openwrt/staging/neocturne.git
5 years agoipq40xx: speed up ath10k-caldata extraction
Christian Lamparter [Thu, 14 Feb 2019 18:06:47 +0000 (19:06 +0100)]
ipq40xx: speed up ath10k-caldata extraction

Reading and writing to and from flash storage is slow and currently,
the ath10kcal_extract() scripts are even more at an disadvantage
because they use a block size of 1 to be able skip.

This patch reworks the extraction scripts to be much faster and
efficient by reading and writing the calibration data in possibly
one big block.

before: (Tested on a RT-AC58U, which has SPI-NAND).

 # time dd if=/dev/ubi0_1 of=/lib/firmware/... bs=1 skip=4096 count=12064
12064+0 records in
12064+0 records out
real    0m 0.28s
user    0m 0.02s
sys     0m 0.24s

after:

 # time dd if=/dev/ubi0_1 of=/lib/firmware/... bs=12064 skip=4096 count=1 iflag=skip_bytes
1+0 records in
1+0 records out
real    0m 0.01s
user    0m 0.00s
sys     0m 0.00s

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
5 years agouqmi: fix PIN_STATUS_FAILED error with MC7455 WCDMA/LTE modem
Daniel Golle [Wed, 20 Feb 2019 14:12:44 +0000 (15:12 +0100)]
uqmi: fix PIN_STATUS_FAILED error with MC7455 WCDMA/LTE modem

Apparently this modem replies differently to attempted --get-pin-status
which makes the script fail if a pincode is set. Fix this.

Manufacturer: Sierra Wireless, Incorporated
Model: MC7455
Revision: SWI9X30C_02.24.05.06 r7040 CARMD-EV-FRMWR2 2017/05/19 06:23:09

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
5 years agohostapd: add Multi-AP patches and config options
Arnout Vandecappelle (Essensium/Mind) [Mon, 10 Dec 2018 16:02:27 +0000 (17:02 +0100)]
hostapd: add Multi-AP patches and config options

Cherry-pick Multi-AP commits from uptream:
 9c06f0f6a hostapd: Add Multi-AP protocol support
 5abc7823b wpa_supplicant: Add Multi-AP backhaul STA support
 a1debd338 tests: Refactor test_multi_ap
 bfcdac1c8 Multi-AP: Don't reject backhaul STA on fronthaul BSS
 cb3c156e7 tests: Update multi_ap_fronthaul_on_ap to match implementation
 56a2d788f WPS: Add multi_ap_subelem to wps_build_wfa_ext()
 83ebf5586 wpa_supplicant: Support Multi-AP backhaul STA onboarding with WPS
 66819b07b hostapd: Support Multi-AP backhaul STA onboarding with WPS
 8682f384c hostapd: Add README-MULTI-AP
 b1daf498a tests: Multi-AP WPS provisioning

Add support for Multi-AP to the UCI configuration. Every wifi-iface gets
an option 'multi_ap'. For APs, its value can be 0 (multi-AP support
disabled), 1 (backhaul AP), 2 (fronthaul AP), or 3 (fronthaul + backhaul
AP). For STAs, it can be 0 (not a backhaul STA) or 1 (backhaul STA, can
only associate with backhaul AP).

Also add new optional parameter to wps_start ubus call of
wpa_supplicant to indicate that a Multi-AP backhaul link is required.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
5 years agomac80211: rt2x00: replace pending by merged patches
Daniel Golle [Tue, 19 Feb 2019 17:30:24 +0000 (18:30 +0100)]
mac80211: rt2x00: replace pending by merged patches

Those have by now been merged into wireless-drivers-next:
 17ae2acd1a6f rt2x00: remove unneeded check
 5991a2ecd070 rt2x00: remove confusing AGC register
 9ad3b5565445 rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band
 7aca14885ede rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620
 c7ff1bfeaf1c rt2800: comment and simplify AGC init for RT6352

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
5 years agox86: Make kmod-drm-radeon and kmod-drm-amdgpu depend on x86
Hauke Mehrtens [Tue, 19 Feb 2019 22:03:15 +0000 (23:03 +0100)]
x86: Make kmod-drm-radeon and kmod-drm-amdgpu depend on x86

Currently these kernel packages only work on x86, restrict them to that
target.

Fixes: 2f239c02a031 ("x86: video: add amdgpu DRM kernel package")
Fixes: 2f6918ee9be9 ("x86: video: add radeon DRM module support")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
5 years agogeneric: kernel: Add missing config option
Pawel Dembicki [Mon, 18 Feb 2019 20:49:53 +0000 (20:49 +0000)]
generic: kernel: Add missing config option

DRM packages break modules compilation for sunxi target,
cortexa7 and cortexa8 subtargets.

This patch add missing symbol to generic config.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
5 years agoRevert "iproute2: use tc package variant to limit other package sizes"
Hans Dedecker [Tue, 19 Feb 2019 14:15:54 +0000 (15:15 +0100)]
Revert "iproute2: use tc package variant to limit other package sizes"

This reverts commit e6d84fa8864e7bbbcec139dd09a2922a06f5b2a0 as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma
for the ip-full variant

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agoRevert "iproute2: simplify linking libelf for eBFP/XDP object file support"
Hans Dedecker [Tue, 19 Feb 2019 14:14:42 +0000 (15:14 +0100)]
Revert "iproute2: simplify linking libelf for eBFP/XDP object file support"

This reverts commit 26681fa6a6fcbec0024906eb8367e9a3160521fb as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma
for the ip-full variant

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agoRevert "iproute2: tc: enable and fix support for using .so plugins"
Hans Dedecker [Tue, 19 Feb 2019 14:12:53 +0000 (15:12 +0100)]
Revert "iproute2: tc: enable and fix support for using .so plugins"

This reverts commit fc80ef3613465e60257a5ddf0674debe45b09180 as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and
rdma for the ip-full variant

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agoRevert "iproute2: tc: reduce size of dynamic symbol table"
Hans Dedecker [Tue, 19 Feb 2019 14:10:45 +0000 (15:10 +0100)]
Revert "iproute2: tc: reduce size of dynamic symbol table"

This reverts commit 248797834bf21916ddf663edc96d86ee5377850e as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma
for the ip-full variant

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agoarmvirt: 32: enable CONFIG_ARM_LPAE
Yousong Zhou [Sat, 16 Feb 2019 10:36:55 +0000 (10:36 +0000)]
armvirt: 32: enable CONFIG_ARM_LPAE

This is required for running armvirt_32 on QEMU 3.0 [1], otherwise the
kernel will emit the following complaint and virtio-net-pci devices will
fail to be initialized

        [    1.124214] OF: PCI: host bridge /pcie@10000000 ranges:
        [    1.125093] OF: PCI:    IO 0x3eff0000..0x3effffff -> 0x00000000
        [    1.125942] OF: PCI:   MEM 0x10000000..0x3efeffff -> 0x10000000
        [    1.126403] OF: PCI:   MEM 0x8000000000..0xffffffffff -> 0x8000000000
        [    1.127748] pci-host-generic 4010000000.pcie: can't claim ECAM area [mem 0x10000000-0x1fffffff]: address conflict with /pcie@10000000 [mem 0x10000000-0x3efeffff]
        [    1.129752] pci-host-generic: probe of 4010000000.pcie failed with error -16

Running QEMU with "-M virt,highmem=off" is an option, but "highmem" was only
introduced as a default on flag since QEMU 2.5.0 and QEMU will fail and quit on
encounter of unknown flags

 [1] Armv7 guest fails to boot with qemu-3.0.0-1,
     https://bugzilla.redhat.com/show_bug.cgi?id=1633328#c5

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
5 years agoarmvirt: 32: refresh kernel config
Yousong Zhou [Sat, 16 Feb 2019 10:36:07 +0000 (10:36 +0000)]
armvirt: 32: refresh kernel config

The diff was genereated by running the following command without
actually changing any kernel config options

make kernel_menuconfig CONFIG_TARGET=subtarget

Here are some initial findings on the change

 - CONFIG_ARCH_OPTIONAL_KERNEL_RWX is now arch default
 - CONFIG_ARM_GIC_V3_ITS is selected by CONFIG_ARCH_VIRT
 - CONFIG_CPU_SPECTRE is select by CONFIG_CPU_V7
 - CONFIG_TIMER_OF is now a arch default
 - CONFIG_TIMER_PROBE is select by CONFIG_TIMER_OF

The following options should probably be moved to generic config

 - CONFIG_MIGRATION is a default on option
 - CONFIG_TREE_SRCU is a default on option for !PREEMPT && SMP system
 - CONFIG_RCU_NEED_SEGCBLIST

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
5 years agodnsmasq: allow using dnsmasq as the sole resolver
Yousong Zhou [Mon, 18 Feb 2019 14:11:19 +0000 (14:11 +0000)]
dnsmasq: allow using dnsmasq as the sole resolver

Currently it seems impossible to configure /etc/config/dhcp to achieve
the following use case

 - run dnsmasq with no-resolv
 - re-generate /etc/resolv.conf with "nameserver 127.0.0.1"

Before this change, we have to set resolvfile to /tmp/resolv.conf.auto
to achive the 2nd effect above, but setting resolvfile requires noresolv
being false.

A new boolean option "localuse" is added to indicate that we intend to
use dnsmasq as the local dns resolver.  It's false by default and to
align with old behaviour it will be true automatically if resolvfile is
set to /tmp/resolv.conf.auto

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agomac80211: rt2x00: backport accepted and pending patches from upstream
Daniel Golle [Wed, 13 Feb 2019 18:47:18 +0000 (19:47 +0100)]
mac80211: rt2x00: backport accepted and pending patches from upstream

backport from wireless-drivers-next, replacing some existing patches in
our tree (marked with '=' are those which were already present):
 f483039cf51a rt2x00: use simple_read_from_buffer()
=5c656c71b1bf rt2800: move usb specific txdone/txstatus routines to rt2800lib
=0b0d556e0ebb rt2800mmio: use txdone/txstatus routines from lib
=5022efb50f62 rt2x00: do not check for txstatus timeout every time on tasklet
=adf26a356f13 rt2x00: use different txstatus timeouts when flushing
=0240564430c0 rt2800: flush and txstatus rework for rt2800mmio
 6eba8fd22352 rt2x00: rt2400pci: mark expected switch fall-through
 10bb92217747 rt2x00: rt2500pci: mark expected switch fall-through
 916e6bbcfcff rt2x00: rt2800lib: mark expected switch fall-throughs
 641dd8068ecb rt2x00: rt61pci: mark expected switch fall-through
 750afb08ca71 cross-tree: phase out dma_zalloc_coherent()
=c2e28ef7711f rt2x00: reduce tx power to nominal level on RT6352
 a4296994eb80 rt2x00: Work around a firmware bug with shared keys
 2587791d5758 rt2x00: no need to check return value of debugfs_create functions

pending on linux-wireless:
 rt2x00: remove unneeded check
 rt2x00: remove confusing AGC register
 rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band
 rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620
 rt2800: comment and simplify AGC init for RT6352
 rt2x00: do not print error when queue is full
 rt2800: partially restore old mmio txstatus behaviour
 rt2800: new flush implementation for SoC devices
 rt2800: move txstatus pending routine
 rt2800mmio: fetch tx status changes
 rt2800mmio: use timer and work for handling tx statuses timeouts
 rt2x00: remove last_nostatus_check
 rt2x00: remove not used entry field
 rt2x00mmio: remove legacy comment

While at it also rename some existing patches now that there are
separate folders with patches for each driver to make things a bit
nicer to handle.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
5 years agoodhcpd: update to latest git HEAD
Hans Dedecker [Mon, 18 Feb 2019 14:21:06 +0000 (15:21 +0100)]
odhcpd: update to latest git HEAD

1f01299 config: fix build failure in case DHCPv4 support is disabled
67b3a14 dhcpv4: fix assignment of requested IP address
ca8ba91 dhcp: rework static lease logic
36833ea dhcpv6: rapid commit support
1ae316e dhcpv6: fix parsing of DHCPv6 relay messages
80157e1 dhcpv4: fix compile issue
671ccaa dhcpv6-ia: move function definitions to odhcpd.h
0db69b0 dhcpv6: improve code readibility
7847b27 treewide: unify dhcpv6 and dhcpv4 assignments
a54cee0 netlink: rework handling of netlink messages
9f25dd8 treewide: use avl tree to store interfaces
f21a0a7 treewide: align syslog tracing
edc5fb0 dhcpv6-ia: add full CONFIRM support
9d6eadf dhcpv6-ia: rework append_reply()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agobuild: Fix print without color
Hauke Mehrtens [Sun, 17 Feb 2019 18:29:08 +0000 (19:29 +0100)]
build: Fix print without color

The original patch removed the printing completely, just remove the
color.

Fixes: eabc1ddc4541 ("build: Honour NO_COLOR in include/scan.mk")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
5 years agotoolchain/binutils: Remove 2.30
Daniel Engberg [Thu, 8 Nov 2018 23:36:21 +0000 (00:36 +0100)]
toolchain/binutils: Remove 2.30

Remove binutils 2.30

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
5 years agosamba36: allow build with no ipv6 support
Rosy Song [Mon, 7 Jan 2019 06:24:47 +0000 (14:24 +0800)]
samba36: allow build with no ipv6 support

Signed-off-by: Rosy Song <rosysong@rosinson.com>
5 years agouboot-kirkwood: update to 2019.01
Paul Wassi [Thu, 27 Dec 2018 13:38:46 +0000 (14:38 +0100)]
uboot-kirkwood: update to 2019.01

Update U-Boot to current 2019.01 release for kirkwood platform

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
5 years agokirkwood: add kernel 4.19 support
Paul Wassi [Thu, 27 Dec 2018 14:39:36 +0000 (15:39 +0100)]
kirkwood: add kernel 4.19 support

Add patches for 4.19
Drop patch 200-disable-tso, as the packet corruption was fixed in
kernel commit 3b89624ab54b9dc2d92fc08ce2670e5f19ad8ec8

Restructure the DTS for Marvell switch in 104-ea3500 and 105-ea4500
to fix DTC warning.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
5 years agokernel: Added required dependencies for socket match.
Oldřich Jedlička [Tue, 29 Jan 2019 21:25:33 +0000 (22:25 +0100)]
kernel: Added required dependencies for socket match.

This applies to kernel 4.10 and newer.

See https://github.com/torvalds/linux/commit/8db4c5be88f62ffd7a552f70687a10c614dc697b

The above commit added to kernel 4.10 added new dependency
for building the NETFILTER_XT_MATCH_SOCKET (xt_socket.ko)
module. The NF_SOCKET_IPVx options (both of them) need to
be enabled in order to build the NETFILTER_XT_MATCH_SOCKET
module. Without the change the module is not built.

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
5 years agox86: video: disable buildtin amdgpu DRM driver
Lucian Cristian [Wed, 6 Feb 2019 11:42:56 +0000 (13:42 +0200)]
x86: video: disable buildtin amdgpu DRM driver

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
5 years agox86: video: add amdgpu DRM kernel package
Lucian Cristian [Wed, 6 Feb 2019 11:38:05 +0000 (13:38 +0200)]
x86: video: add amdgpu DRM kernel package

build amdgpu kernel as modules so it will find the firmware files

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
5 years agox86: DRM: add x64 subtarget support
Lucian Cristian [Mon, 4 Feb 2019 10:49:23 +0000 (12:49 +0200)]
x86: DRM: add x64 subtarget support

copy settings from generic subtarget

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
5 years agox86: video: disable builtin radeon DRM driver
Lucian Cristian [Sun, 3 Feb 2019 16:57:30 +0000 (18:57 +0200)]
x86: video: disable builtin radeon DRM driver

builtin driver can't access the /lib/firmware while booting,
module driver will be able to read and load the firmware files

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
5 years agox86: video: add radeon DRM module support
Lucian Cristian [Sun, 3 Feb 2019 16:53:48 +0000 (18:53 +0200)]
x86: video: add radeon DRM module support

add radeon module support so firmware can be loaded from userland

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
5 years agolinux-firmware: DRM: add amdgpu firmware
Lucian Cristian [Tue, 5 Feb 2019 22:08:10 +0000 (00:08 +0200)]
linux-firmware: DRM: add amdgpu firmware

add firmware needed for amdgpu DRM display

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
5 years agolinux-firmware: DRM: add radeon firmware
Lucian Cristian [Sun, 3 Feb 2019 16:44:16 +0000 (18:44 +0200)]
linux-firmware: DRM: add radeon firmware

add firmware needed for radeon DRM display

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
5 years agostrace: Only allow libdw or libunwind
Hauke Mehrtens [Sat, 16 Feb 2019 22:43:50 +0000 (23:43 +0100)]
strace: Only allow libdw or libunwind

These two dependencies are mutual exclusive and it is only possible to
select one of them, change the select to a chose so it is only possible
to select one of them in OpenWrt menu config.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
5 years agostrace: fix configuration options
Peter Wagner [Sun, 10 Feb 2019 13:46:47 +0000 (14:46 +0100)]
strace: fix configuration options

Signed-off-by: Peter Wagner <tripolar@gmx.at>
5 years agoelfutils: fix DEPENDS for libelf
Peter Wagner [Sun, 10 Feb 2019 13:45:32 +0000 (14:45 +0100)]
elfutils: fix DEPENDS for libelf

Signed-off-by: Peter Wagner <tripolar@gmx.at>
5 years agobuild: Accept BIN_DIR parameter for legacy-images
Sven Eckelmann [Mon, 11 Feb 2019 15:26:42 +0000 (16:26 +0100)]
build: Accept BIN_DIR parameter for legacy-images

BIN_DIR can be set to overwrite the output path for new images. This is an
advertised feature for the imagebuilder and is used by systems like
LibreMesh's chef.

The legacy images are build using a new sub-make which doesn't receive the
variable overwrites of the parent make process. As result, the BIN_DIR is
automatically defined to the default value from rules.mk. The images will
therefore not be placed in the output path which was selected by the user.

Providing BIN_DIR as an explicit variable override to the sub-make works
around this problem.

Fixes: 26c771452cd8 ("image.mk: add LegacyDevice wrapper to allow legacy image building code to be used for device profiles")
Reported-by: Paul Spooren <mail@aparcar.org>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
5 years agokernel: disable CONFIG_USB_IMX21_HCD in default for kernel 4.14
Yangbo Lu [Fri, 15 Feb 2019 03:03:14 +0000 (11:03 +0800)]
kernel: disable CONFIG_USB_IMX21_HCD in default for kernel 4.14

CONFIG_USB_IMX21_HCD should be handled in generic config and
module package. So moved it into generic config.
This also fixed build issue (kernel config question) of layerscape
armv8_32b since it also used ARCH_MXC.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[Deactivate CONFIG_USB_IMX21_HCD also for kernel 4.19]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
5 years agosunxi: fix: A64 unstable timer
Oskari Lemmela [Sun, 27 Jan 2019 18:20:18 +0000 (20:20 +0200)]
sunxi: fix: A64 unstable timer

Backport A64 unstable timer patches from linux 5.1

Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
[Split the single patch into the two original patches]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
5 years agosunxi: add support for Sinovoip Banana Pi M2 Plus
Pawel Dembicki [Fri, 15 Feb 2019 15:08:53 +0000 (16:08 +0100)]
sunxi: add support for Sinovoip Banana Pi M2 Plus

CPU: H3 Quad-core Cortex-A7 H.265/HEVC 4K @ 1.2 Ghz
GPU: Mali400MP2 GPU @ 600MHz (supports OpenGL ES 2.0)
Memory: 1GB DDR3 (shared with GPU)
Onboard: Storage TF card (Max. 64GB) / MMC card slot
Onboard: Network 10/100M Ethernet RJ45 (Realtek RTL8211E)
Onboard: Network BT4.0/WiFi 802.11 b/g/n (Ampak AP6212)
Onboard header: SPI, I2C, GPIO, UART
USB 2.0: Two USB 2.0 HOST, One USB 2.0 OTG

Untested:
Audio, Video

Not working:
Bluetooth

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
5 years agolinux-firmware: broadcom: package 43430a0 FullMAC firmware
Pawel Dembicki [Fri, 15 Feb 2019 15:05:43 +0000 (16:05 +0100)]
linux-firmware: broadcom: package 43430a0 FullMAC firmware

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
5 years agoopenssl: patch to fix devcrypto sessions leak
Eneas U de Queiroz [Fri, 15 Feb 2019 22:35:19 +0000 (22:35 +0000)]
openssl: patch to fix devcrypto sessions leak

Applies a patch from https://github.com/openssl/openssl/pull/8213
that fixes an error where open /dev/crypto sessions were not closed.
Thanks to Ansuel Smith for reporting it.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
5 years agobuild: Honour NO_COLOR in include/scan.mk
R. Diez [Mon, 21 Jan 2019 18:32:06 +0000 (18:32 +0000)]
build: Honour NO_COLOR in include/scan.mk

The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Hi all:

This is my first OpenWrt patch. I am a clean, pure newbie! 8-)

Honour NO_COLOR in Makefile function 'progress' in include/scan.mk, in the same way that include/verbose.mk does.

Signed-off-by: R. Diez <rdiezmail-openwrt@yahoo.com>
5 years agox86: image: add test module to bootloader
Tomasz Maciej Nowak [Sun, 13 Jan 2019 20:39:36 +0000 (21:39 +0100)]
x86: image: add test module to bootloader

It was previously added in 546fced, which was part of "intel-microcode:
load as early as possible" series.
Unfortunately the conditionals added to GRUB config caused error on boot,
because on sysupgrade, bootloader is not updated and is left with old
features/modules. Since this module is needed for early microcode load
and transition to this needs to be done step by step, enable the test
module now, so that every newly created image has it already embedded.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
5 years agobuild: remove leftovers from previous x86 commits
Tomasz Maciej Nowak [Sun, 13 Jan 2019 20:37:47 +0000 (21:37 +0100)]
build: remove leftovers from previous x86 commits

VBoxManage is not used and the image is created with proper permisions:
0f5d0f6  image: use internal qemu-img for vmdk and vdi images drop host
         dependencies on qemu-utils and VirtualBox

Unreachable config symbols:
9e0759e  x86: merge all geode based subtargets into one

No need to define those symbols since x86_64 is subtarget of x86:
196fb76  x86: make x86_64 a subtarget instead of a standalone target

Unreachable config symbols, so remove GRUB_ROOT:
371b382  x86: remove the xen_domu subtarget

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
5 years agoconfig: kernel: Fix missing symbol on brcm2708 with CGROUPS
Daniel F. Dickinson [Thu, 10 Jan 2019 03:08:26 +0000 (22:08 -0500)]
config: kernel: Fix missing symbol on brcm2708 with CGROUPS

When CGROUP block io is enabled a new symbol is exposed and needs to
be set or unset else kernel oldconfig hangs waiting for input during
normal OpenWrt builds.  Therefore add sane defaults for this symbol
in that case.  Also, the defaults brcm2708 are different than generic
defaults because the platform's defconfig enables BLK_DEV_THROTTLING
by default (in defconfig config from the patches used to match
upstream's kernel, not in OpenWrt config-4.xx).

Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
[make KERNEL_BLK_DEV_THROTTLING_LOW depend on KERNEL_BLK_DEV_THROTTLING]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
5 years agoar71xx: Fix 5 GHz MAC address for Archer C60 v2
Adrian Schmutzler [Sat, 26 Jan 2019 16:59:45 +0000 (17:59 +0100)]
ar71xx: Fix 5 GHz MAC address for Archer C60 v2

Looks like C60 v2 needs the MAC address to be calculated
manually, while the C60 v1 gets it correctly without manual
interference.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
5 years agokernel: Remove CONFIG_UDF_NLS for kernel 4.19
Rosen Penev [Wed, 13 Feb 2019 01:03:09 +0000 (17:03 -0800)]
kernel: Remove CONFIG_UDF_NLS for kernel 4.19

kernel 4.18 removed the symbol and made NLS implicit.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
5 years agomdadm: Update to 4.1
Rosen Penev [Thu, 14 Feb 2019 21:07:58 +0000 (13:07 -0800)]
mdadm: Update to 4.1

Tested on GnuBee PC1.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
5 years agoiw: update to 5.0.1
Deng Qingfang [Sat, 9 Feb 2019 06:18:41 +0000 (14:18 +0800)]
iw: update to 5.0.1

Refresh patches

MIPS IPK size increases:
iw-tiny: +3k
iw-full: +10k

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
[Remove sha256, nan, bloom, measurements and ftm from tiny version]
[sync nl80211 between backports and iw]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
5 years agomac80211: update to version 4.19.23-1
Hauke Mehrtens [Fri, 15 Feb 2019 17:43:55 +0000 (18:43 +0100)]
mac80211: update to version 4.19.23-1

This updates mac80211 to backports version 4.19.23-1 which includes all
the stable fixes from kernel 4.19.23.
The removed patches are included in this version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
5 years agodnsmasq: ensure test and rc order as older than final releases
Jonas Gorski [Sun, 17 Feb 2019 12:04:40 +0000 (13:04 +0100)]
dnsmasq: ensure test and rc order as older than final releases

Opkg treats text after a version number as higher than without:

 ~# opkg compare-versions "2.80rc1" "<<" "2.80"; echo $?
 1
 ~# opkg compare-versions "2.80rc1" ">>" "2.80"; echo $?
 0

This causes opkg not offering final release as upgradable version, and
even refusing to update, since it thinks the installed version is
higher.

This can be mitigated by adding ~ between the version and the text, as ~
will order as less than everything except itself. Since 'r' < 't', to
make sure that test will be treated as lower than rc we add a second ~
before the test tag. That way, the ordering becomes

  2.80~~test < 2.80~rc < 2.80

which then makes opkg properly treat prerelease versions as lower.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
5 years agohostapd: update the fix for a race condition in mesh new peer handling
Felix Fietkau [Sun, 17 Feb 2019 15:04:08 +0000 (16:04 +0100)]
hostapd: update the fix for a race condition in mesh new peer handling

Prevent the mesh authentication state machine from getting reset on bogus
new peer discovery

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 years agohostapd: enable CONFIG_DEBUG_SYSLOG for wpa_supplicant
Felix Fietkau [Sun, 17 Feb 2019 12:04:12 +0000 (13:04 +0100)]
hostapd: enable CONFIG_DEBUG_SYSLOG for wpa_supplicant

It was already enabled for wpad builds and since commit 6a15077e2d7fa
the script relies on it. Size impact is minimal (2 kb on MIPS .ipk).

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 years agoipset: add support for hash(ip,mac)
Alin Nastac [Thu, 7 Feb 2019 16:13:30 +0000 (17:13 +0100)]
ipset: add support for hash(ip,mac)

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agokernel: bump 4.19 to 4.19.23
Koen Vandeputte [Fri, 15 Feb 2019 10:09:35 +0000 (11:09 +0100)]
kernel: bump 4.19 to 4.19.23

Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.14 to 4.14.101
Koen Vandeputte [Fri, 15 Feb 2019 10:09:09 +0000 (11:09 +0100)]
kernel: bump 4.14 to 4.14.101

Refreshed all patches.

Fixes:
- CVE-2019-3819

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.158
Koen Vandeputte [Fri, 15 Feb 2019 10:05:42 +0000 (11:05 +0100)]
kernel: bump 4.9 to 4.9.158

Refreshed all patches.

Fixes:
- CVE-2019-3819

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agobusybox: update to 1.30.1
Hannu Nyman [Thu, 14 Feb 2019 18:51:10 +0000 (20:51 +0200)]
busybox: update to 1.30.1

Minor bugfix release. Fixes for
 * bc/dc
 * sed (backslash parsing for 'w' command)
 * ip (vlan fixes)
 * grep (fixes for -x -v)
 * ls (-i compat)

No need to refresh patches or config defaults

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
5 years agoipq40xx: fix ipq40xx_setup_macs for Linksys EA6350v3
Oever González [Thu, 14 Feb 2019 00:13:07 +0000 (18:13 -0600)]
ipq40xx: fix ipq40xx_setup_macs for Linksys EA6350v3

This commit fixes the script that sets the MAC address of the LAN
switch. The LAN MAC address should be the WAN MAC address plus one.

Without this patch the WAN and the LAN interface will use the same
MAC address and an error will be generated.

With this patch all interfaces will have a different MAC address,
consecutive in the following order: WAN, LAN, radio0 and radio1.

Signed-off-by: Oever González <notengobattery@gmail.com>
5 years agoipq8064: Enabling sata port ipq8064 based devices
Roman Glova [Tue, 12 Feb 2019 01:59:00 +0000 (20:59 -0500)]
ipq8064: Enabling sata port ipq8064 based devices

(original text here: https://patchwork.kernel.org/patch/8686761/)

On some SOCs PORTS_IMPL register value is never programmed by the BIOS
and left at zero value. Which means that no sata ports are avaiable for
software. AHCI driver used to cope up with this by fabricating the
port_map if the PORTS_IMPL register is read zero, but recent patch
broke this workaround as zero value was valid for nvme disks.
This patch adds ports-implemented dt bindings as workaround for this issue
in a way that DT can dictate the port_map incase where the SOCs does not
program it already.

This patch is equal to commits:
67f8425d0ee1 ("ipq8064: dts: force AP148 SATA port mapping")
2e7a2c91019c ("ARM: dts: qcom: Move common nodes to ipq8064-v.1.0.dtsi")
in the upstream linux kernel.

Signed-off-by: Roman Glova <roman_glova@epam.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[added upstream commits, reorg' commit message]

5 years agoath79: add support for I-O DATA WN-AC1600DGR
INAGAKI Hiroshi [Tue, 5 Feb 2019 08:23:58 +0000 (17:23 +0900)]
ath79: add support for I-O DATA WN-AC1600DGR

I-O DATA WN-AC1600DGR is a 2.4/5 GHz band 11ac router, based on
Qualcomm Atheros QCA9557.

Specification:

- SoC:      Qualcomm Atheros QCA9557
- RAM:      128 MB
- Flash:    16 MB
- WLAN:     2.4/5 GHz
  - 2.4 GHz: 2T2R (SoC internal)
  - 5 GHz:   3T3R (QCA9880)
- Ethernet: 5x 10/100/1000 Mbps
  - Switch: QCA8337N
- LED/key:  6x/6x(4x buttons, 1x slide switch)
- UART:     through-hole on PCB
  - Vcc, GND, TX, RX from ethernet port side
  - 115200n8

Flash instruction using factory image:

1. Connect the computer to the LAN port of WN-AC1600DGR
2. Connect power cable to WN-AC1600DGR and turn on it
3. Access to "http://192.168.0.1/" and open firmware update page
("ファームウェア")
4. Select the OpenWrt factory image and click update ("更新") button
5. Wait ~150 seconds to complete flashing

Alternative flash instruction using initramfs image:

1. Prepare a computer and TFTP server software with the IP address
"192.168.99.8" and renamed OpenWrt initramfs image
"uImageWN-AC1600DGR"
2. Connect between WN-AC1600DGR and the computer with UART
3. Connect power cable to WN-AC1600DGR, press "4" on the serial
console and enter the U-Boot console
4. execute "tftpboot" command on the console and download initramfs
image from the TFTP server
5. execute "bootm" command and boot OpenWrt
6. On initramfs image, download the sysupgrade image to the device
and perform sysupgrade with it
7. Wait ~150 seconds to complete flashing

This commit also removes unnecessary "qca,no-eeprom" property from
the ath10k wifi node.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
5 years agoath79: fix qca955x dual pci resource allocation
Santiago Piccinini [Tue, 29 Jan 2019 04:20:44 +0000 (04:20 +0000)]
ath79: fix qca955x dual pci resource allocation

Tested with a dual pci QCA9558 board (LibreRouter v1) in three
configurations: enabling pcie0 only, pcie1 only and both enabled.

Signed-off-by: Santiago Piccinini <spiccinini@altermundi.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [removed ML notice]
5 years agoath79: fix qca955x pcie0 memory size
Santiago Piccinini [Tue, 29 Jan 2019 04:20:56 +0000 (04:20 +0000)]
ath79: fix qca955x pcie0 memory size

Datasheet states that both PCI ranges are of 0x2000000 size:
0x1000_0000-0x11FF_FFF and 0x1200_0000-0x13FF_0000.

Signed-off-by: Santiago Piccinini <spiccinini@altermundi.net>
Reviewed-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [removed ML notice]
5 years agoipq40xx: add support for ASUS Lyra
Marius Genheimer [Tue, 12 Feb 2019 16:19:51 +0000 (17:19 +0100)]
ipq40xx: add support for ASUS Lyra

SoC:   Qualcomm IPQ4019 (Dakota) 717 MHz, 4 cores
RAM:   256 MiB (Nanya NT5CC128M16IP-DI)
FLASH: 128 MiB (Macronix NAND)
WiFi0: Qualcomm IPQ4019 b/g/n 2x2
WiFi1: Qualcomm IPQ4019 a/n/ac 2x2
WiFi2: Qualcomm Atheros QCA9886 a/n/ac
BT:    Atheros AR3012
IN:    WPS Button, Reset Button
OUT:   RGB-LED via TI LP5523 9-channel Controller
UART:  Front of Device - 115200 N-8
       Pinout 3.3v - RX - TX - GND (Square is VCC)

Installation:
1. Transfer OpenWRT-initramfs image to the device via SSH to /tmp.
Login credentials are identical to the Web UI.

2. Login to the device via SSH.

3. Flash the initramfs image using

> mtd-write -d linux -i openwrt-image-file

4. Power-cycle the device and wait for OpenWRT to boot.

5. From there flash the OpenWRT-sysupgrade image.

Ethernet-Ports: Although labeled identically, the port next to
the power socket is the LAN port and the other one is WAN. This
is the same behavior as in the stock firmware.

Signed-off-by: Marius Genheimer <mail@f0wl.cc>
[Dropped setup_mac 02_network in favour of 05_set_iface_mac_ipq40xx.sh,
reorderd 02_network entries, added board.bin WA for the QCA9886 from ath79,
minor dts touchup, added rng to 4.19 dts]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
5 years agoipq40xx: ea6350v3: 4.19: enable pseudo rng support
Christian Lamparter [Tue, 12 Feb 2019 17:40:47 +0000 (18:40 +0100)]
ipq40xx: ea6350v3: 4.19: enable pseudo rng support

Robert Marko made a big effort to enable the rng on all
ipq40xx for 4.19, so let's continue the quest.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
5 years agogemini: Name binary "bootpart.tar.gz"
Linus Walleij [Thu, 7 Feb 2019 19:47:15 +0000 (20:47 +0100)]
gemini: Name binary "bootpart.tar.gz"

This factory binary i supposed to actually be unzipped and
untarred by the user as part of the installation process
(this NAS boots from harddisk), so name it "bootpart.tar.gz"
and not "factory.bin" so it is helpful for users.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
5 years agokernel: Add missing config option for kernel 4.19
Daniel Engberg [Fri, 8 Feb 2019 12:22:41 +0000 (13:22 +0100)]
kernel: Add missing config option for kernel 4.19

Add CONFIG_USB_ROLE_SWITCH otherwise Octeon 4.19 fails compile

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
5 years agompc85xx: 4.19: add missing symbol
Pawel Dembicki [Tue, 12 Feb 2019 14:17:58 +0000 (15:17 +0100)]
mpc85xx: 4.19: add missing symbol

OCEDO Panda was added in b368373f, but only for
4.14 config. This patch fix 4.19 build for generic
and p2020 subtarget.

Signed-off-by: Pawel Dembicki <p.dembicki@wb.com.pl>
5 years agoramips: change status LED for Buffalo WHR-G300N
INAGAKI Hiroshi [Sun, 3 Feb 2019 02:18:09 +0000 (11:18 +0900)]
ramips: change status LED for Buffalo WHR-G300N

Buffalo WHR-G300N has a LED for power status indication, but it is not
connected to the GPIO and cannot be controlled by the kernel. So,
WHR-G300N uses "ROUTER" LED as the system status LED instead.

This commit changes it to use "DIAG" LED insted of "ROUTER" like
WHR-G301N in ath79 target.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
5 years agoramips: various Netgear R6120 fixes
David Bauer [Fri, 1 Feb 2019 23:34:43 +0000 (00:34 +0100)]
ramips: various Netgear R6120 fixes

The R6120 has no 5GHz WLAN LED, the assigned GPIO in fact controls
the WAN LED.

Renames the LED accordingly in the device-tree.
Removes the 5GHz WLAN LED trigger.
Adds the correct WAN port LED trigger.

----

Currently, the MAC address for the Netgear R6120 is read from the NVRAM
partition. The offset for the MAC address however is not consistent
across devices or firmware versions.

Switch to using the factory partition like all other Netgear devices do.

----

The LAN ports of the R6120 are labled in reverse on the casing.

Adjust LuCI switchport numbering accordingly.

----

The WiFi eeprom offsets for the R6120 are currently wrong (5GHz offset
is bigger than the partition itself).

Fixes poor performance on 2.4 and 5 GHz.

Signed-off-by: David Bauer <mail@david-bauer.net>
5 years agoramips: add support for I-O DATA WN-AC1167GR
INAGAKI Hiroshi [Tue, 8 Jan 2019 15:20:18 +0000 (00:20 +0900)]
ramips: add support for I-O DATA WN-AC1167GR

I-O DATA WN-AC1167GR is a 2.4/5 GHz band 11ac router, based on
MediaTek MT7620A.

Specification:

- SoC     : MediaTek MT7620A
- RAM     : DDR2 64 MB
- Flash   : SPI-NOR 8MB
- WLAN    : 2.4/5 GHz, 2T2R
  - 2.4 GHz: MT7620A (SoC)
  - 5 GHz  : MT7612E
- Ethernet: 10/100/1000 Mbps (ext. MT7530)
- LED/key : 4x/3x (2x buttons, 1x slide-switch)
- UART    : through-hole on PCB
  - J2: TX, GND, RX, Vcc from SoC side
  - 115200n8

Flash instruction using factory image:

1. Boot WN-AC1167GR normaly
2. Access to "http://192.168.0.1/" and open firmware update page
("ファームウェア")
3. Select the OpenWrt factory image and click update ("更新") button
to perform firmware update
4. Wait ~150 seconds to complete flashing

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
5 years agoath79: proper indentation in image/common-tp-link.mk
Paul Wassi [Sun, 6 Jan 2019 14:27:00 +0000 (15:27 +0100)]
ath79: proper indentation in image/common-tp-link.mk

Add two spaces for proper indentation in image/common-tp-link.mk

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
5 years agoath79: fix port order on TL-WR841ND-v7
Paul Wassi [Sat, 5 Jan 2019 22:54:01 +0000 (23:54 +0100)]
ath79: fix port order on TL-WR841ND-v7

The switch ports are seen one to one on the case.
Also remove unneeded secondary port numbers in this
case statement.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
5 years agoath79: change ledtrig on GL.iNet AR150
Paul Wassi [Fri, 4 Jan 2019 22:35:09 +0000 (23:35 +0100)]
ath79: change ledtrig on GL.iNet AR150

Change the ledtrig for LAN from netdev to switch.
Although eth1 comes out of the device at a single port,
this port is a switch-port and therefore the LED
must be triggered by that.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
5 years agoath79: rename TP-LINK to TP-Link
Paul Wassi [Fri, 4 Jan 2019 21:44:08 +0000 (22:44 +0100)]
ath79: rename TP-LINK to TP-Link

Remove inconsistencies in the vendor's name.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
5 years agoar71xx: fix TL-MR3220-v2 switch port order
Paul Wassi [Fri, 4 Jan 2019 21:38:17 +0000 (22:38 +0100)]
ar71xx: fix TL-MR3220-v2 switch port order

Fix the switch port order for proper display on high
level interfaces.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
5 years agoar71xx: fix TL-WR741ND-v4 switch port order
Paul Wassi [Fri, 4 Jan 2019 21:37:01 +0000 (22:37 +0100)]
ar71xx: fix TL-WR741ND-v4 switch port order

Fix the switch port order for proper display on high
level interfaces.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
5 years agoath79: rename TL-WR740ND-v4 to TL-WR740N-v4
Paul Wassi [Fri, 4 Jan 2019 21:26:01 +0000 (22:26 +0100)]
ath79: rename TL-WR740ND-v4 to TL-WR740N-v4

Give the device the same name it had in ar71xx.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
5 years agoath79: fix TL-WR741ND-v4 switch port order
Paul Wassi [Fri, 4 Jan 2019 21:19:28 +0000 (22:19 +0100)]
ath79: fix TL-WR741ND-v4 switch port order

Fix the switch port order for proper display on high
level interfaces.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
5 years agokernel: bump 4.19 to 4.19.21
Koen Vandeputte [Wed, 13 Feb 2019 10:38:41 +0000 (11:38 +0100)]
kernel: bump 4.19 to 4.19.21

Refreshed all patches.

Remove upstreamed:
- 0007-ARM-dts-Fix-up-the-D-Link-DIR-685-MTD-partition-info.patch

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.14 to 4.14.99
Koen Vandeputte [Wed, 13 Feb 2019 10:38:08 +0000 (11:38 +0100)]
kernel: bump 4.14 to 4.14.99

Refreshed all patches.

Remove upstreamed:
- 950-0434-mmc-bcm2835-Recover-from-MMC_SEND_EXT_CSD.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.156
Koen Vandeputte [Wed, 13 Feb 2019 10:33:57 +0000 (11:33 +0100)]
kernel: bump 4.9 to 4.9.156

Refreshed all patches.

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agodnsmasq: add rapid commit config option
Hans Dedecker [Wed, 13 Feb 2019 09:30:10 +0000 (10:30 +0100)]
dnsmasq: add rapid commit config option

Add config option rapidcommit to enable support for DHCPv4 rapid
commit (RFC4039)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agoopenssl: add package for openssl.cnf, misc changes
Eneas U de Queiroz [Wed, 30 Jan 2019 10:42:11 +0000 (08:42 -0200)]
openssl: add package for openssl.cnf, misc changes

- Add the /etc/ssl/openssl.cnf as a separate package, to avoid breaking
  the transitional mechanism, allowing libopenssl_1.0* and
  libopenssl_1.1* to coexist.

- Remove the (selecting) dependency on @KERNEL_AIO

- Use global SOURCE_DATE_EPOCH

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
5 years agoopenssl: optimizations based on ARCH/small flash
Eneas U de Queiroz [Wed, 24 Oct 2018 19:28:59 +0000 (16:28 -0300)]
openssl: optimizations based on ARCH/small flash

Add a patch to enable the option to change the default ciphersuite list
ordering to prefer ChaCha20 over AES-GCM.  This is used by default for
all platforms, except for x86_64 and aarch64. The assumption is that
only the latter have AES-specific CPU instructions and asm code that
uses them in openssl.  Chacha20Poly1305 is 3x faster than AES-256 in
systems without AES instructions, with an equivalent strength.

Disable error messages by default except for devices with small flash or
RAM, to aid debugging.

Disable ASM by default on arm platform with small flash.  Size
difference on mips and powerpc, the other platforms with small flash
devices, are not really relevant (using 100K as a threshold).  All of
the affected platforms are source-only anyway.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
5 years agoopenssl: update to version 1.1.1a
Eneas U de Queiroz [Wed, 24 Oct 2018 14:25:00 +0000 (11:25 -0300)]
openssl: update to version 1.1.1a

This version adds the following functionality:
  * TLS 1.3
  * AFALG engine support for hardware accelleration
  * x25519 ECC curve support
  * CRIME protection: disable use of compression by default
  * Support for ChaCha20 and Poly1305

Patches fixing bugs in the /dev/crypto engine were applied, from
https://github.com/openssl/openssl/pull/7585

This increses the size of the ipk binray on MIPS32 by about 32%:
old:
693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk

new:
912.493 bin/packages/mips_24kc/base/libopenssl1.1_1.1.1a-2_mips_24kc.ipk
239.316 bin/packages/mips_24kc/base/openssl-util_1.1.1a-2_mips_24kc.ipk

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
5 years agoopenssl: add configuration options, disable ssl3
Eneas U de Queiroz [Mon, 22 Oct 2018 14:32:56 +0000 (11:32 -0300)]
openssl: add configuration options, disable ssl3

Adds the following configuration options:
* using optimized assembler code (was always on before)
* use of x86 SSE2 instructions
* dyanic engine support
* include error messages
* Camellia, Gost, Idea, MDC2, Seed & Whirlpool algorithms
* RFC3779, CMS protocols
* VIA padlock hardware acceleration engine

Installs openssl.cnf with the library as it is used by engines
independent of the openssl util.

Fixes DTLS option that was innefective before.

Disables insecure SSL3 protocol and SHA0.

Adds openwrt-specific targets to Configure script, including asm support
for i386, ppc and mips64.

Strips building dirs from CFLAGS shown in binary.

Skips the fuzz directory during build.

Removed include/crypto/devcrypto.h that was included here, to use the
cryptodev-linux package, now that it was been moved from the packages
feed to the main openwrt repository.

This decreses the size of the ipk binray on MIPS32 by about 3.3%:
old:
706.957 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
199.294 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk

new:
693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
5 years agobase-files: fix ucert verification
Felix Fietkau [Tue, 12 Feb 2019 15:37:30 +0000 (16:37 +0100)]
base-files: fix ucert verification

ucert needs to check the firmware part with metadata, but without the signature.
Use the new fwtool mode to extract that without altering the firmware image inside
the check

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 years agofwtool: add support for extracting the truncated data part to stdout
Felix Fietkau [Tue, 12 Feb 2019 15:24:14 +0000 (16:24 +0100)]
fwtool: add support for extracting the truncated data part to stdout

This allows extracing the firmware + metadata from a signed firmware without
altering the original image file

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 years agofwtool: do not strip metadata if extracting signature
Felix Fietkau [Tue, 12 Feb 2019 14:59:11 +0000 (15:59 +0100)]
fwtool: do not strip metadata if extracting signature

This allows the signature to cover the metadata area

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 years agohostapd: fix race condition in mesh new peer handling
Felix Fietkau [Tue, 12 Feb 2019 13:26:04 +0000 (14:26 +0100)]
hostapd: fix race condition in mesh new peer handling

Avoid trying to add the same station to the driver multiple times

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 years agohostapd: send wpa_supplicant logging output to syslog
Felix Fietkau [Tue, 12 Feb 2019 13:04:07 +0000 (14:04 +0100)]
hostapd: send wpa_supplicant logging output to syslog

Helpful for debugging network connectivity issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 years agomac80211: brcmfmac: backport early changes queued for the Linux 5.1
Rafał Miłecki [Tue, 12 Feb 2019 13:17:46 +0000 (14:17 +0100)]
mac80211: brcmfmac: backport early changes queued for the Linux 5.1

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
5 years agomac80211: brcmfmac: backport remaining patches from the Linux 5.0
Rafał Miłecki [Tue, 12 Feb 2019 12:43:06 +0000 (13:43 +0100)]
mac80211: brcmfmac: backport remaining patches from the Linux 5.0

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
5 years agoiproute2: tc: reduce size of dynamic symbol table
Tony Ambardar [Fri, 14 Dec 2018 07:49:32 +0000 (23:49 -0800)]
iproute2: tc: reduce size of dynamic symbol table

In the case of SHARED_LIBS=y, don't use -export-dynamic to place *all*
symbols into the dynamic symbol table. Instead, use --dynamic-list to
export a smaller set of symbols similar to that defined in static-syms.h
in the case of SHARED_LIBS=n, avoiding an 11 KB tc package size increase.

Also increment PKG_RELEASE.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agoiproute2: tc: enable and fix support for using .so plugins
Tony Ambardar [Thu, 13 Dec 2018 19:48:55 +0000 (11:48 -0800)]
iproute2: tc: enable and fix support for using .so plugins

This enables using the tc module m_xt.so, which uses the act_ipt kernel
module to allow tc actions based on iptables targets. e.g.

   tc filter add dev eth0 parent 1: prio 10 protocol ip \
   u32 match u32 0 0 action xt -j DSCP --set-dscp-class BE

Make the SHARED_LIBS parameter configurable and based on tc package
selection.

Fix a problem using the tc m_xt.so plugin as also described in
https://bugs.debian.org/868059:

  Sync include/xtables.h from iptables to make sure the right offset is
  used when accessing structure members defined in libxtables. One could
  get “Extension does not know id …” otherwise. (See also: #868059)

Patch to sync the included xtables.h with system iptables 1.6.x. This
continues to work with iptables 1.8.2.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agoiproute2: simplify linking libelf for eBFP/XDP object file support
Tony Ambardar [Sat, 24 Nov 2018 00:33:45 +0000 (16:33 -0800)]
iproute2: simplify linking libelf for eBFP/XDP object file support

Simplify build and runtime dependencies on libelf, which allows tc and ip
to load BPF and XDP object files respectively.

Preserve optionality of libelf by having configuration script follow the
HAVE_ELF environment variable, used similarly to the HAVE_MNL variable.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agoiproute2: use tc package variant to limit other package sizes
Tony Ambardar [Sun, 16 Dec 2018 02:26:48 +0000 (18:26 -0800)]
iproute2: use tc package variant to limit other package sizes

Replace the old 'tc' with a singleton package variant which will be used
to enable additional functionality and limit it only to tc. Non-variant
packages will only be installed during 'tiny' variant builds, hence will
be configured without extra features, thus preserving previously limited
functionality and reduced package sizes.

Also set ip-tiny as the default variant, and install 'tiny' versions of
development libraries.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agoiproute2: simplify Makefile, patches and fix feature detection
Tony Ambardar [Sat, 24 Nov 2018 07:56:24 +0000 (23:56 -0800)]
iproute2: simplify Makefile, patches and fix feature detection

Compile-based feature detection (e.g. xtables, ipset support) was broken
due to silent compilation errors in the configure script, caused by a
Makefile variable KERNEL_INCLUDE referring to kernel build headers. Use
userspace headers by setting the same "user_headers" kernel include path
as used for the iptables build.

Remove redundant or unused Build/Configure definitions from package
Makefile, including KERNEL_INCLUDE, LIBC_INCLUDE and DBM includes.

Don't pass LDFLAGS within MAKE_FLAGS as this interferes with LDFLAGS in
tc/Makefile and masks a link parameter ("-Wl,-export-dynamic"). Instead,
use standard TARGET_LDFLAGS.

Replace EXTRA_CCOPTS in MAKE_FLAGS with cleaner TARGET_CPPFLAGS, and also
drop now unneeded patch 150-extra-ccopts.patch.

Enable defining XT_LIB_DIR from Makefile, needed to set the iptables
modules directory to something other than /lib/xtables, and also add
libxtables dependency. Both are needed with working xtables detection.
Note that libxtables is also pulled in by iptables, firewall or luci, so
this change has no size impact in most cases.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agoiproute2: fix broken configuration patch
Tony Ambardar [Fri, 23 Nov 2018 09:09:23 +0000 (01:09 -0800)]
iproute2: fix broken configuration patch

Since v4.13, iproute2 switched to a config.mk file with greater use of
pkg-config for library/feature detection. Replace the old Config patch
with one modifying the configure script but enabling the same changes:
 - explicitly disable TC_CONFIG_ATM
 - rely on feature detection for IP_CONFIG_SETNS and TC_CONFIG_XT

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agobase-files: enable BPF JIT sysctl by default
Tony Ambardar [Tue, 18 Dec 2018 06:13:22 +0000 (22:13 -0800)]
base-files: enable BPF JIT sysctl by default

Set net.core.bpf_jit_enable=1 in /etc/sysctl.d/10-default.conf.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agokernel: enable CONFIG_BPF_JIT by default
Tony Ambardar [Tue, 18 Dec 2018 05:29:33 +0000 (21:29 -0800)]
kernel: enable CONFIG_BPF_JIT by default

Enable the built-in BPF JIT compiler for all 4.9, 4.14 and 4.19 kernels,
which should speed up cBPF and eBPF-based packet filtering (tc, iptables)
and packet sniffing (libpcap, tcpdump, fwknopd, etc).

This has minimal kernel size impact, increasing the size of uImage-lzma
(normally ~2 MB on mips_24kc or mips64el_mips64) by 5 KB for the MIPS32
arch cBPF JIT and by 9 KB for the MIPS64 arch eBPF JIT, on kernel 4.14.

With JIT enabled (cBPF only), the standard BPF test module (test_bpf.ko)
running on a DIR-835 (mips_24kc) used 33 CPU seconds, but 68 without JIT.

This change aligns with the notion of OpenWRT as the network go-to swiss
army knife for packet handling, especially on CPU-constrained platforms.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agokernel/modules: add kmod-bpf-test package
Tony Ambardar [Mon, 19 Nov 2018 17:16:48 +0000 (09:16 -0800)]
kernel/modules: add kmod-bpf-test package

Add the test_bpf module that runs various test vectors against the BPF
interpreter or BPF JIT compiler. The module must be manually loaded, as
with the kmod-crypto-test module which serves a similar purpose.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agokernel/modules: add kmod-sched-bpf package
Tony Ambardar [Fri, 26 Oct 2018 09:16:32 +0000 (02:16 -0700)]
kernel/modules: add kmod-sched-bpf package

Add cls_bpf and act_bpf modules for additional tc classifier and action
support of cBPF and eBPF.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>