-01-18
f5c7c1813f52 fstools: Add support to read-only MTD partitions (eg. recovery images)
 189b41b6b487 libblkid-tiny: fix f2fs labels by increasing label buffer

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-20 20:57:21 +01:00
Sungbo Eo c26b687e31 kernel: remove further obsolete kernel version switches
Most of the kernel version switches below 4.14 were removed in commit
97940f8766 ("kernel: remove obsolete kernel version switches"),
but some of them still remained. Remove them now.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-01-18 19:39:05 +01:00
Rosen Penev 8df14c229c base-files/functions.sh: use grep -q instead of []
It's cleaner and faster as it does not need to do extra work.

Also removed $() to avoid executing the output. The shell can handle it.

https://github.com/koalaman/shellcheck/wiki/SC2143

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[correct || to && for one conversion]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-18 00:24:06 +01:00
Rosen Penev d4009d7985 base-files/system.sh: remove $ in $(())
Not needed.

https://github.com/koalaman/shellcheck/wiki/Sc2004

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:36 +01:00
Rosen Penev fb56573dc4 base-files/functions.sh: use && instead of -a
-a is not well defined.

https://github.com/koalaman/shellcheck/wiki/SC2166

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:36 +01:00
Rosen Penev b8e17aefea base-files/functions.sh: remove useless cat
The cut command can take a file as an input.

https://github.com/koalaman/shellcheck/wiki/SC2002

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:36 +01:00
Rosen Penev cba5fa0352 base-files/functions.sh: don't use $var in $(())
It's not needed. It can also lead to subtle bugs.

https://github.com/koalaman/shellcheck/wiki/Sc2004

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:35 +01:00
Stijn Tintel 1322190fd3 libcxx: fix build for x86/64
When building libcxx for x86/64, the library is installed in /usr/lib64.
As the install section tries to copy the library from /usr/lib, this
breaks build on x86/64. Override the lib dir suffix to fix this.

Fixes: 856ea2bad3 ("libcxx: Add package")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 00:42:49 +02:00
Hans Dedecker f0c0f92ce4 odhcpd: update to version 2020-01-14
6db312a dhcpv6-ia: use dhcp leasetime to set preferred/valid statefull lifetimes
2520c48 dhcpv6-ia: introduce DHCPv6 pd and ia assignments flags
b413d8a dhcpv6-ia: cleanup prefix delegation routes
b0902af dhcpv6-ia: remove passing interface as parameter to apply_lease

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-01-16 21:53:17 +01:00
David Lam a5f3648a1c hostapd: add support for system cert bundle validation
Currently, it is very cumbersome for a user to connect to a WPA-Enterprise
based network securely because the RADIUS server's CA certificate must first be
extracted from the EAPOL handshake using tcpdump or other methods before it can
be pinned using the ca_cert(2) fields. To make this process easier and more
secure (combined with changes in openwrt/openwrt#2654), this commit adds
support for validating against the built-in CA bundle when the ca-bundle
package is installed. Related LuCI changes in openwrt/luci#3513.

Signed-off-by: David Lam <david@thedavid.net>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-16 12:08:18 +01:00
Daniel Golle 702c70264b hostapd: cleanup IBSS-RSN
set noscan also for IBSS and remove redundant/obsolete variable.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-16 10:26:21 +02:00
Andrea Dalla Costa 5adca1cf2a uboot-oxnas: fix memory leak in tool mkox820crc
In function `main` add calls to `free` for the variable `executable`.
This is needed because the variable `executable` is allocated but
never freed. This cause a memory leak.

Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
2020-01-15 23:15:19 +01:00
John Crispin a3dd95ef63 dropbear: fix compile error
Fixes: 0da193ee69 ("dropbear: move failsafe code out of base-files")
Signed-off-by: John Crispin <john@phrozen.org>
2020-01-15 21:31:12 +01:00
Florian Eckert 7151054abd wireguard: skip peer config if public key of the peer is not defined
If a config section of a peer does not have a public key defined, the
whole interface does not start. The following log is shown

daemon.notice netifd: test (21071): Line unrecognized: `PublicKey='
daemon.notice netifd: test (21071): Configuration parsing erro

The command 'wg show' does only show the interface name.

With this change we skip the peer for this interface and emit a log
message. So the other peers get configured.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-01-15 21:19:01 +01:00
John Crispin d9cfa827ac busybox: fix build issues
Fixes: f704f97e4c ("busybox: Include hdparm by default on nas type device")
Signed-off-by: John Crispin <john@phrozen.org>
2020-01-15 21:17:47 +01:00
Michal Cieslakiewicz a736f39432 ath79: add support for Netgear WNDR4500 v3
This patch introduces support for Netgear WNDR4500v3. Router
is very similar to WNDR4300v2 and is based on the same PCB.

Information gathered from various Internet sources (including
https://patchwork.ozlabs.org/patch/809227/) shows following
differences to WNDR4300v2:

 * two USB 2.0 ports with separate LEDs
 * USB LEDs soldered to secondary pads
 * WPS and RFKILL buttons soldered to secondary pads
 * described as N900 device with 3x3:3 MIMO for 2.4GHz radio
 * power supply requirement is DC 12V 2.5A
 * vendor HW ID suffix differs in one digit
 * bigger chassis

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2020-01-15 20:56:05 +01:00
Michal Cieslakiewicz 37a36a588a ath79: add support for Netgear WNDR4300 v2
This patch introduces support for Netgear WNDR4300v2.

Specification
=============
  * Description: Netgear WNDR4300 v2
  * Loader: U-boot
  * SOC: Qualcomm Atheros QCA9563 (775 MHz)
  * RAM: 128 MiB
  * Flash: 2 MiB SPI-NOR + 128 MiB SPI-NAND
	- NOR: U-boot binary: 256 KiB
	- NOR: U-boot environment: 64 KiB
	- NOR: ART Backup: 64 KiB
 	- NOR: Config: 64 KiB
	- NOR: Traffic Meter: 64 KiB
	- NOR: POT: 64 KiB
	- NOR: Reserved: 1408 KiB
	- NOR: ART: 64 KiB
	- NAND: Firmware: 25600 KiB (see notes for OpenWrt)
	- NAND: Language: 2048 KiB
	- NAND: mtdoops Crash Dump: 128 KiB
	- NAND: Reserved: 103296 KiB
  * Ethernet: 5 x 10/100/1000 (4 x LAN, 1 x WAN) (AR8337)
  * Wireless:
	- 2.4 GHz b/g/n (internal)
	- 5 GHz a/n (AR9580)
  * USB: yes, 1 x USB 2.0
  * Buttons:
	- Reset
	- WiFi (rfkill)
	- WPS
  * LEDs:
	- Power (amber/green)
	- WAN (amber/green)
	- WLAN 2G (green)
	- WLAN 5G (blue)
	- 4 x LAN (amber/green)
	- USB (green)
	- WPS (green)
  * UART: 4-pin connector JP1, 3.3V (Vcc, TX, RX, GND), 115200 8N1
  * Power supply: DC 12V 1.5A
  * MAC addresses: LAN=WLAN2G on case label, WAN +1, WLAN5G +2

Important Notes
===============
0. NOR Flash (2 MiB) is not touched by OpenWrt installation.
1. NAND Flash (128 MiB) layout under OpenWrt is changed as follows:
   all space is split between 4 MiB kernel and 124 MiB UBI areas;
   vendor partitions (language and mtdoops) are removed; kernel space
   size can be further expanded if needed; maximum image size is set
   to 25600k for compatibility reasons and can also be increased.
2. CPU clock is 775 MHz, not 750 MHz.
3. 5 GHz wireless radio chip is Atheros AR9580-AR1A with bogus PCI
   device ID 0xabcd. For ath9k driver to load successfully, this is
   overriden in DTS with correct value for this chip, 0x0033.
4. RFKILL button is wired to AR9580 pin 9 which is normally disabled
   by chip definition in ath9k code (0x0000F4FF gpio mask). Therefore
   'qca,gpio-mask=<0xf6ff>' hack must be used for button to work
   properly.
5. USB port is always on, no GPIO for 5V power control has been
   identified.

Installation
============
  * TFTP recovery
  * TFTP via U-boot prompt
  * sysupgrade
  * Web interface

Test build configuration
========================
CONFIG_TARGET_ath79=y
CONFIG_TARGET_ath79_nand=y
CONFIG_TARGET_ath79_nand_DEVICE_netgear_wndr4300-v2=y
CONFIG_ALL_KMODS=y
CONFIG_DEVEL=y
CONFIG_CCACHE=y
CONFIG_COLLECT_KERNEL_DEBUG=y
CONFIG_IMAGEOPT=y

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2020-01-15 20:55:56 +01:00
Michal Cieslakiewicz 4a0a1fc91c mac80211: ath9k: add GPIO mask dts property
This patch adds 'qca,gpio-mask=<u32>' device tree property to ath9k node.
This optional setting is a hack and should only be used in very special
(and rare) cases when a button or LED is wired to a GPIO pin normally
masked out (due to being one-way etc). Netgear WNDR4300 v2 is one such
example - it uses GPI9 for RFKILL.

See ath9k/reg.h *_GPIO_MASK constants.

Use with caution and expect to see stream of kernel warnings if wrong
mask value is provided.

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2020-01-15 20:55:31 +01:00
Maxim Storchak 5f07b6f367 zram-swap: support swap priority
If zram-backed swap is added after an existing swap, it gets a lower
priority. Assiming that usually all other swaps are slower, there should
be a way to assign a higher priority to zram swap.

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
2020-01-15 20:49:00 +01:00
Rosen Penev 475a504dbc perf: Add libunwind only if selected
The depends are totally wrong. libunwind does not work with powerpc and
i386 as it needs glibc.

Instead of duplicating the platforms, just change the dependency.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-15 20:34:16 +01:00
Florian Eckert ee2014e680 uhttpd: add enable instance option
With this change it is now possible to switch off single instances of
the uhttpd config. Until now it was only possible to switch all
instances of uhttpd on or off.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-01-15 20:16:42 +01:00
Kyle Copperfield 0fcb4a3981 hostapd: add wpa_strict_rekey support
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Rekey GTK on STA disassociate

Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
2020-01-15 20:13:49 +01:00
Kyle Copperfield 30c64825c7 hostapd: add dtim_period, local_pwr_constraint, spectrum_mgmt_required
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Allows dtim_period to be configurable, the default is from hostapd.
Adds additional regulatory tunables for power constraint and spectrum
managment.

Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
2020-01-15 20:13:44 +01:00
Kyle Copperfield 0da193ee69 dropbear: move failsafe code out of base-files
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Failsafe code of dropbear should be in the dropbear package not the
base-files package.

Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
2020-01-15 20:04:06 +01:00
Linus Walleij f704f97e4c busybox: Include hdparm by default on nas type device
NAS devices certainly need to have hdparm to configure
things like spin-down time or their disks will be
constantly spinning. Just catenate CONFIG_HDPARM=y
on these configs.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2020-01-15 19:57:27 +01:00
Eneas U de Queiroz 9b25f833eb cryptodev-linux: remove DEFAULT redefinition
The 'DEFAULT:=m if ALL' line prevents the phase1 buildbots from building
the package, and users from downloading it, since they use 'ALL_KMODS=y'
but 'ALL' is not set.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-01-15 19:31:08 +01:00
Felix Fietkau 866790fd82 mac80211: fix MAC address allocations if the local bit is set on the base addr
If it's set, don't subtract 1 from the interface index encoded into the first
byte of the address

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-15 15:36:26 +01:00
Jo-Philipp Wich b070101c50 valgrind: do not strip internal preload libraries and executables
Implement the suggestions laid out in README_PACKAGERS, mainly by preventing
the stripping of the internal vgpreload*.so libraries.

Also retain the symbol information of valgrind's private helper executables
and enable LTO as suggested in the packagers readme.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-14 17:52:34 +01:00
Xu Wang 44304c1d67 base-files: fix build for /sbin/pkg_check
Setting CONFIG_IPK_FILES_CHECKSUMS=y causes sha256 checksum files to be
included with the packages to check for corruption. This commit fixes two
issues:
- /sbin/pkg_check was being removed incorrectly if IPK_FILES_CHECKSUMS=y
- checksums were being saved in the wrong file

Signed-off-by: Xu Wang <xwang1498@gmx.com>
2020-01-14 17:52:34 +01:00
David Lam 22b07ff73e hostapd: add support for subject validation
The wpa_supplicant supports certificate subject validation via the
subject match(2) and altsubject_match(2) fields. domain_match(2) and
domain_suffix_match(2) fields are also supported for advanced matches.
This validation is especially important when connecting to access
points that use PAP as the Phase 2 authentication type. Without proper
validation, the user's password can be transmitted to a rogue access
point in plaintext without the user's knowledge. Most organizations
already require these attributes to be included to ensure that the
connection from the STA and the AP is secure. Includes LuCI changes via
openwrt/luci#3444.

From the documentation:

subject_match - Constraint for server certificate subject. This substring
is matched against the subject of the authentication server certificate.
If this string is set, the server sertificate is only accepted if it
contains this string in the subject. The subject string is in following
format: /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as
.example.com

subject_match2 - Constraint for server certificate subject. This field is
like subject_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST
tunnel) authentication.

altsubject_match - Constraint for server certificate alt. subject.
Semicolon separated string of entries to be matched against the
alternative subject name of the authentication server certificate. If
this string is set, the server sertificate is only accepted if it
contains one of the entries in an alternative subject name extension.
altSubjectName string is in following format: TYPE:VALUE Example:
EMAIL:server@example.com Example:
DNS:server.example.com;DNS:server2.example.com Following types are
supported: EMAIL, DNS, URI

altsubject_match2 - Constraint for server certificate alt. subject. This
field is like altsubject_match, but used for phase 2 (inside
EAP-TTLS/PEAP/FAST tunnel) authentication.

domain_match - Constraint for server domain name. If set, this FQDN is
used as a full match requirement for the
server certificate in SubjectAltName dNSName element(s). If a
matching dNSName is found, this constraint is met. If no dNSName
values are present, this constraint is matched against SubjectName CN
using same full match comparison. This behavior is similar to
domain_suffix_match, but has the requirement of a full match, i.e.,
no subdomains or wildcard matches are allowed. Case-insensitive
comparison is used, so "Example.com" matches "example.com", but would
not match "test.Example.com". More than one match string can be
provided by using semicolons to
separate the strings (e.g., example.org;example.com). When multiple
strings are specified, a match with any one of the values is considered
a sufficient match for the certificate, i.e., the conditions are ORed
together.

domain_match2 - Constraint for server domain name. This field is like
domain_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel)
authentication.

domain_suffix_match - Constraint for server domain name. If set, this
FQDN is used as a suffix match requirement for the AAA server
certificate in SubjectAltName dNSName element(s). If a matching dNSName
is found, this constraint is met. If no dNSName values are present,
this constraint is matched against SubjectName CN using same suffix
match comparison. Suffix match here means that the host/domain name is
compared one label at a time starting from the top-level domain and all
the labels in domain_suffix_match shall be included in the certificate.
The certificate may include additional sub-level labels in addition to
the required labels. More than one match string can be provided by using
semicolons to separate the strings (e.g., example.org;example.com).
When multiple strings are specified, a match with any one of the values
is considered a sufficient match for the certificate, i.e., the
conditions are ORed together. For example,
domain_suffix_match=example.com would match test.example.com but would
not match test-example.com. This field is like domain_match, but used
for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication.

domain_suffix_match2 - Constraint for server domain name. This field is
like domain_suffix_match, but used for phase 2 (inside
EAP-TTLS/PEAP/FAST tunnel) authentication.

Signed-off-by: David Lam <david@thedavid.net>
2020-01-14 17:46:27 +01:00
Felix Fietkau b1a1c222c9 mac80211: fix list_phy_interfaces for multiple wiphys on the same device
Network interfaces are looked up based on the device behind a phy, so the
phy needs to be checked separately

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-14 14:57:13 +01:00
Felix Fietkau 9501469e11 mac80211: fix a page refcounting issue leading to leaks/crashes in rx A-MSDU decap
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-14 14:56:59 +01:00
Felix Fietkau d5b3024139 mac80211: fix sta TID stats leak on a few nl80211 calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-14 14:56:54 +01:00
Felix Fietkau fe1818cdbc mac80211: renumber subsys patches accepted upstream
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-14 14:56:46 +01:00
Florian Eckert 0f33c6b74a base-files: use jshn lib for ubus sysupgrade argument generation
With this change the well known jshn library will be used, to build the
json arguments for the ubus sysupgrade method. This is also used in all
other shell program that uses JSON. This commit unifies that.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-01-14 00:06:03 +01:00
Petr Štetiar 3d62463755 rpcd: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:44 +01:00
Petr Štetiar 2b28358a37 odhcpd: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Size increase on x86/64:

 odhcpd-ipv6only Installed-Size: 36821 -> 38216

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:40 +01:00
Petr Štetiar 9c628cc76c procd: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Size increase on x86/64:

 procd Installed-Size: 44931 -> 47362

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:35 +01:00
Petr Štetiar d38dd6e1ef ubus: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Size increase on x86/64:

 ubus  Installed-Size:  5602 ->  5950
 ubusd Installed-Size: 11643 -> 12119

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:03 +01:00
Hauke Mehrtens a2571f3c81 uhttpd: Activate PIE by default
This activates PIE ASLR support by default when the regular option is
selected.

This increases the binary size by 39% uncompressed and 21% compressed
on MIPS BE.

old:
33,189 /usr/sbin/uhttpd
23,016 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk

new:
46,212 /usr/sbin/uhttpd
27,979 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-01-13 15:34:36 +01:00
Hauke Mehrtens 6b2379d048 hostapd: Activate PIE by default
This activates PIE ASLR support by default when the regular option is
selected.

This increases the binary size by 26% uncompressed and 16% compressed
on MIPS BE.

old:
460,933 /usr/sbin/wpad
283,891 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk

new:
584,508 /usr/sbin/wpad
330,281 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-01-13 15:34:36 +01:00
Hauke Mehrtens 7ab6613026 dropbear: Activate PIE by default
This activates PIE ASLR support by default when the regular option is
selected.

This increases the binary size by 18% uncompressed and 17% compressed
on MIPS BE.

old:
164,261 /usr/sbin/dropbear
 85,648 dropbear_2019.78-2_mips_24kc.ipk

new:
194,492 /usr/sbin/dropbear
100,309 dropbear_2019.78-2_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-01-13 15:34:36 +01:00
Hauke Mehrtens dae0ac7770 dnsmasq: Activate PIE by default
This activates PIE ASLR support by default when the regular option is
selected.

This increases the binary size by 37% uncompressed and 18% compressed
on MIPS BE.

old:
146,933 /usr/sbin/dnsmasq
101,837 dnsmasq_2.80-14_mips_24kc.ipk

new:
202,020 /usr/sbin/dnsmasq
120,577 dnsmasq_2.80-14_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-01-13 15:34:36 +01:00
Hans Dedecker 3446702cdb ethtool: bump to 5.4
7dc0af7 Release version 5.4.
914912e ethtool: add 0x16 and 0x1c extended compliance codes
600b779 ethtool: mark 10G Base-ER as SFF-8472 revision 10.4 onwards
696565d ethtool: correctly interpret bitrate of 255
2941970 fix unused parameter warning in e1000_get_mac_type()
5e814f2 fix unused parameter warning in fjes_dump_regs()
b1a5279 fix unused parameter warning in ixgb_dump_regs()
6608751 fix unused parameter warning in ibm_emac_dump_regs()
1c30119 fix unused parameter warning in et131x_dump_regs()
a56aba4 fix unused parameter warning in amd8111e_dump_regs()
f40d32d fix unused parameter warning in fec_dump_regs()
8b84f1a fix unused parameter warning in at76c50x_usb_dump_regs()
f725f5a fix unused parameter warning in smsc911x_dump_regs()
a12cd66 fix unused parameter warning in e1000_dump_regs()
e058656 fix unused parameter warning in igb_dump_regs()
debac02 fix unused parameter warning in de2104[01]_dump_regs()
d434eea fix unused parameter warning in e100_dump_regs()
8df12f3 fix unused parameter warning in vioc_dump_regs()
92d716b fix unused parameter warning in tg3_dump_{eeprom, regs}()
211c99e fix unused parameter warning in fec_8xx_dump_regs()
362fb8b fix unused parameter warning in ixgbevf_dump_regs()
87903c2 fix unused parameter warning in st_{mac100, gmac}_dump_regs()
c1eaddf fix unused parameter warning in vmxnet3_dump_regs()
313c9f8 fix unused parameter warning in dsa_dump_regs()
183e8a2 fix unused parameter warning in {skge, sky2}_dump_regs()
7f84c13 fix unused parameter warning in lan78xx_dump_regs()
02d0aaa fix unused parameter warning in realtek_dump_regs()
726d607 fix unused parameter warning in ixgbe_dump_regs()
967177c fix unused parameter warning in netsemi_dump_eeprom()
710a414 fix unused parameter warning in natsemi_dump_regs()
283398a fix unused parameter warning in print_simple_table()
0404267 fix unused parameter warning in sfc_dump_regs()
57c7298 fix unused parameter warning in altera_tse_dump_regs()
302e91a fix unused parameter warning in dump_eeprom()
2054a8c fix unused parameter warning in find_option()
d5432a9 fix unused parameter warnings in do_version() and show_usage()
c430e75 fix arithmetic on pointer to void is a GNU extension warning
e568431 ethtool: implement support for Energy Detect Power Down
e391f4c ethtool: sync ethtool-copy.h: adds support for EDPD

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-01-12 22:19:37 +01:00
Adrian Schmutzler 97940f8766 kernel: remove obsolete kernel version switches
After kernel 4.9 has been removed, this removes all (now obsolete)
kernel version switches that deal with versions before 4.14.

Package kmod-crypto-iv is empty now and thus removed entirely.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-12 16:34:20 +01:00
Tom Brouwer 2090b8af0a ipq40xx: add support for EZVIZ CS-W3-WD1200G EUP
Hardware:
SOC:    Qualcomm IPQ4018
RAM:	128 MB Nanya NT5CC64M16GP-DI
FLASH:  16 MB Macronix MX25L12805D
ETH:    Qualcomm QCA8075 (4 Gigabit ports, 3xLAN, 1xWAN)
WLAN:   Qualcomm IPQ4018 (2.4 & 5 Ghz)
BUTTON: Shared WPS/Reset button
LED:    RGB Status/Power LED
SERIAL: Header J8 (UART, Left side of board). Numbered from
        top to bottom:
        (1) GND, (2) TX, (3) RX, (4) VCC (White triangle
        next to it).
        3.3v, 115200, 8N1

Tested/Working:
* Ethernet
* WiFi (2.4 and 5GHz)
* Status LED
* Reset Button (See note below)

Implementation notes:
* The shared WPS/Reset button is implemented as a Reset button
* I could not find a original firmware image to reverse engineer, meaning
currently it's not possible to flash OpenWrt through the Web GUI.

Installation (Through Serial console & TFTP):
1. Set your PC to fixed IP 192.168.1.12, Netmask 255.255.255.0, and connect to
one of the LAN ports
2. Rename the initramfs image to 'C0A8010B.img' and enable a TFTP server on
your pc, to serve the image
2. Connect to the router through serial (See connection properties above)
3. Hit a key during startup, to pause startup
4. type `setenv serverip 192.168.1.12`, to set the tftp server address
5. type `tftpboot`, to load the image from the laptop through tftp
6. type `bootm` to run the loaded image from memory
6. (If you want to return to stock firmware later, create an full MTD backup,
e.g. using instructions here https://openwrt.org/docs/guide-user/installation/generic.backup#create_full_mtd_backup)
7. Transfer the 'sysupgrade' OpenWrt firmware image from PC to router, e.g.:
`scp xxx-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/upgrade.bin`
8. Run sysupgrade to permanently install OpenWrt to flash: `sysupgrade -n /tmp/upgrade.bin`

Revert to stock:
To revert to stock, you need the MTD backup from step 6 above:
1. Unpack the MTD backup archive
2. Transfer the 'firmware' partition image to the router (e.g. mtd8_firmware.backup)
3. On the router, do `mtd write mtd8_firmware.backup firmware`

Signed-off-by: Tom Brouwer <tombrouwer@outlook.com>
[removed BOARD_NAME, OpenWRT->OpenWrt, changed LED device name to board name]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-01-12 15:57:58 +01:00
Tobias Schramm b16e5517b5 kernel: add kmod packages for Broadcom bcm53xxx switch support
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
2020-01-12 14:12:50 +01:00
Kevin Darbyshire-Bryant 35ba9304c6 kmod-sched-cake: bump to 20200110
Keep up with a small amount of churn in the upstream repository.
Upstream now represents the version of CAKE as found in the linux kernel
from 4.19 onwards but with some compatibility stubs to allow building on
<4.19.

After a diversion related to an experimental ECN implementation which
has now been reverted, the important and relevant changes for us are:

8a8946b sch_cake: avoid possible divide by zero in cake_enqueue()
183b320 RFC 8622 diffserv3, 4 & 8 LE PHB support
6ff4561 sch_cake: Make sure we can write the IP header before changing DSCP bits
9fba602 sch_cake: Use tc_skb_protocol for getting packet protocol

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-01-11 08:35:23 +00:00
Jason A. Donenfeld 7936cb94a9 wireguard-tools: bump to 1.0.20200102
* systemd: update documentation URL
* global: bump copyright

Usual house keeping.

* Makefile: DEBUG_TOOLS -> DEBUG and document
* Makefile: port static analysis check
* dns-hatchet: adjust path for new repo layout
* Makefile: rework automatic version.h mangling

These are some important-ish cleanups for downstream package maintainers that
should make packaging this a lot smoother.

* man: add documentation about removing explicit listen-port

Documentation improvement.

* wg-quick: linux: quote ifname for nft

This should fix issues with weirdly named ifnames and odd versions of nft(8).

* fuzz: find bugs in the config syntax parser
* fuzz: find bugs when parsing uapi input

These are two fuzzers that have been laying around without a repo for a while.
Perhaps somebody with enough compute power will find bugs with them.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-09 18:54:24 +01:00