openwrt/staging/ansuel.git
7 years agokernel: generic: add some more 4.9 configure options
Hauke Mehrtens [Sun, 26 Nov 2017 00:28:37 +0000 (01:28 +0100)]
kernel: generic: add some more 4.9 configure options

These are taken from the x86 target and should make support kernel 4.9
and 4.14 in the x86 target easier.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agoxtables-addons: update to version 2.14
Hauke Mehrtens [Sun, 26 Nov 2017 22:54:03 +0000 (23:54 +0100)]
xtables-addons: update to version 2.14

This includes a compile fix needed for kernel 4.14.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years agonetdevices.mk: add Sun Neptune 10Gbit Ethernet
Lucian Cristian [Thu, 2 Nov 2017 15:44:02 +0000 (17:44 +0200)]
netdevices.mk: add Sun Neptune 10Gbit Ethernet

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
7 years agokernel: tune e1000e module parameters
Jo-Philipp Wich [Wed, 23 Aug 2017 22:17:56 +0000 (00:17 +0200)]
kernel: tune e1000e module parameters

The default e1000e parameters (interrupt throttling rate, MSI/MSI-X
mode) are optimized for desktop and server computers to optimize
user-space execution (i.e. what's typically referred to as "useful"
work).  This assumption breaks on a router under load where most of
the "useful" work actually takes place either in hardware interrupt
handlers (IRQ) or at software IRQ (swirq) modes, so we try to reflect
that by overriding these parameters with more appropriate values.

Patch-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agox86: add on-chip thermal sensors and cpuid support
Philip Prindeville [Fri, 3 Nov 2017 23:22:29 +0000 (17:22 -0600)]
x86: add on-chip thermal sensors and cpuid support

Cover temperature sensors for all mainstream 64-bit processors, including
AMD 10h and 15h families, Intel iCore, Xeon, Atom, and Via Nano.  Also
add CPUID support for user-space applications to detect CPU type.

Include the on-chip sensors for 64-bit CPU's in the generic profile
in case someone builds a 32-bit kernel to run on a Xeon SoC, etc.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
7 years agox86: refresh settings for 4.9.59
Philip Prindeville [Fri, 3 Nov 2017 23:01:55 +0000 (17:01 -0600)]
x86: refresh settings for 4.9.59

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
7 years agotools/expat: Update to 2.2.5
Daniel Engberg [Mon, 4 Dec 2017 18:23:15 +0000 (19:23 +0100)]
tools/expat: Update to 2.2.5

Update (lib)expat to 2.2.5

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
7 years agobrcm63xx: backport mdio-bus reset gpio support
Jonas Gorski [Wed, 6 Dec 2017 13:12:06 +0000 (14:12 +0100)]
brcm63xx: backport mdio-bus reset gpio support

Backport the mdio-bus reset gpio support from 4.12 and use it instead
of toggling the reset ourself.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
7 years agobrcm63xx: backport enet cleanup patches
Jonas Gorski [Mon, 2 Oct 2017 09:41:43 +0000 (11:41 +0200)]
brcm63xx: backport enet cleanup patches

Align with upstream version, mostly non-fixes and small clean ups.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
7 years agobrcm63xx: register serial through device tree
Jonas Gorski [Mon, 31 Jul 2017 19:03:37 +0000 (21:03 +0200)]
brcm63xx: register serial through device tree

Register serial consoles through device tree instead of through board
data.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
7 years agobrcm63xx: add uart nodes
Jonas Gorski [Mon, 31 Jul 2017 09:08:20 +0000 (11:08 +0200)]
brcm63xx: add uart nodes

Now that we can register uarts through device-tree, add them to the dtsi
files.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
7 years agobrcm63xx: add clkdev lookup support
Jonas Gorski [Mon, 31 Jul 2017 08:52:48 +0000 (10:52 +0200)]
brcm63xx: add clkdev lookup support

Add clockdev lookup support for easier providing of clocks for
devices.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
7 years agobrcm63xx: Add Sercomm AD1018 support
Daniel Gonzalez Cabanelas [Thu, 31 Aug 2017 20:22:37 +0000 (22:22 +0200)]
brcm63xx: Add Sercomm AD1018 support

Add support for the Sercomm AD1018 router

This a BCM6328 based board, 128 MB RAM, 128 MiB NAND flash,
with an onboard BCM43217 wifi, 4 ethernet ports and 1 USB
host port (not soldered). The board also has an FXS chip (Si32177)
connected via SPI (SS2#), without support in LEDE.

Since NAND flash chips aren't still supported in brcm63xx, the
support is for now added to work only with SPI flash chips. Therefore
hardware modding, soldering a new SPI flash chip, is required
to make the board work with LEDE (tested and working OK).
The flash at dts is intentionally left without partitioning to let
the user choose a NOR chip of any size (8, 16 or 32 MB).

Signed-off-by: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com>
[jonas.gorski: renamed ad1018 to ad1018-nor to signify the modification]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
7 years agoat91: create sdcard image for sama5
Sandeep Sheriker Mallikarjun [Tue, 12 Dec 2017 22:08:26 +0000 (15:08 -0700)]
at91: create sdcard image for sama5

create sdcard image using gen_at91_sdcard_img.sh for sama5 platform
and sdcard image partition layout is:
  P0: Boot (fat32) - contains(at91bootstrap,u-boot,zImage & dtb)
  p1: Rootfs (ext4)

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
7 years agoar71xx: fix invalid pointer dereference in rb95x_nand_scan_fixup()
Gabor Juhos [Tue, 12 Dec 2017 20:49:50 +0000 (21:49 +0100)]
ar71xx: fix invalid pointer dereference in rb95x_nand_scan_fixup()

Since Linux 4.6, mtd->priv no longer points to the NAND specific
structure. Under 4.9 it contains NULL, thus using it to access
chip->options causes an invalid pointer dereference (FS#1200).

Update the code to use the mtd_to_nand() helper under 4.9 to obtain
the address of the chip specific data.

Fixes: 7bbf4117c6fe ("ar71xx: Add kernel 4.9 support")
Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
7 years agoar71xx: fix invalid pointer dereference in c60_nand_scan_fixup()
Gabor Juhos [Wed, 13 Dec 2017 19:31:50 +0000 (20:31 +0100)]
ar71xx: fix invalid pointer dereference in c60_nand_scan_fixup()

Since Linux 4.6, mtd->priv no longer points to the NAND specific
structure. Under 4.9 it contains NULL, thus using it to access
the fields of the nand_chip structure causes an invalid pointer
dereference.

Update the code to use the mtd_to_nand() helper under 4.9 to obtain
the address of the chip specific data.

Compile tested only.

Fixes: 7bbf4117c6fe ("ar71xx: Add kernel 4.9 support")
Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
Tested-by: Christian Lamparter <chunkeey@gmail.com>
7 years agokernel: fix compiler warning in mtdsplit_minor.c under 4.4
Gabor Juhos [Wed, 13 Dec 2017 20:56:03 +0000 (21:56 +0100)]
kernel: fix compiler warning in mtdsplit_minor.c under 4.4

When mtdsplit_minor.c is compiled under Linux 4.4, the compiler
drops the following warning:

    CC      drivers/mtd/mtdsplit/mtdsplit_minor.o
  drivers/mtd/mtdsplit/mtdsplit_minor.c:106:14: warning: initialization from incompatible pointer type [-Wincompatible-pointer-types]
    .parse_fn = mtdsplit_parse_minor,
                ^
  drivers/mtd/mtdsplit/mtdsplit_minor.c:106:14: note: (near initialization for 'mtdsplit_minor_parser.parse_fn')

The second parameter of the parser function must not have a 'const'
qualifier in 4.4. The 001-mtdsplit_backport.patch removes the qualifier
from other partition parsers. Update it to handle mtdsplit_minor.c as
well.

Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
7 years agoiproute2: cake: support new operating modes
Kevin Darbyshire-Bryant [Fri, 15 Dec 2017 16:19:22 +0000 (16:19 +0000)]
iproute2: cake: support new operating modes

There has been recent significant activity with the cake qdisc of late
Some of that effort is related to upstreaming to kernel & iproute2
mainline but we're not quite there yet.  This commit teaches tc how to
activate and interprete the latest cake operating modes, namely:

ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.

ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS.  Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
7 years agokmod-sched-cake: bump to latest bake of cake
Kevin Darbyshire-Bryant [Fri, 15 Dec 2017 16:19:21 +0000 (16:19 +0000)]
kmod-sched-cake: bump to latest bake of cake

There has been recent significant activity with the cake qdisc of late
but in the cobalt branch.  Some of that effort is related to upstreaming
to kernel & iproute2 mainline but we're not quite there yet.  Relevant
feature changes:

ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.

ptm mode: Minor optimisation in packet overhead calculation.

dual-src/dsthost/triple-isolate: Optimise only calculating src or dst
host hashes only if required.

ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS.  Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.

A separate iproute2 patch to teach it about Cake's new features will
follow.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
7 years agoar71xx: fix LED name typo for GL-AR300M
kyson Lok [Fri, 15 Dec 2017 08:21:27 +0000 (16:21 +0800)]
ar71xx: fix LED name typo for GL-AR300M

It shouldn't use double colon characters.

Signed-off-by: kyson Lok <kysonlok@gmail.com>
7 years agonetifd: update to latest git HEAD
Hans Dedecker [Fri, 15 Dec 2017 16:40:00 +0000 (17:40 +0100)]
netifd: update to latest git HEAD

4268193 interface-ip: harden eui64 IPv6 prefix address generation
81ff6d1 interface-ip: fix race condition in IPv6 prefix address generation
d3a5df0 handler: replace is_error() helper with NULL check

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agouhttpd: fix PKG_CONFIG_DEPENDS (FS#1189)
Hans Dedecker [Fri, 15 Dec 2017 16:13:16 +0000 (17:13 +0100)]
uhttpd: fix PKG_CONFIG_DEPENDS (FS#1189)

Remove PACKAGE_uhttpd_debug config as this is an unused leftover
Add CONFIG_uhttpd_lua to PKG_CONFIG_DEPENDS

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agoRevert "ar71xx: TL-WR1043N v4/v5: add orange WAN LED support"
John Crispin [Thu, 14 Dec 2017 09:58:15 +0000 (10:58 +0100)]
Revert "ar71xx: TL-WR1043N v4/v5: add orange WAN LED support"

This reverts commit 256990cbc0157feb8a9f37efeebf0330ab73727f.

this commit caused a compile error

"TL_WR1043_V5_GPIO_LED_WANORANGE" is undefined.

Signed-off-by: John Crispin <john@phrozen.org>
7 years agoopkg: fix PKG_CONFIG_DEPENDS to include version.mk entries
Rafał Miłecki [Thu, 14 Dec 2017 08:39:18 +0000 (09:39 +0100)]
opkg: fix PKG_CONFIG_DEPENDS to include version.mk entries

Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for
VERSION_SED command. We should keep these configs to make sure package
gets refreshed when needed.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
7 years agobase-files: allow skipping of hash verification
Jo-Philipp Wich [Tue, 12 Dec 2017 13:55:11 +0000 (14:55 +0100)]
base-files: allow skipping of hash verification

When calling a download target, hash verification is now completely
skipped if we set PKG_HASH=skip.

This allows to easily bump package version:

$ make package/<mypackage>/download PKG_HASH=skip V=s
$ make package/<mypackage>/check FIXUP=1 V=s

This will download the new version of the package, and then automatically
update PKG_HASH with the hash of the new version.  Of course, it is still
the responsibility of the packager to ensure that the new tarball is
legitimate, because it is downloaded from a possibly untrusted source.

Fixes: b30ba14e ("scripts/download.pl: fail loudly if provided hash is unsupported")
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: John Crispin <john@phrozen.org>
7 years agoar71xx: TL-WR1043N v4/v5: add orange WAN LED support
Tim Thorpe [Thu, 30 Nov 2017 08:32:04 +0000 (02:32 -0600)]
ar71xx: TL-WR1043N v4/v5: add orange WAN LED support

Add missing definitions for the orange WAN LED on the TL-WR1043N(D) v4 and
v5. Minor format correction on a constant for consistency.

Signed-off-by: Tim Thorpe <tim@tfthorpe.net>
7 years agoar71xx: generate BR region-code factory image for TP-Link TL-WR940N
Henryk Heisig [Thu, 7 Dec 2017 20:30:24 +0000 (21:30 +0100)]
ar71xx: generate BR region-code factory image for TP-Link TL-WR940N

Signed-off-by: Henryk Heisig <hyniu@o2.pl>
7 years agofirmware-utils: mktplinkfw: add support for BR region code
Henryk Heisig [Thu, 7 Dec 2017 20:28:28 +0000 (21:28 +0100)]
firmware-utils: mktplinkfw: add support for BR region code

Signed-off-by: Henryk Heisig <hyniu@o2.pl>
7 years agobusybox: enable find -newer needed for shorewall firewall, no size increase on binary
Lucian Cristian [Sat, 9 Dec 2017 17:11:28 +0000 (19:11 +0200)]
busybox: enable find -newer needed for shorewall firewall, no size increase on binary

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
7 years agofirmware-utils: mktplinkfw: fix JFFS2 EOF markers
Sergey Ryazanov [Tue, 10 Oct 2017 22:07:08 +0000 (01:07 +0300)]
firmware-utils: mktplinkfw: fix JFFS2 EOF markers

mktplinkfw/mktplinkfw2 utilities put JFFS2 EOF market only at 64KB
boundary, this could lead to current device configuration lost during
the sysupgrade on a device, which is equpped with flash with the 4KB
erase block size (e.g. TP-Link Archer C20).

This happens when 64KB and 4KB alignments do not match, so the JFFS2
data is written not exactly at the partition beginnig and startup
scripts can not find the JFFS2 during the first boot just after the
sysupgrade.

Fix this by placing additional JFFS2 EOF marker at a 4KB boundary. Also
keep the marker at 64KB intact, so the utilities will produce images
suitable for devices with both 4KB and 64KB erase blocks.

Fixes: 29a2c2ea80441895a2ffe100d854d2b26d5fa606 (add ability to put
jffs2 eof marker into the image)

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
7 years agoar71xx: Fix switch port numbering on MIkrotik RB951Ui-2nD and RB493G
João Chaínho [Sat, 14 Oct 2017 19:34:05 +0000 (20:34 +0100)]
ar71xx: Fix switch port numbering on MIkrotik RB951Ui-2nD and RB493G

This patch fixes the switch port numbering on Mikrotik RB951Ui-2nD (hAP).
Also fixes the switch port numbering shown on LuCI for Mikrotik RB493G.

Signed-off-by: João Chaínho <joaochainho@gmail.com>
7 years agobase-files: fix sysupgrade -b/-l when -c is used
Luiz Angelo Daros de Luca [Tue, 21 Nov 2017 03:45:05 +0000 (01:45 -0200)]
base-files: fix sysupgrade -b/-l when -c is used

Since /overlay/upper appeared, -b ignored -c silently (cause it was
still checking for /overlay/etc). Now, if /overlay/upper is absent,
sysupgrade -c will fail and exit verbosely.

Fix -l to consider -c (it never did).

Clean up to always use /overlay/upper/xxx instead of still checking
for /overlay/xxx.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
7 years agoapm821xx: use x86's upgrade scripts for MyBook Live
Christian Lamparter [Fri, 1 Dec 2017 21:41:11 +0000 (22:41 +0100)]
apm821xx: use x86's upgrade scripts for MyBook Live

Advantages:
 - preserves existing partition layout. On the hard-drive.
   Only the boot and rootfs partition will be overwritten.

Disadvantages:
 - The upgrade process takes much longer to run.
   from 2-3 seconds to 15-25 seconds.

Please note that sysupgrade will refuse to upgrade, if the existing
installation has an incompatible partition layout. Future changes
to the bootfs and/or rootfs partition size will likely cause breakage
to the sysupgrade procedure. In these cases, the ext4-rootfs.img.gz
has to be written manually onto the disk. Please don't forget to backup
your configuration in this cases.

Note2: This patch requires
"base-files: upgrade: make get_partitions() endian agnostic"

Note3: If your current installation does not host the two
changes, sysupgrading will wipe the existing partition
layout. Don't forget to backup your data!

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
7 years agoe2fsprogs: Update to 1.43.7
Rosen Penev [Sat, 2 Dec 2017 22:09:48 +0000 (14:09 -0800)]
e2fsprogs: Update to 1.43.7

Compiled and tested on ramips with no noticeable problems.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
7 years agoapm821xx: MyBook Live convert to DT PHY
Christian Lamparter [Tue, 28 Nov 2017 21:51:09 +0000 (22:51 +0100)]
apm821xx: MyBook Live convert to DT PHY

Changes MyBook Live to use DT PHY probing and the broadcom phy driver.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
7 years agoapm821xx: convert to dt based diag LED script
Christian Lamparter [Tue, 28 Nov 2017 21:51:07 +0000 (22:51 +0100)]
apm821xx: convert to dt based diag LED script

Please note that users with a Netgear WNDR4700
will need to update the device-tree partition
manually.

For instructions, please refere to commit 49856a4bb581
("apm821xx: make it possible to update the dtb partition on the WNDR4700")

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
7 years agobase-files: unify get_dt_led helper function
Christian Lamparter [Tue, 28 Nov 2017 21:51:06 +0000 (22:51 +0100)]
base-files: unify get_dt_led helper function

Lantiq and IPQ806X (which includes IPQ40XX) both define the
same custom function {ipq806x|lantiq}_get_dt_led.

This patch moves the function into the base-file package at
lib/functions/leds.sh to make it more accessible for other
targets as well.

Cc: Mathias Kresin <dev@kresin.me>
Cc: John Crispin <john@phrozen.org>
Cc: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
7 years agobrcm63xx: fix an OOPS when accessing the basemode register on 6368
Jonas Gorski [Wed, 13 Dec 2017 15:36:20 +0000 (16:36 +0100)]
brcm63xx: fix an OOPS when accessing the basemode register on 6368

The bcm6368 pinctrl driver passed the wrong variable to
devm_regmap_field_alloc, causing it to blow up when later trying to
access the field.

Fixes #1211.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
7 years agobase-files: make including distfeeds.conf optional
Jonas Gorski [Wed, 13 Dec 2017 13:41:28 +0000 (14:41 +0100)]
base-files: make including distfeeds.conf optional

To not clutter the system when building an opkg free image, generate the
distfeeds.conf only if CLEAN_IPKG is unset.

Since opkg is now a shared package, we can't rely on PACKAGE_opkg, but
since opkg is not reasonably usable without the status information, we
can tie the distfeeds.conf to it.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
7 years agobase-files: create /etc/opkg before generating distfeeds.conf
Jonas Gorski [Wed, 13 Dec 2017 13:30:30 +0000 (14:30 +0100)]
base-files: create /etc/opkg before generating distfeeds.conf

Ensure /etc/opkg exists before trying to write there. This fixes a build
failure if SIGNED_PACKAGES is disabled.

Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
7 years agopackage: move distfeeds.conf from opkg to base-files
Jonas Gorski [Tue, 12 Dec 2017 10:19:07 +0000 (11:19 +0100)]
package: move distfeeds.conf from opkg to base-files

All the relevant options used for distfeeds.conf are part of base-files,
so it makes more sense to move the file there as well.

This has the added benefit that the we can share the opkg package again,
reducing the amount of target specific packages.

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
7 years agoar71xx: fix lzma-loader build with glibc
Jonas Gorski [Wed, 13 Dec 2017 10:12:11 +0000 (11:12 +0100)]
ar71xx: fix lzma-loader build with glibc

For an unknown reason gcc tries to link in crti.o when building with a
glibc toolchain (this does not happen with other targets). Prevent this
by telling gcc explicitly to not do that.

Fixes the following build error:

/home/jonas/git/lede/staging_dir/toolchain-mips_24kc_gcc-5.5.0_glibc/lib/gcc/mips-openwrt-linux-gnu/5.5.0/../../../../mips-openwrt-linux-gnu/lib/crti.o: In function `_init':
(.init+0x18): relocation truncated to fit: R_MIPS_GOT16 against `__gmon_start__'
/home/jonas/git/lede/staging_dir/toolchain-mips_24kc_gcc-5.5.0_glibc/lib/gcc/mips-openwrt-linux-gnu/5.5.0/../../../../mips-openwrt-linux-gnu/lib/crti.o: In function `_init':
(.init+0x28): relocation truncated to fit: R_MIPS_CALL16 against `__gmon_start__'
collect2: error: ld returned 1 exit status

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
7 years agowireguard: bump to 20171211
Kevin Darbyshire-Bryant [Tue, 12 Dec 2017 19:34:17 +0000 (19:34 +0000)]
wireguard: bump to 20171211

Bump to latest WireGuard snapshot release:

44f8e4d version: bump snapshot
bbe2f94 chacha20poly1305: wire up avx512vl for skylake-x
679e53a chacha20: avx512vl implementation
10b1232 poly1305: fix avx512f alignment bug
5fce163 chacha20poly1305: cleaner generic code
63a0031 blake2s-x86_64: fix spacing
d2e13a8 global: add SPDX tags to all files
d94f3dc chacha20-arm: fix with clang -fno-integrated-as.
3004f6b poly1305: update x86-64 kernel to AVX512F only
d452d86 tools: no need to put this on the stack
0ff098f tools: remove undocumented unused syntax
b1aa43c contrib: keygen-html for generating keys in the browser
e35e45a kernel-tree: jury rig is the more common spelling
210845c netlink: rename symbol to avoid clashes
fcf568e device: clear last handshake timer on ifdown
d698467 compat: fix 3.10 backport
5342867 device: do not clear keys during sleep on Android
88624d4 curve25519: explictly depend on AS_AVX
c45ed55 compat: support RAP in assembly
7f29cf9 curve25519: modularize dispatch

Refresh patches.

Compile-test-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
7 years agodropbear: disable MD5 HMAC and switch to sha1 fingerprints
Martin Schiller [Wed, 22 Nov 2017 12:39:51 +0000 (13:39 +0100)]
dropbear: disable MD5 HMAC and switch to sha1 fingerprints

As MD5 is known weak for many years and more and more
penetration test tools complain about enabled MD5 HMAC
I think it's time to drop it.

By disabling the MD5 HMAC support dropbear  will also
automatically use SHA1 for fingerprints.
This shouldn't be a problem too.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
7 years agotreewide: add only one device when appending to TARGET_DEVICES
Luis Araneda [Sun, 10 Dec 2017 22:45:20 +0000 (19:45 -0300)]
treewide: add only one device when appending to TARGET_DEVICES

This will avoid some conflicts when doing a git rebase or merge,
specially when adding support to a new device.

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
[drop brcm47xx changes which rename the images]
Signed-off-by: Mathias Kresin <dev@kresin.me>
7 years agorules.mk: export TMPDIR
Jo-Philipp Wich [Tue, 12 Dec 2017 15:28:04 +0000 (16:28 +0100)]
rules.mk: export TMPDIR

Set TMPDIR to the same value as the existing TMP_DIR variable in order to
let gcc and various other utilities use the local temporary directory
instead of the system-wide one.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agowolfssl: update to 3.12.2 (1 CVE)
Jo-Philipp Wich [Tue, 12 Dec 2017 16:30:34 +0000 (17:30 +0100)]
wolfssl: update to 3.12.2 (1 CVE)

Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: https://github.com/wolfSSL/wolfssl/pull/1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agobuild: allow PKG_PREPARED_DEPENDS and PKG_CONFIG_DEPENDS to be changed after includin...
Felix Fietkau [Tue, 12 Dec 2017 11:20:56 +0000 (12:20 +0100)]
build: allow PKG_PREPARED_DEPENDS and PKG_CONFIG_DEPENDS to be changed after including package.mk

Reverts commit a9c96ef0ac7ac99e4928f5312f3d0d1252c98328 and replaces it
with a different approach

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agomwlwifi: update to version 10.3.4.0 / 2017-11-29
Kabuli Chana [Wed, 29 Nov 2017 02:46:32 +0000 (19:46 -0700)]
mwlwifi: update to version 10.3.4.0 / 2017-11-29

Improves stability on WRT3200ACM

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
7 years agoar71xx: fix board detection with newer RouterBOOT versions
Gabor Juhos [Fri, 8 Dec 2017 22:31:55 +0000 (23:31 +0100)]
ar71xx: fix board detection with newer RouterBOOT versions

Recent RouterBOOT version (at least version 3.41 on RB911G-5HPacD)
use "Board=" kernel parameter instead of "board=" to pass the board
name to the kernel. Due to this change the board detection code is
not working on the devices shipped with the new RouterBOOT version.
Because the kernel is unable to identify these boards they become
unusable despite that they are supported by the current code.

Update the prom_init code to convert the 'Board' kernel parameter to
'board'. After this change, the board detection works also with the
new RouterBOOT versions.

Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
7 years agobrcm47xx: remove versions from linksys-e1000 target
Moritz Warning [Sat, 9 Dec 2017 01:57:51 +0000 (02:57 +0100)]
brcm47xx: remove versions from linksys-e1000 target

The target name does not need to included a revision
if all revisions are supported.
This target supports all revisions (v1, v2, v2.1).

Signed-off-by: Moritz Warning <moritzwarning@web.de>
[Keep the version numbers in the device title, it doesn't harm]
Signed-off-by: Mathias Kresin <dev@kresin.me>
7 years agobrcm47xx: use proper region code in image name
Moritz Warning [Sat, 9 Dec 2017 01:44:43 +0000 (02:44 +0100)]
brcm47xx: use proper region code in image name

Replace 'north-america' by 'na' and remove 'other-regions' in image
files for Netgear WGR614 v10.

Signed-off-by: Moritz Warning <moritzwarning@web.de>
7 years agolantiq: dgn3500 drop worldwide suffix
Mathias Kresin [Mon, 11 Dec 2017 09:27:17 +0000 (10:27 +0100)]
lantiq: dgn3500 drop worldwide suffix

Remove the WW suffix, everything without a region suffix is world wide
anyway.

While at it, normalise the image filenames by using only lower case
characters.

Signed-off-by: Mathias Kresin <dev@kresin.me>
7 years agokernel: fix spelling in CONFIG_DEVTMPFS help text
Sascha Paunovic [Wed, 29 Nov 2017 18:53:33 +0000 (19:53 +0100)]
kernel: fix spelling in CONFIG_DEVTMPFS help text

Change "ti" to "to", as that's the correct spelling.

Signed-off-by: Sascha Paunovic <azarus@posteo.net>
7 years agolantiq: nand: drop ubifs images
Mathias Kresin [Thu, 19 Oct 2017 21:11:59 +0000 (23:11 +0200)]
lantiq: nand: drop ubifs images

Users are confused which image type they should use and there are more
drawbacks than adavantages in using a r/w ubifs rootfs in constrast to
a read-only squashfs rootfs like:

 - less available free flash space due to better compression of squashfs
   images
 - no support for factory reset due to r/w filesystem
 - possibility to break failsafe due to r/w filesystem

Therefore, drop support for r/w ubifs rootfs images.

Signed-off-by: Mathias Kresin <dev@kresin.me>
7 years agodnsmasq: add DHCP build switch support in full variant
Hans Dedecker [Sun, 10 Dec 2017 15:25:18 +0000 (16:25 +0100)]
dnsmasq: add DHCP build switch support in full variant

Add config option which allows to enable/disable DHCP support at compile
time. Make DHCPv6 support dependant on DHCP support as DHCPv6 support
implies having DHCP support.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agobusybox: fix glibc libresolv dependency for LEDE nslook applet
Jo-Philipp Wich [Sun, 10 Dec 2017 13:26:19 +0000 (14:26 +0100)]
busybox: fix glibc libresolv dependency for LEDE nslook applet

Fixes d1ba483472 merge: busybox: update CONFIG_NSLOOKUP in busybox config.
Fixes FS#1212.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agobase-files: remove remaining uses of %N, and drop VERSION_NICK config symbol
Matthias Schiffer [Sat, 9 Dec 2017 22:25:21 +0000 (23:25 +0100)]
base-files: remove remaining uses of %N, and drop VERSION_NICK config symbol

Fixes d23e1e1e1a "merge: properly remove %n / %N references"

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
7 years agomerge: properly remove %n / %N references
Jo-Philipp Wich [Sat, 9 Dec 2017 15:01:14 +0000 (16:01 +0100)]
merge: properly remove %n / %N references

- use %d instead of %n for opkg feed identifiers
- remove %n / %N references from version files

Fixes bf5cef47b3 merge: release/banner: drop release name and update banner.
Fixes FS#1213.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 years agoramips: fix a typo in 02_network
Pavel Kubelun [Fri, 8 Dec 2017 19:36:06 +0000 (22:36 +0300)]
ramips: fix a typo in 02_network

The typo in network defaults script in ramips target that prevents
defaults to initialize.

Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
7 years agonetifd: always send DHCPv4 hostname
Mathias Kresin [Fri, 8 Dec 2017 08:35:26 +0000 (09:35 +0100)]
netifd: always send DHCPv4 hostname

udhcpc doesn't send a hostname by default. Use the system hostname if
nothing else is specified, to always send a hostname.

It syncs the behaviour to odhcpc, which always sends a hostname.

Signed-off-by: Mathias Kresin <dev@kresin.me>
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agoprocd: nand: remove nand_board_name platform override
Mathias Kresin [Fri, 7 Apr 2017 16:06:17 +0000 (18:06 +0200)]
procd: nand: remove nand_board_name platform override

It isn't uses anymore by any target.

Signed-off-by: Mathias Kresin <dev@kresin.me>
7 years agoar71xx: remove nand_board_name platform override
Mathias Kresin [Fri, 7 Apr 2017 16:03:50 +0000 (18:03 +0200)]
ar71xx: remove nand_board_name platform override

The boardname isn't used any longer to find the subdirectory in the
sysupgrade tar archive, which makes this override useless.

Signed-off-by: Mathias Kresin <dev@kresin.me>
7 years agoprocd: nand: dont rely on boardname in nand_upgrade_tar
Mathias Kresin [Fri, 7 Apr 2017 06:39:59 +0000 (08:39 +0200)]
procd: nand: dont rely on boardname in nand_upgrade_tar

Kernel and rootfs in a subdirectory matching the userspace boardname,
was intended to use a single sysupgrade-tar archive for multiple boards
with different kernel/rootfs images. This feature was never used.

Use the first found directory in the tar archive instead of relying on
a directory named according to the userspace boardname.

It allows to change the boardname without adding another compatibility
layer - using the nand_board_name() function - for (sub)targets using
the metadata based image validation in favour to
nand_do_platform_check().

Signed-off-by: Mathias Kresin <dev@kresin.me>
7 years agokernel: MIPS compile out no-op DMA mapping ops where possible
Felix Fietkau [Tue, 5 Dec 2017 12:01:40 +0000 (13:01 +0100)]
kernel: MIPS compile out no-op DMA mapping ops where possible

Slightly improves networking throughput on some devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agoag71xx: Reduce NAPI weight to 32.
Rosen Penev [Mon, 4 Dec 2017 19:40:22 +0000 (11:40 -0800)]
ag71xx: Reduce NAPI weight to 32.

Qualcomm claims this reduces cache misses. Original commit message below:

From: Ben Menchaca <ben.menchaca@qca.qualcomm.com>
Date: Tue, 11 Jun 2013 12:18:46 -0500
Subject: [ag71xx] reduce NAPI weight

In an attempt to increase our cache warmth, we are decreasing NAPI.
This increases the warmth of the reused SKBs.

Signed-off-by: Ben Menchaca <ben.menchaca@qca.qualcomm.com>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
7 years agoRevert "ag71xx: Switch from driver to kernel macro for NAPI_WEIGHT."
Rosen Penev [Mon, 4 Dec 2017 19:40:21 +0000 (11:40 -0800)]
Revert "ag71xx: Switch from driver to kernel macro for NAPI_WEIGHT."

The motivation for this was misguided. It turns out tuning the NAPI weight could be useful for testing purposes. Therefore reverting.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
7 years agotoolchain: musl: update to current HEAD
Christian Lamparter [Sun, 19 Nov 2017 16:19:23 +0000 (17:19 +0100)]
toolchain: musl: update to current HEAD

Changes:

72656157 fix fgetwc when decoding a character that crosses buffer boundary
a223dbd2 add reverse iconv mappings for JIS-based encodings
105eff9d generalize iconv framework for 8-bit codepages
a71b46cf fix malloc state corruption when ldso rejects loading a second libc
d060edf6 reformat cjk iconv tables to be diff-friendly, match tool output
c21051e9 prevent fork's errno from being clobbered by atfork handlers
a39f20bf add iso-2022-jp support (decoding only) to iconv
5b546faa add iconv framework for decoding stateful encodings
0df5b39a simplify/optimize iconv utf-8 case
9eb6dd51 handle ascii range individually in each iconv case
bff59d13 move iconv_close to its own translation unit
79f49eff refactor iconv conversion descriptor encoding/decoding
30fdda6c fix getaddrinfo error code for non-numeric service with AI_NUMERICSERV
67b29947 fix mismatched type of __pthread_tsd_run_dtors weak definition
13935337 s390x: use generic ioctl.h
4dc44ce8 microblaze: add statx syscall from linux v4.13
ffd048a0 aarch64: add extra_context struct from linux v4.13
6651ef1f add new tcp.h socket options from linux v4.13
14ced228 add new fcntl.h macros from linux v4.13
754f66af ioctl TIOCGPTPEER from linux v4.13
c35a8bf4 add SO_ getsockopt options from linux v4.13
5daaed6a s390x: add syscall number for s390_guarded_storage from linux v4.12
2dc6760f i386: add arch_prctl syscall number from linux v4.12
840d45be aarch64: add new HWCAP_* flags from linux v4.12
4c811227 add ARPHDR_VSOCKMON from linux v4.12
54f04d99 add new SO_ socket options from linux v4.12
9864f60e add statx syscall numbers from linux v4.11
c519658c add TCP_NLA_* enums from linux v4.11
ee3ae782 add TCP_FASTOPEN_CONNECT tcp socket option from linux v4.11
3eb82f73 add ETH_P_IBOE from linux v4.11
bd1560f6 update aarch64 hwcap.h for linux v4.11
cee73f0c add kexec_file_load syscall number on powerpc from linux v4.10
8f569557 add microblaze syscall numbers from linux v4.10
d8004030 add TFD_TIMER_CANCEL_ON_SET that timerfd.h was missing
f5638c22 add ETH_MIN_MTU and ETH_MAX_MTU from linux v4.10
01369691 add IP_RECVFRAGSIZE and IPV6_RECVFRAGSIZE from linux v4.10
5c596ed8 add SCM_TIMESTAMPING_OPT_STATS and related TCP_ enums from linux v4.10
6fc6ca1a adjust posix_spawn dup2 action behavior to match future requirements

Cc: Syrone Wong <wong.syrone@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
7 years agobase-files: upgrade: make get_partitions() endian agnostic
Christian Lamparter [Sun, 19 Nov 2017 16:19:21 +0000 (17:19 +0100)]
base-files: upgrade: make get_partitions() endian agnostic

This patch fixes two issues with the current get_partitions()
function.

First: "Invalid partition table on $disk" will pop up on
legitimate images on big endian system.

This is because the little-endian representation of "55 AA" is
assumed in the context of little-endian architectures. On these
comparing it to the 16-bit word 0xAA55 does work as intented.
Whereas on big-endian systems, this would have to be 0x55AA.

This patch fixes the issue by replacing the integer conversion
and value match check with just a string comparision.

Second: The extraction of the type, start LBA and LBA num from
the partition table has the same endianness issue. This has been
fixed by using the new hex_le32_to_cpu() function. This function
will translate the stored little-endian data to the correct
byte-order if necessary.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
7 years agofirmware: ath10k-firmware: update QCA4019 firmware to 10.4-3.2.1-00058
Christian Lamparter [Sun, 19 Nov 2017 16:19:20 +0000 (17:19 +0100)]
firmware: ath10k-firmware: update QCA4019 firmware to 10.4-3.2.1-00058

This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.2.1-00058 firmware for the QCA4019.

Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
7 years agomerge: etc: update remaining files
Zoltan HERPAI [Tue, 7 Nov 2017 08:45:57 +0000 (09:45 +0100)]
merge: etc: update remaining files

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
7 years agomerge: uhttpd: update cert generation to match system defaults
Zoltan HERPAI [Tue, 7 Nov 2017 08:45:56 +0000 (09:45 +0100)]
merge: uhttpd: update cert generation to match system defaults

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
7 years agomerge: busybox: update CONFIG_NSLOOKUP in busybox config and respective patch
Zoltan HERPAI [Tue, 7 Nov 2017 08:45:55 +0000 (09:45 +0100)]
merge: busybox: update CONFIG_NSLOOKUP in busybox config and respective patch

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
7 years agomerge: packages: update branding in core packages
Zoltan HERPAI [Tue, 7 Nov 2017 08:45:54 +0000 (09:45 +0100)]
merge: packages: update branding in core packages

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
7 years agomerge: ssid: update default ssid
Zoltan HERPAI [Tue, 7 Nov 2017 08:45:53 +0000 (09:45 +0100)]
merge: ssid: update default ssid

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
7 years agomerge: targets: update image generation and targets
Zoltan HERPAI [Tue, 7 Nov 2017 08:45:52 +0000 (09:45 +0100)]
merge: targets: update image generation and targets

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
7 years agomerge: release/banner: drop release name and update banner
Zoltan HERPAI [Tue, 7 Nov 2017 08:45:51 +0000 (09:45 +0100)]
merge: release/banner: drop release name and update banner

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
7 years agomerge: base: update base-files and basic config
Zoltan HERPAI [Tue, 7 Nov 2017 08:45:50 +0000 (09:45 +0100)]
merge: base: update base-files and basic config

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
7 years agomt76: update to the latest version, fixes setting per-vif mac address
Felix Fietkau [Fri, 8 Dec 2017 16:57:24 +0000 (17:57 +0100)]
mt76: update to the latest version, fixes setting per-vif mac address

d02a05b mt7603: update firmware to version 20160107100755
4d4cd05 Partially revert "mt7603: use mcu command to set timing registers, fix OFDM timeout values"
170f334 mt76x2: remove MAC address limitation for multi-vif setups
3563b8f mt76x2: clean up MAC/BSSID address initialization
9de77e1 mt76x2: drop wiphy->addresses
a6a6e25 mt76x2: init: disable APCLI by default
c64633e mt76x2: configure rx filter based on monitor mode setting
ac815fa mt76x2: init: fix rx filter default value during init
e504656 mt7603: configure other-unicast drop based on monitor mode setting

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agoar71xx: C58/C59 fix LAN1 working incorrectly
David Bauer [Mon, 27 Nov 2017 03:19:38 +0000 (04:19 +0100)]
ar71xx: C58/C59 fix LAN1 working incorrectly

This commit fixes LAN Port 1 not transferring data in case no
other LAN Port has active link-state on TP-Link Archer C58/C59.

Signed-off-by: David Bauer <mail@david-bauer.net>
7 years agoopenssl: update to 1.0.2n
Peter Wagner [Fri, 8 Dec 2017 05:23:26 +0000 (06:23 +0100)]
openssl: update to 1.0.2n

add no-ssl3-method again as 1.0.2n compiles without the ssl3-method(s)

Fixes CVEs: CVE-2017-3737, CVE-2017-3738

Signed-off-by: Peter Wagner <tripolar@gmx.at>
7 years agotools/sstrip: Fix compile under standard linux.
Rosen Penev [Thu, 23 Nov 2017 21:18:07 +0000 (13:18 -0800)]
tools/sstrip: Fix compile under standard linux.

bswap32 undefined is the issue. Added the proper header. Also fixed a few format/conversion warnings that clang complained about without -Wall or -Wextra.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
7 years agoodhcpd: fix faulty PKG_SOURCE_DATE in 711a816
Hans Dedecker [Thu, 7 Dec 2017 17:29:08 +0000 (18:29 +0100)]
odhcpd: fix faulty PKG_SOURCE_DATE in 711a816

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agoopkg: bump to version 2017-12-07
Rafał Miłecki [Thu, 7 Dec 2017 17:20:29 +0000 (18:20 +0100)]
opkg: bump to version 2017-12-07

Changes:
3b417b9 opkg_download: decode file:/ URLs
71c27cb file_util: implement urldecode_path()
d1fe095 file_util: consolidate hex/unhex routines
ebdfc12 add opkg option http_timeout
9f003e3 opkg: encode archive filenames while constructing download URLs
73e6c81 file_util: implement urlencode_path() helper
468158f libopkg: fix SHA256 calculation for big endian system

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
7 years agorpcd: update to version from 2017-12-07
Daniel Golle [Thu, 7 Dec 2017 16:22:05 +0000 (17:22 +0100)]
rpcd: update to version from 2017-12-07

cfe1e75c91bc1 sys: packagelist: allow listing all packages
74a784f037867 sys: fix passwd path

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
7 years agodnsmasq: write atomic host file
Hans Dedecker [Thu, 7 Dec 2017 09:11:50 +0000 (10:11 +0100)]
dnsmasq: write atomic host file

Different invocations of the dnsmasq init script (e.g. at startup by procd)
will rewrite the dhcp host file which might result into dnsmasq reading an
empty dhcp host file as it is being rewritten by the dnsmasq init script.
Let the dnsmasq init script first write to a temp dhcp host file so it does
not overwrite the contents of the existing dhcp host file.

Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agostrace: Update to 4.20
Rosen Penev [Wed, 6 Dec 2017 23:55:25 +0000 (15:55 -0800)]
strace: Update to 4.20

Compiled and tested on mvebu. Mainly a kernel 4.14 change. Also
reordered the Makefile a little bit.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
7 years agohostapd: backport fix for wnm_sleep_mode=0
Timo Sigurdsson [Tue, 14 Nov 2017 20:41:30 +0000 (21:41 +0100)]
hostapd: backport fix for wnm_sleep_mode=0

wpa_disable_eapol_key_retries can't prevent attacks against the Wireless
Network Management (WNM) Sleep Mode handshake. Currently, hostapd
processes WNM Sleep Mode requests from clients regardless of the setting
wnm_sleep_mode. Backport Jouni Malinen's upstream patch 114f2830 in
order to ignore such requests by clients when wnm_sleep_mode is disabled
(which is the default).

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[rewrite commit subject (<= 50 characters), bump PKG_RELEASE]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agohostapd: Expose the tdls_prohibit option to UCI
Timo Sigurdsson [Tue, 14 Nov 2017 20:41:29 +0000 (21:41 +0100)]
hostapd: Expose the tdls_prohibit option to UCI

wpa_disable_eapol_key_retries can't prevent attacks against the
Tunneled Direct-Link Setup (TDLS) handshake. Jouni Malinen suggested
that the existing hostapd option tdls_prohibit can be used to further
complicate this possibility at the AP side. tdls_prohibit=1 makes
hostapd advertise that use of TDLS is not allowed in the BSS.

Note: If an attacker manages to lure both TDLS peers into a fake
AP, hiding the tdls_prohibit advertisement from them, it might be
possible to bypass this protection.

Make this option configurable via UCI, but disabled by default.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
7 years agokernel: bump 4.9 to 4.9.67
Stijn Tintel [Wed, 6 Dec 2017 22:51:31 +0000 (23:51 +0100)]
kernel: bump 4.9 to 4.9.67

Refresh patches.
Remove upstreamed patches:
- generic/190-1-5-e1000e-Fix-error-path-in-link-detection.patch
- generic/190-3-5-e1000e-Fix-return-value-test.patch
- generic/190-4-5-e1000e-Separate-signaling-for-link-check-link-up.patch
- generic/190-5-5-e1000e-Avoid-receiver-overrun-interrupt-bursts.patch
- ramips/0102-MIPS-ralink-Fix-MT7628-pinmux.patch
- ramips/0103-MIPS-ralink-Fix-typo-in-mt7628-pinmux-function
Update patches that no longer apply:
- layerscape/815-spi-support-layerscape.patch
- ramips/0099-pci-mt7620.patch

Compile-tested on ar71xx, brcm2708/bcm2708, octeon and x86/64.
Runtime-tested on ar71xx, brcm2708/bcm2708, octeon and x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
7 years agoiproute2: align ip help text for tiny variant
Hans Dedecker [Wed, 6 Dec 2017 21:14:09 +0000 (22:14 +0100)]
iproute2: align ip help text for tiny variant

Tiny variant supports a subset of the ip commands; align the ip help
text so it actually reflects which commands are supported in the
tiny variant.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agoiproute2: update to v4.14.1
Russell Senior [Tue, 28 Nov 2017 07:15:50 +0000 (23:15 -0800)]
iproute2: update to v4.14.1

Preserves optionality of libmnl by letting configuration
script follow the HAVE_MNL environment variable.

Signed-off-by: Russell Senior <russell@personaltelco.net>
7 years agoodhcpd: update to latest git HEAD
Hans Dedecker [Wed, 6 Dec 2017 18:14:38 +0000 (19:14 +0100)]
odhcpd: update to latest git HEAD

c516801 dhcpv4: notify DHCP ACK and RELEASE via ubus

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agoramips: add support for Asus RT-N11P / RT-N12+ / RT-N12E b1
Zoltan HERPAI [Wed, 6 Dec 2017 14:43:55 +0000 (15:43 +0100)]
ramips: add support for Asus RT-N11P / RT-N12+ / RT-N12E b1

This is a variant of the MT7620N-based Asus routers.

Specifications:

- MT7620N (580 MHz)
- 32 MB RAM
- 8 MB Flash
- 5x 10/100Mbps Ethernet (built-in switch)
- 2.4 GHz WLAN
- 2x external, non-detachable antennas
- UART (J2) header on PCB (115200 8n1)

Flash instructions:

1. Configure PC with static IP 192.168.1.75/24
2. Connect PC with one of LAN ports, press the reset button, power up
   the router and keep button pressed for around 6-7 seconds. All 4 LEDs will
   start to blink, which is when the router will accept firmware files via TFTP.
   No known limitations on firmware filenames, just send it with a TFTP client
   to 192.168.1.1.
3. Router will download file from server, write it to flash and reboot.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
7 years agodnsmasq: backport infinite dns retries fix
Hans Dedecker [Wed, 6 Dec 2017 13:22:59 +0000 (14:22 +0100)]
dnsmasq: backport infinite dns retries fix

If all configured dns servers return refused in response to a query in
strict mode; dnsmasq will end up in an infinite loop retransmitting the
dns query resulting into high CPU load.
Problem is fixed by checking for the end of a dns server list iteration
in strict mode.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7 years agosdk: restrict base feed repo to public git for CONFIG_BUILDBOT only
Rafał Miłecki [Mon, 4 Dec 2017 11:48:30 +0000 (12:48 +0100)]
sdk: restrict base feed repo to public git for CONFIG_BUILDBOT only

This allows people to build SDK from custom repository (git access using
ssh) and keep original URL in SDK's feeds.conf.default.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
7 years agobuild: avoid failing in append-metadata if image could not be generated
Felix Fietkau [Mon, 4 Dec 2017 19:24:24 +0000 (20:24 +0100)]
build: avoid failing in append-metadata if image could not be generated

The image build might have failed due to a size check

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agosamba36: backport an upstream fix for an information leak (CVE-2017-15275)
Felix Fietkau [Mon, 4 Dec 2017 08:56:32 +0000 (09:56 +0100)]
samba36: backport an upstream fix for an information leak (CVE-2017-15275)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agomt76: update to the latest version, adds stability fixes
Felix Fietkau [Sun, 3 Dec 2017 18:05:06 +0000 (19:05 +0100)]
mt76: update to the latest version, adds stability fixes

11f42a8 mt76x2: add channel argument to eeprom tx power functions
3bd7e76 mt76x2: initialize channel power limits
19fff41 mt76x2: convert between per-chain tx power and combined output
737cf2b mt7603: rename mt7603_mac_reset to mt7603_pse_reset
8026638 mt7603: rename MT_PSE_RESET register
c4dd32a mt7603: remove watchdog reset on interface stop
d99092b mt7603: remove WARN_ON_ONCE for workaround checks
c8807b4 mt7603: simplify PSE reset
d8a5990 mt7603: warn if PSE reset fails
c079960 mt7603: clean up dma debug reads
96817d6 mt7603: make mt7603_mac_watchdog_reset() static
e953c78 mt7603: clear wtbl PS bit for powersave responses
57a2e33 mt7603: set tx-skip flag for powersave clients
c8e5ab1 mt7603: initialize wtbl ps flag on station add
b4034cf mt76x2: remove some harmless WARN_ONs in tx status and rx path
8e17d36 mt7603: remove some harmless WARN_ONs in rx path

Signed-off-by: Felix Fietkau <nbd@nbd.name>
7 years agolayerscape: rename firmware packages to avoid name collisions
Ted Hess [Fri, 1 Dec 2017 21:32:26 +0000 (16:32 -0500)]
layerscape: rename firmware packages to avoid name collisions

layerscape firmware package names collide with existing package contributions.
Ex: layerscape mc and midnight-commander(mc) are in conflict.

Firmware packages: mc, ppa, rcw and dpl are renamed to ls-mc, ls-ppa, ls-rcw
and ls-dpl respectively.

Signed-off-by: Ted Hess <thess@kitschensync.net>