Hauke Mehrtens [Tue, 22 May 2018 18:44:34 +0000 (20:44 +0200)]
ustream-ssl: update to version 2018-05-22
5322f9d mbedtls: Fix setting allowed cipher suites
e8a1469 mbedtls: Add support for a session cache
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Mon, 21 May 2018 11:58:52 +0000 (13:58 +0200)]
mbedtls: Update to 2.12.0
Multiple security fixes
* CVE-2018-0497 Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel
* CVE-2018-0498 Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel
Disable OFB block mode and XTS block cipher mode, added in 2.11.0.
Disable Chacha20 and Poly1305 cryptographic primitives, added in 2.12.0
Patch the so version back to the original one, the API changes are
looking no so invasive.
The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
163.967 Bytes
ipkg for mips_24kc after:
164.753 Bytes
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Mon, 21 May 2018 11:58:53 +0000 (13:58 +0200)]
mbedtls: Activate the session cache
This make sit possible to store informations about a session and reuse
it later. When used by a server it increases the time to create a new
TLS session from about 1 second to less than 0.1 seconds.
The size of the ipkg file increased by about 800 Bytes.
ipkg for mips_24kc before:
163.140 Bytes
ipkg for mips_24kc after:
163.967 Bytes
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Daniel Engberg [Fri, 6 Jul 2018 13:45:06 +0000 (16:45 +0300)]
mbedtls: cleanup config patch
Clean up patch, use "//" consistently.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Mon, 21 May 2018 11:58:54 +0000 (13:58 +0200)]
mbedtls: Deactivate platform abstraction
This makes mbedtls use the POSIX API directly and not use the own
abstraction layer.
The size of the ipkg decreased by about 100 bytes.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Jo-Philipp Wich [Wed, 8 Aug 2018 17:31:58 +0000 (19:31 +0200)]
kernel: remove stray 4.4 references
The 4.4 version hash was accidentally reintroduced while rebasing the
master commit, remove it again.
Fixes
ca3174e4e9 ("kernel: bump 4.9 to 4.9.118")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 8 Aug 2018 09:12:18 +0000 (11:12 +0200)]
kernel: backport upstream fix for CVE-2018-5390
Backport an upstream fix for a remotely exploitable TCP denial of service
flaw in Linux 4.9+.
The fixes are included in Linux 4.14.59 and later but did not yet end up in
version 4.9.118.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
fefe1da440eede8dfaa23975c30ae2f6fcac744d)
Koen Vandeputte [Tue, 7 Aug 2018 08:34:37 +0000 (10:34 +0200)]
kernel: bump 4.14 to 4.14.61
Refreshed all patches.
Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(backported from commit
7a254aeeb8a9ca7e2846af6ed508f5ec21db350d)
Koen Vandeputte [Tue, 7 Aug 2018 08:33:52 +0000 (10:33 +0200)]
kernel: bump 4.9 to 4.9.118
Refreshed all patches.
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(backported from commit
f7036a34ace38b701243e9357d7f509f8a66f0b1)
John Crispin [Wed, 8 Aug 2018 14:31:14 +0000 (16:31 +0200)]
Revert "kernel: usb: dwc2 DMA alignment fixes"
This reverts commit
1e5bd42d63e508358c703be550590d3ff72dc6e0.
this has already treacled down with the latest kernel bump
Signed-off-by: John Crispin <john@phrozen.org>
John Crispin [Mon, 30 Jul 2018 18:51:56 +0000 (20:51 +0200)]
brcm2708: fix w1 patch
this is now part of generic
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit
5f5d8128815c0624a01e48de25bd5cf1b6ab23ef)
John Crispin [Mon, 30 Jul 2018 15:42:39 +0000 (17:42 +0200)]
base-files: drop fwtool_pre_upgrade
this feature has never worked, the fw image name was not passed and the -t
parameter was missing in the tool invocation. drop the feature.
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit
5e1b4c57ded7898be5255aef594fa18ec206f0b2)
Eneas U de Queiroz [Mon, 30 Jul 2018 12:27:52 +0000 (12:27 +0000)]
libevent2: Don't build tests and samples
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This reduces build time significantly.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry picked from commit
26dbf79f4905e6b5ba5aafdc2271c3a864dd1924)
Pawel Dembicki [Thu, 15 Feb 2018 21:21:25 +0000 (22:21 +0100)]
kernel: generic: fix problem with w1-gpio-custom
In boards with fdt is impossible to use kmod-w1-gpio-custom.
w1-gpio-custom create platform structure for w1-gpio module,
but if board use fdt, data is ignored in w1-gpio probe.
This workaround fix the problem.
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(cherry picked from commit
aa5838adb7be733c427e63bb6cc702f9a533292d)
Masashi Honma [Tue, 17 Jul 2018 23:40:33 +0000 (08:40 +0900)]
wwan: Fix teardown for sierra_net driver
The sierra_net driver is using proto_directip_setup for setup. So use
proto_directip_teardown for teardown.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
(cherry picked from commit
d05967baecca33774ab95d4ffabbcb4cc9d0a1bf)
Lukas Mrtvy [Wed, 11 Jul 2018 08:22:27 +0000 (10:22 +0200)]
kernel: leds-apu2 remove boardname check
'In different versions of coreboot are different names of apu boardname.
No need to check boardname to load module.'
Signed-off-by: Lukas Mrtvy <lukas.mrtvy@gmail.com>
(cherry picked from commit
f21bcb4db8a12cef62e5698f0f711db8dde99db8)
Christian Schoenebeck [Thu, 12 Jul 2018 02:36:03 +0000 (22:36 -0400)]
dropbear: close all active clients on shutdown
Override the default shutdown action (stop) and close all processes
of dropbear
Since commit
498fe85, the stop action only closes the process
that's listening for new connections, maintaining the ones with
existing clients.
This poses a problem when restarting or shutting-down a device,
because the connections with existing SSH clients, like OpenSSH,
are not properly closed, causing them to hang.
This situation can be avoided by closing all dropbear processes when
shutting-down the system, which closes properly the connections with
current clients.
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
[Luis: Rework commit message]
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
(cherry picked from commit
1e177844bc814d3846312c91cd0f7a54df4f32b9)
Lukáš Mrtvý [Wed, 11 Jul 2018 09:33:55 +0000 (11:33 +0200)]
kernel: gpio-nct5104d remove boardname check
'In different versions of coreboot are different names of apu boardname.
No need to check boardname to load module.'
Signed-off-by: Lukáš Mrtvý <lukas.mrtvy@gmail.com>
(cherry picked from commit
d3b8e6b2a77de8b3d5724534714ecdfd8fa6d50c)
Kevin Darbyshire-Bryant [Sun, 8 Jul 2018 10:58:07 +0000 (11:58 +0100)]
build: README punctuation pendantry
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
79b38047b9962846912195b963230653c35900a1)
Kevin Darbyshire-Bryant [Sat, 7 Jul 2018 21:23:01 +0000 (22:23 +0100)]
build: Update README & github help
Update README to include Openwrt branding and improve wording.
Point at the Openwrt wiki in .github templates.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
5781fc6b3f4fade6229390c364c7d7cca514ec76)
Kevin Darbyshire-Bryant [Wed, 4 Jul 2018 16:26:16 +0000 (17:26 +0100)]
basefiles: Reword sysupgrade message
sysupgrade 'upgrade' message more verbose than needs be.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
edf338f248a270f5fd85edc04775ec5ed6d46bca)
Florian Eckert [Fri, 6 Jul 2018 12:31:44 +0000 (14:31 +0200)]
linux: update license tag to use correct SPDX tag
Use SPDX tag.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
c79ef6fbe39b0626214542a0de141da092be193c)
Antti Seppälä [Fri, 6 Jul 2018 06:35:37 +0000 (09:35 +0300)]
kernel: usb: dwc2 DMA alignment fixes
Add two patches submitted for upstream review that significantly improve
the dwc2 driver on openwrt from kernel stability and performance
perspectives.
Fixes: FS#1367
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
(cherry picked from commit
9f451ec698ede068e911821473cbe94f50a2977c)
Zoltan HERPAI [Sat, 7 Jul 2018 09:44:02 +0000 (11:44 +0200)]
firmware: amd64-microcode: update to
20180524
* New microcode update packages from AMD upstream:
+ New Microcodes:
sig 0x00800f12, patch id 0x08001227, 2018-02-09
+ Updated Microcodes:
sig 0x00600f12, patch id 0x0600063e, 2018-02-07
sig 0x00600f20, patch id 0x06000852, 2018-02-06
* Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support,
plus other unspecified fixes/updates.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
(cherry picked from commit
10e393262caeba1e9cbdcc937d20fe15ad5f448a)
Koen Vandeputte [Wed, 8 Aug 2018 07:56:49 +0000 (09:56 +0200)]
kernel: remove linux 4.4 support
No targets are using it anymore
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Wed, 8 Aug 2018 07:54:51 +0000 (09:54 +0200)]
kernel: remove linux 3.18 support
No targets are using it anymore
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Jo-Philipp Wich [Tue, 7 Aug 2018 14:30:20 +0000 (16:30 +0200)]
libubox: fix mirror hash
Correct the mirror hash to reflect whats on the download server.
A locally produced libubox SCM tarball was also verified to yield an identical
checksum compared to the one currently on the download server.
Fixes FS#1707.
Fixes
5dc32620c4 ("libubox: update to latest git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
432eaa940fee0b8023bee122da4cb08f3216209f)
John Crispin [Mon, 30 Jul 2018 21:56:14 +0000 (23:56 +0200)]
netifd: update to latest git HEAD
a0a1e52 fix compile error
75ee790 interface-ip: fix eui64 ifaceid generation (FS#1668)
ca97097 netifd: make sure the vlan ifname fits into the buffer
b8c1bca iprule: remove bogus assert calls
a2f952d iprule: fix broken in_dev/out_dev checks
263631a vlan: use alloca to get rid of IFNAMSIZE in vlan_dev_set_name()
291ccbb ubus: display correct prefix size for IPv6 prefix address
908a9f4 CMakeLists.txt: add -Wimplicit-fallthrough to the compiler flags
b06b011 proto-shell.c: add a explicit "fall through" comment to make the compiler happy
60293a7 replace fall throughs in switch/cases where possible with simple code changes
5cf7975 iprule: rework interface based rules to handle dynamic interfaces
57f87ad Introduce new interface event "create" (IFEV_CREATE)
03785fb system-linux: fix build error on older kernels
d1251e1 system-linux: adjust bridge isolate mode for upstream attribute naming
e9eff34 system-linux: extend link mode speed definitions
c1f6a82 system-linux: add autoneg and link-partner output
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit
3c4eeb5d21073dea5a021012f9e65ce95f81806e)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Jo-Philipp Wich [Mon, 6 Aug 2018 17:52:06 +0000 (19:52 +0200)]
Revert "mt7620: gsw: make IntPHY and ExtPHY share mdio addr 4 possible"
This reverts commit
b40316c21a960d332bc9b04ee1791b8aafcf8786.
That change causes ramips/mt7620 to fail with:
drivers/net/ethernet/mtk/gsw_mt7620.c: In function 'mt7620_hw_init':
drivers/net/ethernet/mtk/gsw_mt7620.c:171:14: error: 'mdio_mode' undeclared (first use in this function); did you mean 'd_move'?
} else if (!mdio_mode) {
^~~~~~~~~
d_move
Back it out for now to restore compilation.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Stijn Tintel [Tue, 31 Jul 2018 09:19:18 +0000 (12:19 +0300)]
kernel: add missing ARM64_SSBD symbol
In 4.14.57, a new symbol for Spectre v4 mitigation was introduced for
ARM64. Add this symbol to all ARM64 targets using kernel 4.14.
This mitigates CVE-2018-3639 on ARM64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit
77e3e706ce0dfe653a28e088bdcf0acddead0091)
Chen Minqiang [Fri, 3 Aug 2018 17:14:07 +0000 (01:14 +0800)]
mt7620: gsw: make IntPHY and ExtPHY share mdio addr 4 possible
To share mdio addr for IntPHY and ExtPHY,
as described in the documentation (MT7620_ProgrammingGuide.pdf).
(refer: http://download.villagetelco.org/hardware/MT7620/MT7620_ProgrammingGuide.pdf)
when port4 setup to work as gmac mode, dts like:
&gsw {
mediatek,port4 = "gmac";
};
we should set SYSCFG1.GE2_MODE==0x0 (RGMII).
but SYSCFG1.GE2_MODE may have been set to 3(RJ-45) by uboot/default
so we need to re-set it to 0x0
before this changes:
gsw: 4FE + 2GE may not work correctly and MDIO addr 4 cannot be used by ExtPHY
after this changes:
gsw: 4FE + 2GE works and MDIO addr 4 can be used by ExtPHY
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
(cherry picked from commit
f6d81e2fa1f110d8025eaa434d67d0014aca1d42)
Daniel Gimpelevich [Wed, 1 Aug 2018 14:51:47 +0000 (07:51 -0700)]
ramips: fix gigabit switch PHY access on MDIO
When PHY's are defined on the MDIO bus in the DTS, gigabit support was
being masked out for no apparent reason, pegging all such ports to 10/100.
If gigabit support must be disabled for some reason, there should be a
"max-speed" property in the DTS.
Reported-by: James McKenzie <openwrt@madingley.org>
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
(cherry picked from commit
379fe506729a20c5fdb072840cb662b032e90c36)
Stijn Segers [Sat, 4 Aug 2018 16:08:26 +0000 (18:08 +0200)]
kernel: bump 4.14 to 4.14.60 for 18.06
* Refreshed patches.
* Patches made redundant by changes upstream:
- target/linux/ramips/patches-4.14/0036-mtd-fix-cfi-cmdset-0002-erase-status-check.patch
* Patches accepted upstream:
- target/linux/apm821xx/patches-4.14/020-0001-crypto-crypto4xx-remove-bad-list_del.patch
- target/linux/apm821xx/patches-4.14/020-0011-crypto-crypto4xx-fix-crypto4xx_build_pdr-crypto4xx_b.patch
- target/linux/brcm63xx/patches-4.14/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch
- target/linux/brcm63xx/patches-4.14/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch
- target/linux/generic/backport-4.14/080-net-convert-sock.sk_wmem_alloc-from-atomic_t-to-refc.patch
- target/linux/generic/pending-4.14/900-gen_stats-fix-netlink-stats-padding.patch
The ext4 regression introduced in 4.14.55 has been fixed by 4.14.60 (commit
f547aa20b4f61662ad3e1a2040bb3cc5778f19b0).
Fixes the following CVEs:
- CVE-2018-10876
- CVE-2018-10877
- CVE-2018-10879
- CVE-2018-10880
- CVE-2018-10881
- CVE-2018-10882
- CVE-2018-10883
Thanks to Stijn Tintel for the CVE list :-).
Compile-tested on: ramips/mt7621, x86/64
Run-tested on: ramips/mt7621, x86/64
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Stijn Segers [Sat, 4 Aug 2018 16:08:25 +0000 (18:08 +0200)]
kernel: bump 4.9 to 4.9.117 for 18.06
* Refreshed patches.
* Removed patches:
- target/linux/ar71xx/patches-4.9/103-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch superseded by upstream
- target/linux/ar71xx/patches-4.9/403-mtd_fix_cfi_cmdset_0002_status_check.patch superseded by upstream
- target/linux/brcm63xx/patches-4.9/001-4.11-01-mtd-m25p80-consider-max-message-size-in-m25p80_read.patch accepted upstream
- target/linux/brcm63xx/patches-4.9/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch accepted upstream
- target/linux/brcm63xx/patches-4.9/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch accepted upstream
- target/linux/generic/pending-4.9/900-gen_stats-fix-netlink-stats-padding.patch
* New backported patch to address ext4 breakage, introduced in 4.9.112:
- backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch
Also add ARM64_SSBD symbol to ARM64 targets still running kernel 4.9
Thanks to Koen Vandeputte for pointing out the need to add the ARM64_SSBD symbol, and the ext4 patch.
Compile-tested on: ar71xx
Run-tested on: ar71xx
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Jo-Philipp Wich [Fri, 3 Aug 2018 21:50:29 +0000 (23:50 +0200)]
uclient: update to latest git HEAD
f2573da uclient-fetch: use package name pattern in message for missing SSL library
9fd8070 uclient-fetch: Check for nullpointer returned by uclient_get_url_filename
f41ff60 uclient-http: basic auth: Handle memory allocation failure
a73b23b uclient-http: auth digest: Handle multiple possible memory allocation failures
66fb58d uclient-http: Handle memory allocation failure
2ac991b uclient: Handle memory allocation failure for url
63beea4 uclient-http: Implement error handling for header-sending
eb850df uclient-utils: Handle memory allocation failure for url file name
ae1c656 uclient-http: Close ustream file handle only if allocated
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
e44162ffca448d024fe023944df702c9d3f6b586)
Jo-Philipp Wich [Fri, 3 Aug 2018 11:45:27 +0000 (13:45 +0200)]
sdk: include arch/arm/ Linux includes along with arch/arm64/ ones
The Linux headers on arm64 architectures contain references to common
arch/arm/ headers which were not bundled by the SDK so far.
Check if we're packing the SDK for an arm64 target and if we do, also
include arch/arm headers as well.
Fixes FS#1725.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
4bb8a678e0e0eaf5c3651cc73f3b2c4cb1d267a2)
Koen Vandeputte [Thu, 2 Aug 2018 13:00:17 +0000 (15:00 +0200)]
iperf: bump to 2.0.12
2.0.12 change set (as of June 25th 2018)
o Change the unicast TTL default value from 1 to the system default (to be compatable with previous versions.) Mulitcast still defaults to 1.
o adpative formatting bug fix: crash occurs when values exceed 1 Tera. Add support for Tera and Peta and eliminate the potential crash condition
o configure default compile to include isochronous support (use configure --disable-isochronous to remove support)
o replace 2.0.11's --vary-load option with a more general -b option to include <mean>,<stdev>, e.g. -b 100m,40m, which will pull from a log normal distribution every 0.1 seconds
o fixes for windows cross compile (using mingw32)
o compile flags of -fPIE for android
o configure --enable-checkprograms to compile ancillary binaries used to test things such as delay, isoch, pdf generation
o compile tests when trying to use 64b seq numbers on a 32b platform
o Fix GCC ver 8 warnings
2.0.11 change set (as of May 24th, 2018)
o support for -b on server (read rate limiting)
o honor -T (ttl) for unicast. (Note: the default value is 1 so this will impact unicast tests that require routing)
o support for --isochronous traffic with optional frames per second, mean and variance uses a log normal distribution (requires configure w/-enable-isochronous and compile)
o support for --udp triggers (requires configure w/ --enable-udptriggers, early code with very limited support)
o support for --udp-histogram with optional bin width and number of bins (default is 1 millisecond bin width and 1000 bins)
o support for frame (burst) latency histograms when --isochronous is set
o support for --tx-sync with -P for synchonrized writes. Initial use is for WiFi OFDMA latency testing.
o support for --incr-dstip with -P for simultaneous flows to multiple destinations (use case is for OFDMA)
o support for --vary-load with optional weight, uses log normal distribution (requires -b to set the mean)
o support for --l2checks to detect L2 length errors not detected by v4 or v6 payload length errors (requires linux, berkeley packet filters BPFs and AF_PACKET socket support)
o support for server joining mulitcast source specific multicast (S,G) and (*,G) for both v4 and v6 on platforms that support it
o improved write counters (requires -e)
o accounting bug fix on client when write fails, this bug was introduced in 2.0.10
o slight restructure client/server traffic thread code for maintainability
o python: flow example script updates
o python: ssh node object using asyncio
o python: histograms in flows with plotting (assumed gnuplot available)
o python: hierarchical clustering of latency histograms (early code)
o man pages updates
o Note: latency histograms require client and server system clock synchronization. A GPS disciplined oscillator using Precision Time Protocol works well for this.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Jo-Philipp Wich [Wed, 1 Aug 2018 07:11:17 +0000 (09:11 +0200)]
sdk: bundle usbip userspace sources
Bundle the usbip utility sources shipped with the Linux kernel tree in
order to allow the usbip packages from the package feed to build within
the OpenWrt SDK.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
d0e0b7049f88774e67c3d5ad6b573f7070e5f900)
Bjørn Mork [Tue, 31 Jul 2018 12:01:12 +0000 (14:01 +0200)]
include/feeds.mk: fix distfeeds.conf without per-feed repos
commit
514a4b3e1b4e4 ("include/feeds.mk: rework generation of opkg
distfeeds.conf") made the per-feed "base" repo unconditional, making
the default configuration fail when PER_FEED_REPO is disabled:
root@wrt1900ac-1:~# cat /etc/opkg/distfeeds.conf
src/gz openwrt_core http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages
src/gz openwrt_base http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base
root@wrt1900ac-1:~# opkg update
Downloading http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages/Packages.sig
Signature check passed.
Downloading http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz
*** Failed to download the package list from http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz
Collected errors:
* opkg_download: Failed to download http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz, wget returned 8.
Cc: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: 514a4b3e1b4e ("include/feeds.mk: rework generation of opkg distfeeds.conf")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
[whitespace/indentation fix]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
c72f3b5e2b7e9a86488046bb6e2396f2354b82c9)
Rafał Miłecki [Sat, 28 Jul 2018 19:46:40 +0000 (21:46 +0200)]
bcm53xx: backport BCM5301X/BCM53573 dts commits from 4.19+
This includes Linksys EA9500 support, BCM53573 timer fix and
upstream-ready partitions patch that replaces two downstream hacks.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
a07730472c49c1f7bb56afa3eb8be23e6e87b4f1)
Rafał Miłecki [Sat, 28 Jul 2018 19:37:46 +0000 (21:37 +0200)]
bcm53xx: switch USB 3.0 PHY DT description to use MDIO bus
USB 3.0 PHY is attached to the MDIO bus and should be supported
(accessed) as a MDIO device. This wasn't known initially which resulted
in writing driver that was working with MDIO bus (using some magic
values) without knowing it.
This commit updates DT to properly describe MDIO & USB 3.0 PHY and
enables required kernel drivers.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
8a175ea2198f59795113a3857f6a742a455ad54f)
Rafał Miłecki [Sat, 28 Jul 2018 19:35:23 +0000 (21:35 +0200)]
bcm53xx: backport DT fix for I2C controller interrupt
Specified interrupt type was incorrect.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
5c8b8a3fd4be9702940859c1e1e5c3f1b4f33f50)
Rafał Miłecki [Fri, 27 Jul 2018 19:54:08 +0000 (21:54 +0200)]
kernel: backport mtd support for subpartitions in DT
This is a new & warm feature that allows nesting partiitons in DT and
mixing their types (e.g. static vs. dynamic). It's very useful for
boards that have most partitions static but some of them require extra
parsing (e.g. a "firmware" partition).
It's required to successfully backport support for new devices using
that new syntax in their DT files.
Since brcm63xx has a custom alternative patch the upstream one is being
reverted for it. The plan is to make brcm63xx use the upstream
implementation.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
2a598bbaa3f75b7051c2453a6ccf706191cf2153)
Rafał Miłecki [Fri, 27 Jul 2018 13:51:53 +0000 (15:51 +0200)]
kernel: backport mtd patches with Broadcom of_match_table-s
Two tiny & trivial patches with no regression risk. One simplifies
bcm53xx downstream patch.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
6bcafea2c04849e8a9cca71a7759b20d1010d643)
Axel Neumann [Mon, 21 May 2018 18:32:09 +0000 (20:32 +0200)]
Re-enable arbitrary IPv6 addresses as outer ip4-in-ip6 tunnel source address
The 666-Add-support-for-MAP-E-FMRs-mesh-mode.patch kernel patches
break the possibility for using an ip4ip6 tunnel interface as a fall
back interface accepting ip4-in-ip6 tunneled packets from any remote
address. This works out of the box with any normal (non-666-patched)
kernel and can be configured by setting up an 'ip -6 tunnel' with type
'any' or 'ip4ip6' and a remote address of '::'.
The misbehavior comes with line 290 the patch which discards all packets
that do not show the expected saddr, even if no single fmr rule was
defined and despite the validity of the saddr was already approved earlier.
Signed-off-by: Axel Neumann <neumann@cgws.de>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from
65c05301c2)
Daniel Golle [Tue, 31 Jul 2018 03:17:52 +0000 (05:17 +0200)]
kernel: remove duplicate #define's in at803x Ethernet PHY driver
AT803X_REG_CHIP_CONFIG and AT803X_BT_BX_REG_SEL have been defined
upstream by commit
f62265b53ef3 ("at803x: double check SGMII side autoneg")
An existing local patch then added those exact same defines again which
isn't necessary, so remove them.
Fixes: f791fb4af450 ("kernel: add linux 4.9 support")
Fixes: b3f95490b9be ("kernel: generic: Add kernel 4.14 support")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
67fcff6aaf)
Daniel Golle [Tue, 31 Jul 2018 02:50:38 +0000 (04:50 +0200)]
kernel: re-add patch for AT8032 Ethernet PHY
The patch was wrongly removed by a kernel version bump to 4.9.106 in
the believe that it was merged upstream thow it wasn't. This lead to
unrecoverable link losses on devices which use those PHYs such as
many ubnt single-port CPEs.
Fixes: 6f8eb1b50f ("kernel: bump 4.9 to 4.9.106 for 18.06")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
a497e47762)
Christian Schoenebeck [Mon, 30 Jul 2018 19:31:41 +0000 (21:31 +0200)]
ca-certificates[18.06]]: remove myself as PKG_MAINTAINER
remove myself as PKG_MAINTAINER
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
Jo-Philipp Wich [Mon, 30 Jul 2018 16:30:59 +0000 (18:30 +0200)]
OpenWrt v18.06.0: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Mon, 30 Jul 2018 16:30:59 +0000 (18:30 +0200)]
OpenWrt v18.06.0: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Mon, 30 Jul 2018 16:24:04 +0000 (18:24 +0200)]
Revert "ar71xx: define switch for rb-952ui-5ac2nd"
This reverts commit
3442ec5d5724ca747c9f76b949dc8d21c94228c0.
The device behaviour is reportedly erratic so let's not take chances and
leave this out for now.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Thibaut VARÈNE [Mon, 30 Jul 2018 15:37:40 +0000 (17:37 +0200)]
ar71xx: define switch for rb-952ui-5ac2nd
QCA9533 built-in switch can be configured
Tested-by: Thibaut VARÈNE <hacks@slashdirt.org>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit
0e43c31ebde996ca88f5857bb7e6c4cbf3f65756)
Paul Spooren [Fri, 20 Jul 2018 08:32:12 +0000 (17:32 +0900)]
imagebuilder: add function to show manifest
Tested with 18.06.0-rc2/ar71xx/generic/tl-wdr4300-v1, image & list
This PR is based on the work of @fewckert[1] with slight improvements.
Add function `manifest` to show the manifest of the produced image,
before actually building it. The manifest contains an orderd list of
package name and version.
This is usefull to check package dependencies but also determine a
unique and reproducible image name before building the package. The
sysupgrade server[2] builds images on request with individual package
selection. To distignish between created images which contain differnt
packages, the EXTRA_IMAGE_NAME is set to a shortend hash of the
manifest's content. So far the image was renamed afterwards as the
manifests content was unknown, however this corrupts the signed
sha256sums. This patch allows a clean solution as to dtermine the
manifest in advance and set the EXTRA_IMAGE_NAME accordingly.
[1]: https://github.com/lede-project/source/pull/1591
[2]: https://github.com/aparcar/attendedsysupgrade-server
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry-picked from commit
869b0d11db)
张鹏 [Tue, 17 Jul 2018 10:14:25 +0000 (18:14 +0800)]
ar71xx:add support for E750G v8
Qxwlan E750G v8 is based on Qualcomm QCA9344.
Specification:
- 560/450/225 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 8/16 MB of FLASH (SPI NOR)
- 2T2R 2.4G GHz (AR9344)
- 2x 10/100 Mbps Ethernet (PoE support)
- 2x 10/100/1000 Mbps Ethernet
- 7x LED (6 driven by GPIO)
- 1x button (reset)
- 1x DC jack for main power input (9-48 V)
- UART (J23) and LEDs (J2) headers on PCB
Flash instruction (using U-Boot CLI and tftp server):
- Configure PC with static IP 192.168.1.10 and tftp server.
- Rename "sysupgrade" filename to "firmware.bin" and place it in tftp
server directory.
- Connect PC with one of RJ45 ports, power up the board and press
"enter" key to access U-Boot CLI.
- Use the following command to update the device to OpenWrt: "run lfw".
Flash instruction (using U-Boot web-based recovery):
- Configure PC with static IP 192.168.1.xxx(2-254)/24.
- Connect PC with one of RJ45 ports, press the reset button, power up
the board and keep button pressed for around 6-7 seconds, until LEDs
start flashing.
- Open your browser and enter 192.168.1.1, select "sysupgrade" image
and click the upgrade button.
Signed-off-by: 张鹏 <sd20@qxwlan.com>
(cherry picked from commit
53a45020135b504cb4bee0fa8d98c8eaf6391066)
张鹏 [Tue, 17 Jul 2018 10:11:21 +0000 (18:11 +0800)]
ar71xx:add support for E750A v4
Qxwlan E750A v4 is based on Qualcomm QCA9344.
Specification:
- 560/450/225 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 8/16 MB of FLASH (SPI NOR)
- 2T2R 5G GHz (AR9344)
- 2x 10/100 Mbps Ethernet (one port with PoE support)
- 1x miniPCIe slot (USB 2.0 bus only)
- 7x LED (6 driven by GPIO)
- 1x button (reset)
- 1x DC jack for main power input (9-48 V)
- UART (J23) and LEDs (J2) headers on PCB
Flash instruction (using U-Boot CLI and tftp server):
- Configure PC with static IP 192.168.1.10 and tftp server.
- Rename "sysupgrade" filename to "firmware.bin" and place it in tftp
server directory.
- Connect PC with one of RJ45 ports, power up the board and press
"enter" key to access U-Boot CLI.
- Use the following command to update the device to OpenWrt: "run lfw".
Flash instruction (using U-Boot web-based recovery):
- Configure PC with static IP 192.168.1.xxx(2-254)/24.
- Connect PC with one of RJ45 ports, press the reset button, power up
the board and keep button pressed for around 6-7 seconds, until LEDs
start flashing.
- Open your browser and enter 192.168.1.1, select "sysupgrade" image
and click the upgrade button.
Signed-off-by: 张鹏 <sd20@qxwlan.com>
(cherry picked from commit
ac03d51a3f4daa2f6a2a83f041dcd71674a9f724)
张鹏 [Tue, 17 Jul 2018 10:08:10 +0000 (18:08 +0800)]
ar71xx:add support for E558 v2
Qxwlan E558 v2 is based on Qualcomm QCA9558 + AR8327.
Specification:
- 720/600/200 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 8/16 MB of FLASH (SPI NOR)
- 2T2R 2.4 GHz (QCA9558)
- 3x 10/100/1000 Mbps Ethernet (one port with PoE support)
- 4x miniPCIe slot (USB 2.0 bus only)
- 1x microSIM slot
- 5x LED (4 driven by GPIO)
- 1x button (reset)
- 1x 3-pos switch
- 1x DC jack for main power input (9-48 V)
- UART (JP5) and LEDs (J8) headers on PCB
Flash instruction (using U-Boot CLI and tftp server):
- Configure PC with static IP 192.168.1.10 and tftp server.
- Rename "sysupgrade" filename to "firmware.bin" and place it in tftp
server directory.
- Connect PC with one of RJ45 ports, power up the board and press
"enter" key to access U-Boot CLI.
- Use the following command to update the device to OpenWrt: "run lfw".
Flash instruction (using U-Boot web-based recovery):
- Configure PC with static IP 192.168.1.xxx(2-254)/24.
- Connect PC with one of RJ45 ports, press the reset button, power up
the board and keep button pressed for around 6-7 seconds, until LEDs
start flashing.
- Open your browser and enter 192.168.1.1, select "sysupgrade" image
and click the upgrade button.
Signed-off-by: 张鹏 <sd20@qxwlan.com>
(cherry picked from commit
b74f63f81d6121b5eace3f0c0c87399f7e0fde92)
Christian Lamparter [Sun, 29 Jul 2018 09:55:14 +0000 (11:55 +0200)]
brcm2708: split sdcard.img.gz into a sysupgrade and factory image
@vahid-dan reported a issue with extracting the rpi images with
Gnome's Archive Manager:
"Ubuntu Archive Manager cannot extract the file and it just
throws a general error message: "An error occurred while
extracting files".
<https://forum.lede-project.org/t/corrupted-pre-built-v18-06-0-rc2-image-for-rpi>
@blogic told me to split the single sdcard.img.gz for the RPi
into a sysupgrade and a factory image for all brcm2708 targets.
The factory images will have no metadata attached, this way
these utilities that can't deal with the attached metadata will
not fail for no reason.
Cc: John Crispin <john@phrozen.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit
7516a960113d512cb2909f40bd07caf2a6c547b1)
Jo-Philipp Wich [Tue, 17 Jul 2018 05:47:33 +0000 (07:47 +0200)]
base-files: network.sh: gracefully handle missing network.interface ubus ns
When attempting to use any of the functions in network.sh while netifd is
not started yet, the ubus interface dump query will fail with "Not found",
yielding an empty response.
Subsequently, jsonfilter is invoked with an empty string instead of a valid
JSON document, causing it to emit a second "unexpected end of data" error.
This caused the dnsmasq init script to log the following errors during
early boot on some systems:
procd: /etc/rc.d/S19dnsmasq: Command failed: Not found.
procd: /etc/rc.d/S19dnsmasq: Failed to parse json data: unexpected end of data.
Fix the issue by allowing the ubus query to fail with "Not found" but still
logging other failures, and by passing an empty JSON object to jsonfilter
if the interface status cache is empty.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Nick Hainke [Wed, 25 Jul 2018 18:16:13 +0000 (20:16 +0200)]
iwinfo: update to version 2018-07-24
Update to new iwinfo version.
Adds support for channel survey.
Adds ubus support.
Etc.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
296ae7ab89c179ff39feff973000fcb864754df7)
John Crispin [Fri, 18 May 2018 07:37:53 +0000 (09:37 +0200)]
iwinfo: bump to latest git HEAD
e59f925 hardware: add device ids for QCA9984, 88W8887 and 88W8964 radios
2a82f87 nl80211: back out early when receiving FAIL-BUSY reply
77c32f0 nl80211: fix code calculating average signal and rate
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit
20b76c0a5bb7a13dcc739bd644f0f968e3b3c68a)
Thibaut VARÈNE [Sun, 29 Jul 2018 10:14:57 +0000 (12:14 +0200)]
ar71xx: rbspi: fix RB wAP AC gpio conflict and LED
e15c63a37574bd15ce3a6636c2f04741ab76f7b9 introduced code that was trying
to register GPIO 1 as both an LED and a button. The OEM source makes it
clear that LED1 is not wired to the SoC GPIOs. GPIO 1 is the reset button.
Furthermore the (green) power led default state should also be defined,
(matching OEM source), and it should be used by diag.sh since it's
currently the only software-controllable LED.
This patch fixes these issues and renames the corresponding #defines for
clarity
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit
e99f760235bb45716018faab52d31ce8165f49a0)
Thibaut VARÈNE [Sun, 29 Jul 2018 10:14:59 +0000 (12:14 +0200)]
ar71xx: add missing diag LED support for RB wAP 2nD
3b15eb06c366cf3805590a61f22e966a95bf8101 did not include diag.sh
edit
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit
5c2419b6f82e2ec49ecac17ae17fdbdb151701c7)
Jo-Philipp Wich [Mon, 30 Jul 2018 06:36:26 +0000 (08:36 +0200)]
brcm47xx: rework model detection
On brcm47xx boards, the model ID is the combination of the "boardtype" nvram
variable and an optional supplemental "boardnum" variable while the human
readable model name is usually exposed in the "machine" field of the
/proc/cpuinfo file.
Move the extraction of the board nvram variables and model name string into
the 01_sysinfo file and rework the 01_detect board configuration script to
solely use the prepared sysinfo values without performing own detection
logic.
As a consequence, we can drop the ucidef_set_board_id() and
ucidef_set_model_name() invocations in favor to the generic behaviour
which copies the /tmp/sysinfo/{board_name,model} values into the board.json
"id" and "name" fields respectively.
Since "01_detect" only contains network configuration logic after this
change, move it to "01_network" and rename the contained "detect_by_xxx"
functions to "configure_by_xxx" instead, to avoid potential confusion.
Fixes FS#1576
Acked-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
d7d10f2c1e8511fe07c9760e85f2272a85168f8d)
Rafał Miłecki [Sun, 29 Jul 2018 09:01:14 +0000 (11:01 +0200)]
bcm53xx: revert SPI controller commit breaking flash reads
That upstream commit caused instability in flash reads. It was reported
but there isn't any proper fix as for now.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
0417b08b06dd946c2670d0a19e3426c61e33f6be)
Kevin Darbyshire-Bryant [Sat, 28 Jul 2018 09:47:32 +0000 (10:47 +0100)]
dnsmasq: bump to dnsmasq v2.80test3
Refresh patches
Upstream commits since last bump:
3b6eb19 Log DNSSEC trust anchors at startup.
f3e5787 Trivial comment change.
c851c69 Log failure to confirm an address in DHCPv6.
a3bd7e7 Fix missing fatal errors when parsing some command-line/config options.
ab5ceaf Document the --help option in the french manual
1f2f69d Fix recurrent minor spelling mistake in french manual
f361b39 Fix some mistakes in french translation of the manual
eb1fe15 When replacing cache entries, preserve CNAMES which target them.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
1e93ef84981f2722138824413a1b197fdab7fb6c)
Hans Dedecker [Tue, 17 Jul 2018 11:42:17 +0000 (13:42 +0200)]
dnsmasq: don't use network functions at boottime (FS#1542)
As dnsmasq is started earlier than netifd usage of network.sh functions
at boottime will fail; therefore don't call at boottime the functions
which construct the dhcp pool/relay info.
As interface triggers are installed the dhcp pool/relay info will be
constructed when the interface gets reported as up by netifd.
At the same time also register interface triggers based on DHCP relay
config.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit
2336b942b37f265c59547d738ca558b61102833d)
Kevin Darbyshire-Bryant [Sun, 3 Jun 2018 03:44:12 +0000 (04:44 +0100)]
dnsmasq: bump to latest patches on 2.80rc2
Refresh patches and backport upstream to current HEAD:
a997ca0 Fix sometimes missing DNSSEC RRs when DNSSEC validation not enabled.
51e4eee Fix address-dependent domains for IPv6.
05ff659 Fix stupid infinite loop introduced by preceding commit.
db0f488 Handle some corner cases in RA contructed interfaces with addresses changing interface.
7dcca6c Warn about the impact of cache-size on performance.
090856c Allow zone transfer in authoritative mode whenever auth-peer is specified.
cc5cc8f Sane error message when pcap file header is wrong.
c488b68 Handle standard and contructed dhcp-ranges on the same interface.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
fbf475403b911f46e91b57fb7a6cf3c65276464c)
Rafał Miłecki [Fri, 27 Jul 2018 13:57:13 +0000 (15:57 +0200)]
brcm47xx: revert upstream commit breaking BCM4718A1
This fixes kernel hang when booting on BCM4718A1 (& probably BCM4717A1).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
4c1aa64b4d804e77dfaa8d53e5ef699fcced4b18)
Rafał Miłecki [Thu, 26 Jul 2018 20:43:18 +0000 (22:43 +0200)]
mac80211: backport brcmfmac fixes & debugging helpers from 4.18
The most important is probably regression fix in handling platform
NVRAM. That bug stopped hardware from being properly calibrated breaking
e.g. 5 GHz for Netgear R8000.
Other than that it triggers memory dumps when experiencing firmware
problems which is important for debugging purposes.
Fixes: 2811c97803e5 ("mac80211: backport brcmfmac firmware & clm_blob loading rework")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
b26214adb53da2816ff830b6cd6e31e1dafa2635)
Jo-Philipp Wich [Tue, 26 Jun 2018 12:46:00 +0000 (14:46 +0200)]
odhcpd: update to latest git HEAD
Changes:
81a281e dhcpv6-ia: fix border assignment size setting
a2ffc59 dhcpv6-ia: fix status code for not on link IAs
5b087a6 dhcpv6-ia: improve error checking in assign_pd()
c9114a1 config: fix wrong assignment
bb8470f dhcpv4: delay forced renew transaction start
62a1b09 dhcpv4: fix DHCP address space logic
d5726ff dhcpv4: improve logging when sending DHCP messages
9484351 odhcpd: call handle_error when socket error can be retrieved
c45e2eb dhcpv6: fix out of bounds write in handle_nested_message()
c2ff5af dhcpv6-ia: log renew messages as well
676eb38 router: fix possible segfault in send_router_advert()
392701f odhcpd: fix passing possible negative parameter
029123b treewide: switch to C-code style comments
6b79748 router: improve error checking
12e21bc netlink: fix incorrect sizeof argument
d7aa414 dhcpv6: improve error checking in dhcpv6_setup_interface()
373495a ubus: fix invalid ipv6-prefix json
79d5e6f ndp: improve error checking
d834ae3 dhcpv4: fix error checking in dhcpv4_setup_interface()
f2aa383 dhcpv4: fix out of bound access in dhcpv4_put
4591b36 dhcpv4: improve error checking in dhcpv4_setup_interface()
4983ee5 odhcpd: fix strncpy bounds
c0f6390 odhcpd: Check if open the ioctl socket failed
345bba0 dhcpv4: improve error checking in handle_dhcpv4()
44cce31 ubus: avoid dumping interface state with NULL message
Cherry picked and squashed from commits:
b7ef10cbf0 odhcpd: update to latest git HEAD
98a6bee09a odhcpd: update to latest git HEAD
88c88823d5 odhcpd: update to latest git HEAD
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 26 Jul 2018 14:48:07 +0000 (16:48 +0200)]
ubus: update to latest git HEAD
40e0931 libubus: pass an empty UBUS_ATTR_DATA block if msg is NULL on invoke
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
7316515891532a9d5f0b70db31a95d06f7b00e94)
Hans Dedecker [Fri, 25 May 2018 12:29:58 +0000 (14:29 +0200)]
firewall: update to latest git HEAD and build with LTO
Reduces .ipk size on MIPS from 41.6k to 41.1k
Changes:
30463d0 zones: add interface/subnet bound LOG rules
0e77bf2 options: treat time strings as UTC times
d2bbeb7 firewall3: make reject types selectable by user
aa8846b ubus: avoid dumping interface state with NULL message
Cherry picked and squashed from commits:
a3f2451fba firewall: update to latest git HEAD
433d71e73e fw3: update to latest git HEAD
ef96d1e34a firewall: compile with LTO enabled
1e83f775a3 firewall3: update to latest git HEAD
3ee2c76ae0 firewall: update to latest git HEAD
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
John Crispin [Wed, 25 Jul 2018 10:15:45 +0000 (12:15 +0200)]
ubus: update to latest git HEAD
884be45 libubus: check for non-NULL data before running callbacks
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit
a5c3bbaf56d6fb442ea16f26042cec83c7c00454)
John Crispin [Wed, 25 Jul 2018 10:03:18 +0000 (12:03 +0200)]
libubox: update to latest git HEAD
c83a84a fix segfault when passed blobmsg attr is NULL
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit
5dc32620c4aa66d05eb5585784ed954854e8194c)
Aleksandr V. Piskunov [Sun, 1 Jul 2018 12:40:31 +0000 (15:40 +0300)]
wireguard-tools: add wireguard_watchdog script
This watchdog script tries to re-resolve hostnames for inactive WireGuard peers.
Use it for peers with a frequently changing dynamic IP.
persistent_keepalive must be set, recommended value is 25 seconds.
Run this script from cron every minute:
echo '* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root
Signed-off-by: Aleksandr V. Piskunov <aleksandr.v.piskunov@gmail.com>
[bump the package release]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
20c4819c7baf6f9b91420849caf30e5137bd75d6)
Jason A. Donenfeld [Wed, 18 Jul 2018 23:36:33 +0000 (01:36 +0200)]
wireguard: bump to 0.0.
20180718
80b41cd version: bump snapshot
fe5f0f6 recieve: disable NAPI busy polling
e863f40 device: destroy workqueue before freeing queue
81a2e7e wg-quick: allow link local default gateway
95951af receive: use gro call instead of plain call
d9501f1 receive: account for zero or negative budget
e80799b tools: only error on wg show if all interfaces failk
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
[Added commit log to commit description]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
57b808ec88315db6743b3159a04dbb16097597ea)
Jason A. Donenfeld [Tue, 10 Jul 2018 19:29:18 +0000 (21:29 +0200)]
wireguard: bump to 0.0.
20180708
* device: print daddr not saddr in missing peer error
* receive: style
Debug messages now make sense again.
* wg-quick: android: support excluding applications
Android now supports excluding certain apps (uids) from the tunnel.
* selftest: ratelimiter: improve chance of success via retry
* qemu: bump default kernel version
* qemu: decide debug kernel based on KERNEL_VERSION
Some improvements to our testing infrastructure.
* receive: use NAPI on the receive path
This is a big change that should both improve preemption latency (by not
disabling it unconditionally) and vastly improve rx performance on most
systems by using NAPI. The main purpose of this snapshot is to test out this
technique.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit
4630159294024c0718077e49dbb440919440de87)
Jo-Philipp Wich [Sat, 21 Jul 2018 18:47:10 +0000 (20:47 +0200)]
build: do not alter global default package selection from profiles
This partly reverts
ca32373c951c651f4fe5d8f99ddeb8d4f20bbe3e which lets
profiles that suppress packages to alter the package selection for all
devices of the target when building with CONFIG_TARGET_PER_DEVICE_ROOTFS.
In particular, this caused the brcm47xx Edimax PS-1208MFG profile to
disable mtd, dropbear, firewall and other essential packages for all
brcm47xx/generic builds.
To solve this problem, prevent profiles from mangling the global
DEFAULT_PACKAGES selection and restrict the supression of negated
packages to the local PACKAGE variable list only.
Fixes
ca32373c95 ("target.mk: let profile remove from DEFAULT_PACKAGES")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
69ea512c62619b8b650d4e03d071b36a526734ce)
Tim Small [Wed, 4 Jul 2018 13:05:18 +0000 (14:05 +0100)]
WDR4900v1 remove dt node for absent hw crypto.
The WDR4900v1 uses the P1040 SoC, so the device tree pulls in the
definition for the related P1010 SoC. However, the P1040 lacks the
CAAM/SEC4 hardware crypto accelerator which the P1010 device tree
defines. If left defined, this causes the CAAM drivers (if present) to
attempt to use the non-existent device, making various crypto-related
operations (e.g. macsec and ipsec) fail.
This commit overrides the incorrect dt node definition in the included
file.
See also:
- https://bugs.openwrt.org/index.php?do=details&task_id=1262
- https://community.nxp.com/thread/338432#comment-474107
Signed-off-by: Tim Small <tim@seoss.co.uk>
(cherry picked from commit
e97aaf483c71fd5e3072ec2dce53354fc97357c9)
Kevin Darbyshire-Bryant [Fri, 20 Jul 2018 15:12:37 +0000 (16:12 +0100)]
iproute2: tc: backport canonical cake support
iproute2's tc was updated to support the recently upstreamed cake qdisc.
Backport this canonical support from upstream into iproute2 v4.16
There is no kernel kmod/userspace tc ABI change in this release from the
previous package bump, so everyone can breath a sigh of relief.
This is largely a code style change, the exception to prove the rule:
option 'autorate_ingress' has been changed to 'autorate-ingress' to fit
in with upstream option naming expectations.
No openwrt package (e.g. sqm-scripts) has knowledge of
'autorate_ingress' thus only users who made their own scripts or used
it within the 'dangerous configuration' options of sqm-scripts will be
affected.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Felix Fietkau [Fri, 20 Jul 2018 08:40:43 +0000 (10:40 +0200)]
build: fix compile error when a package includes itself in PROVIDES
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
7c306ae640feb4d42b352175de27b034bd917938)
Christian Lamparter [Mon, 16 Jul 2018 20:56:34 +0000 (22:56 +0200)]
apm821xx: fix sata access freezes
The original vendor's driver programmed the dma controller's
AHB HPROT values to enable bufferable, privileged mode. This
along with the "same priorty for both channels" fixes the
freezes according to @takimata, @And.short, that have been
reported on the forum by @ticerex.
Furtheremore, @takimata reported that the patch also improved
the performance of the HDDs considerably:
|<https://forum.lede-project.org/t/wd-mybook-live-duo-two-disks/16195/55>
|It seems your patch unleashed the full power of the SATA port.
|Where I was previously hitting a really hard limit at around
|82 MB/s for reading and 27 MB/s for writing, I am now getting this:
|
|root@OpenWrt:/mnt# time dd if=/dev/zero of=tempfile bs=1M count=1024
|1024+0 records in
|1024+0 records out
|real 0m 13.65s
|user 0m 0.01s
|sys 0m 11.89s
|
|root@OpenWrt:/mnt# time dd if=tempfile of=/dev/null bs=1M count=1024
|1024+0 records in
|1024+0 records out
|real 0m 8.41s
|user 0m 0.01s
|sys 0m 4.70s
|
|This means: 121 MB/s reading and 75 MB/s writing!
|
|[...]
|
|The drive is a WD Green WD10EARX taken from an older MBL Single.
|I repeated the test a few times with even larger files to rule out
|any caching, I'm still seeing the same great performance. OpenWrt is
|now completely on par with the original MBL firmware's performance.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Luiz Angelo Daros de Luca [Tue, 17 Jul 2018 22:41:09 +0000 (19:41 -0300)]
base-files: fix wrong sysctl parameter order
Restarting service sysctl echos multiple errors like:
sysctl: -e: No such file or directory
After the first filename, all remaining arguments are treated
as files.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Kevin Darbyshire-Bryant [Wed, 18 Jul 2018 16:51:59 +0000 (17:51 +0100)]
igmpproxy: run in foreground for procd
procd needs processes to stay in foreground to remain under its gaze and
control. Failure to do so means service stop commands fail to actually
stop the process (procd doesn't think it's running 'cos the process has
exited already as part of its forking routing)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
9d5a2469304eb23b6d09432a6d9b6a57d0019d2a)
Jo-Philipp Wich [Tue, 17 Jul 2018 12:40:04 +0000 (14:40 +0200)]
mediatek: fix parallel build issues in image build code
Drop the parallel-unsafe custom Build/dtb macro and use the .dtb artifacts
produced by the generic image build code.
Also remove unused .dtb references in the mt7623 subtarget.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit
8194f9ef4a5ab4587e8f6cf1aec96ba89c5766fd)
Rafał Miłecki [Sun, 15 Jul 2018 21:23:42 +0000 (23:23 +0200)]
mtd: improve check for TRX header being already fixed
First of all lengths should be compared after checking all blocks for
being good/bad. It's because requested length may differ from a final
one if there were some bad blocks.
Secondly it makes sense to also compare crc32 since we already have a
new one calculated.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
82498a7f7aa86ad0e93ef60d50dccaa0a9549e4c)
Rafał Miłecki [Sun, 15 Jul 2018 14:51:41 +0000 (16:51 +0200)]
mtd: support bad blocks within the mtd_fixtrx()
Reading MTD data with (p)read doesn't return any error when accessing
bad block. As the result, with current code, CRC32 covers "data" stored
in bad blocks.
That behavior doesn't match CFE's one (bootloader simply skips bad
blocks) and may result in:
1) Invalid CRC32
2) CFE refusing to boot firmware with a following error:
Boot program checksum is invalid
Fix that problem by checking every block before reading its content.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
0f54489f754e7bd34e0430c57a11b6a54740d58e)
Kevin Darbyshire-Bryant [Sun, 15 Jul 2018 10:01:15 +0000 (11:01 +0100)]
kmod-sched-cake: bump to
20180716
Bump to the latest cake recipe.
This backports tc class support to kernel 4.9 and other than conditional
kernel compilation pre-processor macros represents the cake that has
gone upstream into kernel 4.19. Loud cheer!
Fun may be had by changing cake tin classification for packets on
ingress. e.g.
tc filter add dev ifb4eth0 parent 800b: protocol ip u32 match \
ip dport 6981 0xffff action skbedit priority 800b:1
Where 800b: represents the filter handle for the ifb obtained by 'tc
qdisc' and the 1 from 800b:1 represents the cake tin number. So the
above example puts all incoming packets destined for port 6981 into the
BULK (lowest priority) tin.
f39ab9a Obey tin_order for tc filter classifiers
1e2473f Clean up after latest backport.
82531d0 Reorder includes to fix out of tree compilation
52cbc00 Code style cleanup
6cdb496 Fix argument order for NL_SET_ERR_MSG_ATTR()
cab17b6 Remove duplicate call to qdisc_watchdog_init()
71c7991 Merge branch 'backport-classful'
32aa7fb Fix compilation on Linux 4.9
9f8fe7a Fix compilation on Linux 4.14
ceab7a3 Rework filter classification
aad5436 Fixed version of class stats
be1c549 Add cake-specific class stats
483399d Use tin_order for class dumps
80dc129 Add class dumping
0c8e6c1 Fix dropping when using filters
c220493 Add the minimum class ops
5ed54d2 Start implementing tc filter/class support
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
c729c43b391e759b6700b28c8e02ba93fe15f8c2)
Tony Ambardar [Fri, 8 Jun 2018 11:34:00 +0000 (04:34 -0700)]
qos-scripts: fix uci callback handling
The previous callback code was fragile, dependent on some UCI callback
bugs and side-effects now fixed in master commit
73d8a6ab.
Update scripts to use callbacks where appropriate and necessary, while
using normal UCI config parsing for all else. This results in smaller,
simpler, more robust code. Use callbacks in generate.sh to only process
'interface' defaults and the varying entries for 'reclassify', 'default'
and 'classify' sections. Also switch qos-stat to use non-callback UCI
handling.
The current changes work independently of
73d8a6ab (i.e. both before and
after), and are consistent with UCI config parsing documentation.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Tony Ambardar [Thu, 8 Mar 2018 05:00:45 +0000 (21:00 -0800)]
base-files: fix UCI config parsing and callback handling
There are several long-standing issues present in the UCI shell API as
documented in https://wiki.openwrt.org/doc/devel/config-scripting. They
relate both to high-level, user-defined callback functions used to
process UCI config files, and also to low-level functions used within
scripts generally.
The related problems have been encountered now and in the past, e.g.
https://forum.openwrt.org/viewtopic.php?id=54295, and include:
a) UCI parsing option() function and user-defined option_cb() callbacks
being erroneously called during processing of "list" config file entries;
b) normal usage of the low-level config_set() unexpectedy calling any
defined option_cb() if present; and
c) handling of the list_cb() not respecting the NO_CALLBACK variable.
Root causes include a function stack "inversion", where the low-level
config_set() function incorrectly calls the high-level option() function,
intended only for processing the "option" keyword of UCI config files.
This change addresses the inversion and other issues, making the option
handling code more consistent and smaller, and simplifying developers'
usage of UCI callbacks.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
Christian Lamparter [Sat, 14 Jul 2018 15:21:55 +0000 (17:21 +0200)]
apm821xx: fix usb-otg on 4.14
Starting with 4.14, the "amcc,dwc-otg" needs to be used
in order to get the usb-otg to work.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit
12b80f1cabf0a7995637fc9b0831b3e9f881f9e6)
Hans Dedecker [Sun, 15 Jul 2018 19:53:25 +0000 (21:53 +0200)]
odhcp6c: add noserverunicast config option for broken DHCPv6 servers
Fix broken DHCPv6 servers which provide the server unicast option but
do not reply on DHCPv6 renew messages directed to the IPv6 address
contained in the server unicast option which results in broken IPv6
connectivity.
67ae6a7 odhcp6c: add option to ignore Server Unicast option
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Wed, 20 Jun 2018 13:34:18 +0000 (15:34 +0200)]
odhcp6c: update to latest git HEAD
b99c1f6 odhcp6c: remove len check in option parsing handle
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Mon, 11 Jun 2018 13:44:50 +0000 (15:44 +0200)]
odhcp6c: user string option support
ca8822b odhcp6c: add support for user string options
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
David Bauer [Tue, 12 Jun 2018 23:37:55 +0000 (01:37 +0200)]
ipq40xx: add get_status_led to diag.sh
This commit adds the get_status_led method to diag.sh, which sets the
boot-led as status-led for scripts using this method to get a
status-led.
This method is used platform-independent in downstream project gluon to
set the LED used to indicate the config-mode.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit
4fc005197a320ff728544eba8028f7a9f23e1868)
Jo-Philipp Wich [Sun, 15 Jul 2018 15:54:39 +0000 (17:54 +0200)]
OpenWrt v18.06.0-rc2: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Sun, 15 Jul 2018 15:54:33 +0000 (17:54 +0200)]
OpenWrt v18.06.0-rc2: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Mon, 2 Jul 2018 06:58:38 +0000 (08:58 +0200)]
uhttpd: update to latest Git head
db86175 lua: honour size argument in recv() function
d3b9560 utils: add uh_htmlescape() helper
8109b95 file: escape strings in HTML output
393b59e proc: expose HTTP Origin header in process environment
796d42b client: flush buffered SSL output when tearing down client ustream
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
b54bef205846e2b30da23c1316c4a9b941c5078d)
Matthias Schiffer [Sat, 14 Jul 2018 13:44:47 +0000 (15:44 +0200)]
include/prereq-build.mk: explicitly check for -f flag when using busybox time
On Debian, busybox does have a time applet, but it does not support the -f
flag. Catch this in prereq check to give users to proper error message.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
b123921a92a957f08abb186e041aa38aa9328f3e)
Matthias Schiffer [Sat, 14 Jul 2018 11:07:34 +0000 (13:07 +0200)]
include/kernel-build.mk: fix kernel rebuild on backport patch changes
An incorrect variable name was referenced in KERNEL_FILE_DEPENDS, leading
to the omission of the backport-* patch dirs in the generation of the
prepared stamp name.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
36fa1bbf6f510e57098edab3932015dc747bbd49)