openwrt/staging/xback.git
6 years agoimx6: use DTS_DIR at image build code
Adrià Llaudet [Thu, 8 Feb 2018 11:02:24 +0000 (12:02 +0100)]
imx6: use DTS_DIR at image build code

Use "$(DTS_DIR)", defined at include/image.mk, instead of
"$(LINUX_DIR)/arch/$(LINUX_KARCH)/boot/dts" in order to generalize and
allow a better Device/* device-tree parameterization (i.e. DEVICE_DTS_DIR
and DTS_DIR).

Signed-off-by: Adrià Llaudet <adria.llaudet@gmail.com>
6 years agoarchs38: bump kernel to 4.14.
Evgeniy Didin [Tue, 23 Jan 2018 16:48:48 +0000 (19:48 +0300)]
archs38: bump kernel to 4.14.

Update Linux kernel version from 4.9 to 4.14 for archs38.
config-4.14 was simply regenerated with "make kernel_menuconfig".

Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Cc: John Crispin <john@phrozen.org>
6 years agokernel: backport fix undefined abort
Evgeniy Didin [Tue, 30 Jan 2018 12:36:51 +0000 (15:36 +0300)]
kernel: backport fix undefined abort

While building mpi.ko module with stable Linux v4.14.14 an error occured:
>ERROR: "abort" [lib/mpi/mpi.ko] undefined!
In upstream Linux 4.15 this issue is fixed:
Commit 7c2c11b208be ("arch: define weak abort()")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c2c11b208be09c156573fc0076b7b3646e05219

Commit dc8635b78cd8 ("kernel/exit.c: export abort() to modules")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dc8635b78cd8669c37e230058d18c33af7451ab1

So lets add backport patches until these fixes
are not applied in stable version.

Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
CC: John Crispin <john@phrozen.org>
CC: Hauke Mehrtens <hauke@hauke-m.de>
6 years agokernel: add kmod-fou
Filip Moc [Thu, 1 Feb 2018 19:42:30 +0000 (20:42 +0100)]
kernel: add kmod-fou

Once installed fou kernel module allows you to use FOU (Foo over UDP)
and GUE (Generic UDP encapsulation) tunnel protocols.

To get ip fou command working you also need to install ip-full.

Signed-off-by: Filip Moc <lede@moc6.cz>
6 years agouboot-mvebu: fix build ; use the build's tools/libressl
Alexandru Ardelean [Tue, 23 Jan 2018 14:42:09 +0000 (16:42 +0200)]
uboot-mvebu: fix build ; use the build's tools/libressl

Since I have no openssl-dev on my machine, I first
get this error:

```
tools/kwbimage.c:21:10: fatal error: openssl/bn.h: No such file or directory
 #include <openssl/bn.h>
```

After removing the UBOOT_MAKE_FLAGS the next error is:
```
tools/kwbimage.c:40:6: error: conflicting types for ‘EVP_MD_CTX_cleanup’
 void EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
```

After removing the OpenSSL patches the next error is:
```
  HOSTLD  tools/dumpimage
/usr/bin/ld: cannot find -lssl
/usr/bin/ld: cannot find -lcrypto
collect2: error: ld returned 1 exit status
scripts/Makefile.host:108: recipe for target 'tools/dumpimage' failed
make[5]: *** [tools/dumpimage] Error 1

```

So, the final part is to add the build system's
HOST_LDFLAGS to the UBOOT_MAKE_FLAGS.
(which was done in the previous commit)

Then the image builds.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
6 years agou-boot.mk: add HOST_LDFLAGS to UBOOT_MAKE_FLAGS
Alexandru Ardelean [Tue, 23 Jan 2018 14:51:52 +0000 (16:51 +0200)]
u-boot.mk: add HOST_LDFLAGS to UBOOT_MAKE_FLAGS

This will make sure that the build system's
paths for linking are available.
This is needed mostly for linking with tools/libressl.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
6 years agou-boot,at91bootstrap: fix incorrect HOSTCPPFLAGS variable
Alexandru Ardelean [Mon, 22 Jan 2018 15:30:06 +0000 (17:30 +0200)]
u-boot,at91bootstrap: fix incorrect HOSTCPPFLAGS variable

This would should up as `$$(HOSTCPPFLAGS)` in the host CFLAGS.
```
make --jobserver-fds=3,4 -j -C <openwrt>/build_dir/target-arm_cortex-a8+vfpv3_musl_eabi/u-boot-A10-OLinuXino-Lime/u-boot-2017.07 CROSS_COMPILE=arm-openwrt-linux-muslgnueabi- DTC="<openwrt>/build_dir/target-arm_cortex-a8+vfpv3_musl_eabi/linux-sunxi_cortexa8/linux-4.9.76/scripts/dtc/dtc" HOSTCC="gcc" HOSTCFLAGS='-O2 -I<openwrt>/staging_dir/host/include -I<openwrt>/staging_dir/host/usr/include -I<openwrt>/staging_dir/hostpkg/include -I<openwrt>/staging_dir/target-arm_cortex-a8+vfpv3_musl_eabi/host/include $$(HOSTCPPFLAGS)' HOSTLDFLAGS="" BL31=<openwrt>/staging_dir/target-arm_cortex-a8+vfpv3_musl_eabi/image/bl31.bin
```

And then it would complain with:
```
 /bin/sh: 1: HOSTCPPFLAGS: not found
```

Also, HOSTCPPFLAGS does not exist.
The correct var is HOST_CPPFLAGS.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
6 years agovalgrind: Fix compile on ARM64
Hauke Mehrtens [Sat, 10 Feb 2018 19:11:22 +0000 (20:11 +0100)]
valgrind: Fix compile on ARM64

Activate the support for 64 bit on all 64 bit CPUs and not only x86_64.
ARM64 does not provide an xml file, so do not pack any.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agobunwind: build for ARM64
Hauke Mehrtens [Mon, 5 Feb 2018 21:43:02 +0000 (22:43 +0100)]
bunwind: build for ARM64

ARM64 is supported by libunwind since some versions, allow building it
for aarch64.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agoconfig: fix ARM64 dependency check
Hauke Mehrtens [Mon, 5 Feb 2018 21:40:56 +0000 (22:40 +0100)]
config: fix ARM64 dependency check

The ARM64 CPUs use aarch64 config symbol, fix the depends lines.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agotoolchain: gdb: activate on ARM64
Hauke Mehrtens [Mon, 5 Feb 2018 21:39:58 +0000 (22:39 +0100)]
toolchain: gdb: activate on ARM64

gdb supports ARM64 since quite some time now, activate it there like on
other CPU architectures.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agokernel: rename CONFIG_TRACE_ENUM_MAP_FILE to CONFIG_TRACE_EVAL_MAP_FILE
Hauke Mehrtens [Fri, 9 Feb 2018 23:41:56 +0000 (00:41 +0100)]
kernel: rename CONFIG_TRACE_ENUM_MAP_FILE to CONFIG_TRACE_EVAL_MAP_FILE

This config option was renamed in upstream Linux commit 681bec0367
("tracing: Rename update the enum_map file")

Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agouboot-sunxi: fix build by adding comparabilities for old dtc
Hauke Mehrtens [Fri, 9 Feb 2018 22:53:47 +0000 (23:53 +0100)]
uboot-sunxi: fix build by adding comparabilities for old dtc

We use the dtc from the kernel and that does not have all the options
which u-boot would like to use now. make these parameters optional.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agouboot-sunxi: refresh patches
Hauke Mehrtens [Fri, 9 Feb 2018 22:58:06 +0000 (23:58 +0100)]
uboot-sunxi: refresh patches

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agomt76: update to the latest version, fixes mt7603 stability issues
Felix Fietkau [Fri, 9 Feb 2018 15:04:30 +0000 (16:04 +0100)]
mt76: update to the latest version, fixes mt7603 stability issues

3413961 mt7603: avoid reordering qos-null data packets
c60e6db mt76: toggle driver station powersave bit before notifying mac80211
246d548 mt76: stop tx queues from the driver callback instead of common code

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agokernel: remove kmod-spi-gpio-old
Felix Fietkau [Wed, 7 Feb 2018 13:28:47 +0000 (14:28 +0100)]
kernel: remove kmod-spi-gpio-old

It is unused and has been deprecated for a long time

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agowrt55agv2-spidevs: mark as broken
Felix Fietkau [Wed, 7 Feb 2018 13:27:52 +0000 (14:27 +0100)]
wrt55agv2-spidevs: mark as broken

The target it was meant for was updated to a version that this does not
compile with. It probably also hasn't been used in years

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoixp4xx: remove linux 4.4 support
Felix Fietkau [Wed, 7 Feb 2018 13:26:03 +0000 (14:26 +0100)]
ixp4xx: remove linux 4.4 support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoocteon: switch to kernel 4.14
Stijn Tintel [Thu, 8 Feb 2018 18:04:38 +0000 (19:04 +0100)]
octeon: switch to kernel 4.14

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
6 years agokernel: bump 4.14 to 4.14.18
Stijn Tintel [Thu, 8 Feb 2018 08:36:38 +0000 (09:36 +0100)]
kernel: bump 4.14 to 4.14.18

Refresh patches.

Remove upstreamed patches:
- apm821xx/010-crypto-gcm-add-GCM-IV-size-constant.patch
- backport/040-crypto-fix-typo-in-KPP-dependency-of-CRYPTO_ECDH.patch
Remove pending-4.14/650-pppoe_header_pad.patch, it is superseded by
upstream commit d32e5740001972c1bb193dd60af02721d047a17e.
Update patch that no longer applies: hack/204-module_strip.patch

Compile-tested: octeon, x86/64.
Runtime-tested: octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
6 years agoodhcp6c: fix appending of emtpy sendopt value (FS#1336)
Hans Dedecker [Thu, 8 Feb 2018 17:21:12 +0000 (18:21 +0100)]
odhcp6c: fix appending of emtpy sendopt value (FS#1336)

Don't append an empty sendopts value as odhcp6c bails out
immediately on an empty -x option triggering an infinite start
loop of odhcp6c

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agolibubox: bump to git HEAD version
Hans Dedecker [Thu, 8 Feb 2018 12:12:22 +0000 (13:12 +0100)]
libubox: bump to git HEAD version

b0c830 sh/jshn.sh: add json_for_each_item()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoodhcp6c: change sendopts option into list
Hans Dedecker [Mon, 5 Feb 2018 08:57:48 +0000 (09:57 +0100)]
odhcp6c: change sendopts option into list

Commit a26045049b added support for sendopts as a string; since multiple
sendopts values can be specified it makes more sense to model it as a
list of strings.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agonetifd: update to latest git HEAD
Hans Dedecker [Mon, 5 Feb 2018 20:56:16 +0000 (21:56 +0100)]
netifd: update to latest git HEAD

1be329c netifd-proto: add proto_config_add_array wrapper

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agotools/ccache: update to 3.3.6
Hannu Nyman [Sun, 4 Feb 2018 18:56:59 +0000 (20:56 +0200)]
tools/ccache: update to 3.3.6

Update ccache to 3.3.6

Release notes:
https://ccache.samba.org/releasenotes.html#_ccache_3_3_6

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
6 years agouboot-sunxi: bump to 2017.11
Zoltan HERPAI [Mon, 5 Feb 2018 16:02:49 +0000 (17:02 +0100)]
uboot-sunxi: bump to 2017.11

Runtime-tested on:
 - Pine64 (A64)
 - Orange Pi 2 (H3)
 - Bananapro (A20)
 - Olimex A20-Micro (A20)
 - Pcduino v3 (A20)
 - Pcduino v2 (A10)

Compile-tested on:
 - all A8/A7/A53 boards

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
6 years agoramips: various fixes for zbt-we1226
Daniel Golle [Wed, 24 Jan 2018 00:27:51 +0000 (01:27 +0100)]
ramips: various fixes for zbt-we1226

Convert userspace code to use generic device-tree compatible board
detection method.  Users of the existing code will have to use
sysupgrade -F once to switch to the new generic board naming.
Properly setup pinctrl fixing the switch port LEDs.

Fixes commit 9c4fe103cb (ramips: add support for ZBT-WE1226)
Reported-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
6 years agoltq-atm: cleanup unused variables and functions
Martin Schiller [Mon, 8 Jan 2018 08:54:59 +0000 (09:54 +0100)]
ltq-atm: cleanup unused variables and functions

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
6 years agoltq-atm: rewrite tx path to use IRQs
Alexander Couzens [Mon, 8 Jan 2018 08:54:58 +0000 (09:54 +0100)]
ltq-atm: rewrite tx path to use IRQs

The ATM subsystem is different from the generic ethernet NICs. The ATM
subsystem requires a callback when a packet has been sent. It means a
tx skb_buff need to be used after it has sent. While the generic NIC
can fill up the TX ring and free skb_buffs if it encounter a ring buffer slot
with an already sent skbuff.
The ATM drivers need call the pop() function after it has send a
single ATM package. The ATM subsystem controls via this ways the queuing.

The ppe engine use DMA channels for read and write. Every atm_vcc has it's
own TX DMA channel and each TX DMA channel has it's own ring buffer.

The old driver had multiple issues:
- Call the subsystem callback at the beginning of tx function (ppe_send).
  Didn't allowed the ATM subsystem to control the enqueued package
  amount.
- Filled up the TX ring until full and fail futher
- copy or decouple the skb from all other subsystem before giving it
  over to TX ring

The new tx path uses interupts.
- call the subsystem callback _after_ it was sent by hardware
- no need to copy our decouple the skb any more
- gives back control to the atm subsystem over the enqueued packages
- use an interupt for every sent atm package

Using interupts shouldn't be a problem because of the slow uplink bandwidth of
ADSL.
The speed _through_ the DSL router was always as high as it should
be, only traffic generated on the router itself were affected.

After changing to new tx path, the speed of iperf's run on the
router itself reached the same speed. The master/trunk wasn't as much
affected because of TCP optimisations (reboot-5022-gb2ea46fe236a).
The following results are taken on the remote server, which receives
the stream over the internet and the DSL line.

The sync moves between every sync a litte bit, but is so far stable
Latency / Interleave Delay:               Down: Fast (0.25 ms) / Up: Fast (0.50 ms)
Data Rate:                                Down: 13.287 Mb/s / Up: 1.151 Mb/s

reboot-5521-g9f8d28285d without patch
[ ID] Interval           Transfer     Bandwidth       Retr
[  5]   0.00-10.04  sec   947 KBytes   773 Kbits/sec    0             sender
[  5]   0.00-10.04  sec   928 KBytes   757 Kbits/sec                  receiver

reboot-5521-g9f8d28285d with patch
[  5]   0.00-10.06  sec  1.16 MBytes   970 Kbits/sec    0             sender
[  5]   0.00-10.06  sec  1.15 MBytes   959 Kbits/sec                  receiver

v17.01.4-239-g55c23e44f4 without patch
[ ID] Interval           Transfer     Bandwidth       Retr
[  5]   0.00-10.04  sec  87.4 KBytes  71.3 Kbits/sec    0             sender
[  5]   0.00-10.04  sec  59.6 KBytes  48.7 Kbits/sec                  receiver

v17.01.4-239-g55c23e44f4 with patch
[ ID] Interval           Transfer     Bandwidth       Retr
[  5]   0.00-10.05  sec  1.18 MBytes   983 Kbits/sec    1             sender
[  5]   0.00-10.05  sec  1.15 MBytes   959 Kbits/sec                  receiver

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
6 years agoarm-trusted-firmware-sunxi: use release build and bump version
Zoltan HERPAI [Mon, 5 Feb 2018 11:50:52 +0000 (12:50 +0100)]
arm-trusted-firmware-sunxi: use release build and bump version

 - use release build instead of debug to reduce size
 - bump to use latest commit in allwinner tree

Tested on Pine64/1G.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
6 years agomt76: update to the latest version
Felix Fietkau [Thu, 25 Jan 2018 15:49:14 +0000 (16:49 +0100)]
mt76: update to the latest version

2b7fae4 mt76: fix returnvar.cocci warnings
939e3e0 mt76x2: dfs: avoid tasklet scheduling during mt76x2_dfs_init_params()
cf59170 mt76x2: dfs: add set_domain handler
5e4d60e mt76x2: dfs: take into account dfs region in mt76x2_dfs_init_params()
f76e25f mt76x2: fix WMM parameter configuration
34d612d mt76: retry rx polling as long as there is budget left
0f8327a mt76x2: fix TSF value in probe responses
ad3f8e9 mt76: add an intermediate struct for rx status information
58a41f1 mt76: get station pointer by wcid and pass it to mac80211
b0508d3 mt76: implement A-MPDU rx reordering in the driver code
cf3cfc4 mt76: split mt76_rx_complete
461cdf9 mt76: pass the per-vif wcid to the core for multicast rx
9b2c778 mt76: validate rx CCMP PN
302af90 mt76x2: init: disable all pending tasklets during device removal
9f685fe mt7603: init: disable tbtt tasklet during device removal
c6f8cac mt76: let mac80211 validate CCMP PN for fragmented frames
3968dae mt7603: fix 40 mhz channel bandwidth reporting
9c2e03d mt7603: fix rx LDPC reporting
f515dfc mt76: implement AP_LINK_PS
974142c mt76: implement processing of BlockAckReq frames
c5209db mt76: avoid re-queueing A-MPDU rx reorder work if no frames are pending
e67e7a5 mt76x2: do not set status->aggr for NULL data frames
8693864 mt76: check qos ack policy before reordering packets

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agokernel: fix forwarding locally generated packages in bridge isolation patch
Daniel Danzberger [Wed, 31 Jan 2018 13:46:08 +0000 (14:46 +0100)]
kernel: fix forwarding locally generated packages in bridge isolation patch

Locally generated packets weren't forwarded to the isolated interfaces in a
bridge. Isolation should only prevent the flooding of incomming packets to
other interfaces in the bridge.

Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoramips: use napi_alloc_frag and skb_free_frag
Felix Fietkau [Tue, 5 Dec 2017 15:40:42 +0000 (16:40 +0100)]
ramips: use napi_alloc_frag and skb_free_frag

Slightly improves rx performance

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoramips: improve NAPI polling to increase GRO batch size
Felix Fietkau [Tue, 5 Dec 2017 15:30:51 +0000 (16:30 +0100)]
ramips: improve NAPI polling to increase GRO batch size

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoar71xx: use global timestamp for hang check
Felix Fietkau [Tue, 5 Dec 2017 13:40:32 +0000 (14:40 +0100)]
ar71xx: use global timestamp for hang check

Shrink the size of struct ag71xx_buf to 8 bytes, which improves cache
footprint

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoar71xx: only access device stats in tx handler if packets were processed
Felix Fietkau [Tue, 5 Dec 2017 13:23:59 +0000 (14:23 +0100)]
ar71xx: only access device stats in tx handler if packets were processed

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoar71xx: allocate rx/tx descriptor/buffers in one chunk
Felix Fietkau [Tue, 5 Dec 2017 13:17:24 +0000 (14:17 +0100)]
ar71xx: allocate rx/tx descriptor/buffers in one chunk

Reduces false sharing due to cache aliases

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoag71xx: Reorder ag71xx struct members for better cache performance
Rosen Penev [Mon, 4 Dec 2017 19:40:23 +0000 (11:40 -0800)]
ag71xx: Reorder ag71xx struct members for better cache performance

Qualcomm claims this improves the D-cache footprint. Origina commit message below:

From: Ben Menchaca <ben.menchaca@qca.qualcomm.com>
Date: Fri, 7 Jun 2013 10:57:28 -0500
Subject: [ag71xx] cluster/align structs for cache perf

Cluster the frequently used, per-packet structures in ag71xx near
to each other, and cacheline-align them.  Some other re-ordering
occurred to move "warmer" structures near the per-packet structures.

Signed-off-by: Ben Menchaca <ben.menchaca@qca.qualcomm.com>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agobuild: replace uses of OpenWrt with $(VERSION_DIST)
Felix Fietkau [Wed, 8 Nov 2017 17:40:37 +0000 (18:40 +0100)]
build: replace uses of OpenWrt with $(VERSION_DIST)

This makes the distribution name more configurable.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agonghttp2: bump to 1.30.0
Hans Dedecker [Sun, 4 Feb 2018 20:17:02 +0000 (21:17 +0100)]
nghttp2: bump to 1.30.0

f0836c7e Update manual pages
25db178b Bump up version number to 1.30.0, LT revision to 29:2:15
1b6713e6 Update AUTHORS
c1a496cf nghttpx: Fix bug that h1 backend idle timeout expires sooner
e098a211 mruby: Fix bug that response header is unexpectedly overwritten
0ba4bf51 Merge pull request #1120 from dylanplecki/issue-1119-mruby-header-overwrite
6deee203 Fix #1119: Stop overwrite of first header on mruby call to env.req.set_header(..)
6761a933 Merge pull request #1105 from nghttp2/nghttpx-upgrade-scheme
5cc3d159 nghttpx: Add upgrade-scheme parameter to backend option
652f57e7 Merge pull request #1104 from nghttp2/allow-ping-after-goaway
acd6b40e Allow PING frame to be sent after GOAWAY
0fbb46ed Merge pull request #1101 from nghttp2/remember-pushed-links
6ad629de Merge pull request #1102 from nghttp2/fix-missing-alpn-validation
74754982 nghttpx: Fix missing ALPN validation (--npn-list)
a31a2e3b nghttpx: Remember which resource is pushed
a776b0db Merge pull request #1092 from nghttp2/define-103
cfd926f0 src: Define 103 status code
72f52716 Bump up version number to 1.30.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agowireguard: bump to 20180202
Kevin Darbyshire-Bryant [Sat, 3 Feb 2018 11:08:27 +0000 (11:08 +0000)]
wireguard: bump to 20180202

Bump to latest wireguard release snapshot:

2675814 version: bump snapshot
381d703 qemu: update base versions
c3fbd9d curve25519: break more things with more test cases
93fa0d9 curve25519: replace fiat64 with faster hacl64
6177bdd curve25519: replace hacl64 with fiat64
b9bf37d curve25519: verify that specialized basepoint implementations are correct
bd3f0d8 tools: dedup secret normalization
1f87434 chacha20poly1305: better buffer alignment
78959ed chacha20poly1305: use existing rol32 function
494cdea tools: fread doesn't change errno
ab89bdc device: let udev know what kind of device we are
62e8720 qemu: disable AVX-512 in userland
6342bf7 qemu: disable PIE for compilation
e23e451 contrib: keygen-html: share curve25519 implementation with kernel
6b28fa6 tools: share curve25519 implementations with kernel
c80cbfa poly1305: add poly-specific self-tests
10a2edf curve25519-fiat32: uninline certain functions

No patch refresh required.

Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agoar71xx: /lib/ar71xx.sh: add model detection for TP-Link TL-WR810N
Matthias Schiffer [Sat, 3 Feb 2018 13:12:05 +0000 (14:12 +0100)]
ar71xx: /lib/ar71xx.sh: add model detection for TP-Link TL-WR810N

Properly report the revision in /tmp/sysinfo/model.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agoimagebuilder: fix reference to removed VERSION_SED variable
Jo-Philipp Wich [Fri, 2 Feb 2018 13:39:23 +0000 (14:39 +0100)]
imagebuilder: fix reference to removed VERSION_SED variable

Fixes: ff8e9a4ecb ("treewide: combine VERSION_SED and VERSION_SED_SCRIPT")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agofirewall: depend on kmod-nf-conntrack6
Matthias Schiffer [Fri, 2 Feb 2018 12:57:05 +0000 (13:57 +0100)]
firewall: depend on kmod-nf-conntrack6

Firewall rules don't work as intended without conntrack support. The recent
cleanup removed the kmod-nf-conntrack6 dependency from the iptables
modules; add it to the firewall package instead.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agotreewide: combine VERSION_SED and VERSION_SED_SCRIPT
Philip Prindeville [Thu, 25 Jan 2018 00:33:21 +0000 (17:33 -0700)]
treewide: combine VERSION_SED and VERSION_SED_SCRIPT

We don't need two versions of this.  The escaping quotes
is so that the sed commands aren't misinterpreted by shell;
it has nothing to do with the contents of the file, thus
one version is adequate.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
6 years agoversion.mk: escape values used in VERSION_SED macro
Philip Prindeville [Wed, 24 Jan 2018 23:52:53 +0000 (16:52 -0700)]
version.mk: escape values used in VERSION_SED macro

In addition to backslash and ampersand needing to be escaped for
simple sed RHS strings, we also need to escape comma since we're
using that as our s/// delimiter.

Pass everything through a macro filter to sanitize it.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
6 years agobuild: bundle-libraries.sh: patch bundled ld.so
Jo-Philipp Wich [Thu, 25 Jan 2018 16:12:29 +0000 (17:12 +0100)]
build: bundle-libraries.sh: patch bundled ld.so

Remove references to /etc/, /lib/ and /usr/ from the bundled ld.so
interpreter using simple binary patching.

This is needed to prevent loading host system libraries such as
libnss_compat.so.2 on foreign systems, which may result in ld.so
inconsistency assertions.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agoleds: correct ledtrig-heartbeat Kconfig description
Hans Dedecker [Fri, 2 Feb 2018 11:00:45 +0000 (12:00 +0100)]
leds: correct ledtrig-heartbeat Kconfig description

Fix ledtrig-heartbeat Kconfig description

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agonetifd: add defaultreqopts config option
Hans Dedecker [Thu, 1 Feb 2018 14:12:58 +0000 (15:12 +0100)]
netifd: add defaultreqopts config option

By default udhcpc asks for a default list of options; the config option
defaultreqopts allows to tweak this behavior.
When set to 0 udhcpc will not ask for any options except for the options
specified in the reqopts config option.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoodhcp6c: add defaultreqopts config option
Hans Dedecker [Wed, 31 Jan 2018 11:58:53 +0000 (12:58 +0100)]
odhcp6c: add defaultreqopts config option

By default odhcp6c asks for a default list of options; the config option
defaultreqopts allows to tweak this behavior.
When set to 0 odhcp6c will not ask for any options except for the options
specified in the reqopts config option.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoar71xx-generic: enable ATH79_MACH_TL_WR841N_V8 machine
Matthias Schiffer [Wed, 31 Jan 2018 20:18:16 +0000 (21:18 +0100)]
ar71xx-generic: enable ATH79_MACH_TL_WR841N_V8 machine

This machfile also contains the code for the TL-WR842N/ND v2, which is in
ar71xx-generic and not in ar71xx-tiny.

Fixes: 0cd5e85e7a "ar71xx: create new ar71xx/tiny subtarget for 4MB flash
devices"
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agonetfilter: add missing dependency to kmod-ipt-tproxy
Matthias Schiffer [Wed, 31 Jan 2018 13:43:12 +0000 (14:43 +0100)]
netfilter: add missing dependency to kmod-ipt-tproxy

Fixes: e7e025426a "netfilter: clean up dependencies of kernel modules"
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agomac80211: replace revert for 11s compatiblity with upstream fix
Matthias Schiffer [Wed, 31 Jan 2018 12:42:23 +0000 (13:42 +0100)]
mac80211: replace revert for 11s compatiblity with upstream fix

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agonetfilter: add packages for arp and bridge tables of nftables
Matthias Schiffer [Thu, 25 Jan 2018 18:31:40 +0000 (19:31 +0100)]
netfilter: add packages for arp and bridge tables of nftables

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agonftables: remove dependency on kmod-nf-nat
Matthias Schiffer [Thu, 25 Jan 2018 17:11:37 +0000 (18:11 +0100)]
nftables: remove dependency on kmod-nf-nat

For minimal firewall setups, NAT support may be unnecessary.

It would be possible to further reduce the minimum number of installed
modules, e.g. by separating IPv4 and IPv6 support or moving conntrack
support into a separate kmod package. We go with a more complete
kmod-nft-core for now, until a concrete usecase for smaller packages
arises.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agonetfilter: clean up dependencies of kernel modules
Matthias Schiffer [Thu, 25 Jan 2018 17:05:12 +0000 (18:05 +0100)]
netfilter: clean up dependencies of kernel modules

The nf_reject_ipv4 and nf_reject_ipv6 modules are moved into separate
packages, as they are a common dependency of ip(6)tables and nftables. This
avoids a dependency of nftables on kmod-nf-ipt(6). Also, fewer iptables
modules depend on nf-conntrack(6) now.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agoscripts/qemustart: more portable array operation
Yousong Zhou [Thu, 11 May 2017 06:29:52 +0000 (14:29 +0800)]
scripts/qemustart: more portable array operation

The following commands output 1,2,1,1

    cmd0='a=("${a[@]}" 'a'); echo "${#a}"'
    cmd1='a+=('a'); echo "${#a}"'
    bash -c "$cmd0"; zsh -c "$cmd0"
    bash -c "$cmd1"; zsh -c "$cmd1"

The following outputs 0,1,0,0

    cmd2='f() { echo "$#"; }; f "${a[@]}"'
    cmd3="a=(); $cmd2"
    bash -c "$cmd2"; zsh -c "$cmd2"
    bash -c "$cmd3"; zsh -c "$cmd3"

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agoopenssl: remove call to now absent clean-staging make target
Yousong Zhou [Tue, 30 Jan 2018 06:34:59 +0000 (14:34 +0800)]
openssl: remove call to now absent clean-staging make target

It's not needed now since commit a621b8c ("include: clean package
staging dir files before configure")

Fixes FS#1309

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agokernel: add test MTD driver package
Hans Dedecker [Thu, 25 Jan 2018 10:46:44 +0000 (11:46 +0100)]
kernel: add test MTD driver package

Allows to test MTD driver using RAM

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agonetdevices.mk: add missing dependency to kmod-hwmon-core
Hauke Mehrtens [Sat, 27 Jan 2018 23:24:24 +0000 (00:24 +0100)]
netdevices.mk: add missing dependency to kmod-hwmon-core

The IGB and IXGBE drivers depend on kmod-hwmon core now.

Fixes: af707a178fa5 ("netdevices.mk: add hwmon to IGB and IXGBE drivers")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agonetdevices.mk: add hwmon to IGB and IXGBE drivers
Philip Prindeville [Wed, 24 Jan 2018 02:00:11 +0000 (19:00 -0700)]
netdevices.mk: add hwmon to IGB and IXGBE drivers

Off-chip NICs can run hotter than the CPU, so they're definitely
worth instrumenting.

Adding hardware monitoring increases by ~3744 and ~2672 bytes,
respectively, the sizes of the igb.ko and ixgbe.ko drivers.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
6 years agolantiq: ase: turn off fpu emulator in default build
Yousong Zhou [Mon, 29 Jan 2018 07:07:51 +0000 (15:07 +0800)]
lantiq: ase: turn off fpu emulator in default build

It was only enabled when the target was added back in commit 9b321bc
("lantiq: add Amazon-SE subtarget")

Leave pistachio alone as devices of this target are not likely have
small_flash or low_mem constraint

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agobuild: add config option KERNEL_MIPS_FPU_EMULATOR
Yousong Zhou [Mon, 29 Jan 2018 01:40:52 +0000 (09:40 +0800)]
build: add config option KERNEL_MIPS_FPU_EMULATOR

To make it more accessible for nodejs users to configure and run a build
on mips target lacking hardware fpu

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agocurl: bump to 7.58.0
Hans Dedecker [Fri, 26 Jan 2018 20:17:46 +0000 (21:17 +0100)]
curl: bump to 7.58.0

a0b5e8944 progress-bar: get screen width on windows
65ceb20df test1454: --connect-to with IPv6 address w/o IPv6 support!
eb6e3c4f6 CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support
96186de1f docs: fix man page syntax to make test 1140 OK again
af32cd385 http: prevent custom Authorization headers in redirects
993dd5651 curl: progress bar refresh, get width using ioctl()
9d82cde7b RELEASE-NOTES: synced with bb0ffcc36
bb0ffcc36 libcurl-env.3: first take
ec122c4c8 TODO: two possible name resolver improvements
a5e6d6ebc http2: don't close connection when single transfer is stopped
87ddeee59 test558: fix for multissl builds
da07dbb86 examples/url2file.c: add missing curl_global_cleanup() call
ddafd45af SSH: Fix state machine for ssh-agent authentication
9e4ad1e2a openssl: fix potential memory leak in SSLKEYLOGFILE logic
ca9c93e3e openssl: fix the libressl build again
2c0c4dff0 unit1307: test many wildcards too
2a1b2b4ef curl_fnmatch: only allow 5 '*' sections in a single pattern
cb5accab9 ftp-wildcard: fix matching an empty string with "*[^a]"
25c40c9af SMB: fix numeric constant suffix and variable types
945df7410 CURLOPT_TCP_NODELAY.3: fix typo
8dd4edeb9 smtp/pop3/imap_get_message: decrease the data length too...
84fcaa2e7 openssl: enable SSLKEYLOGFILE support by default
e44ddfd47 mime: clone mime tree upon easy handle duplication.
2c821bba8 docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
a06311be2 test395: HTTP with overflow Content-Length value
67595e7d2 test394: verify abort of rubbish in Content-Length: value
ac17d7947 test393: verify --max-filesize with excessive Content-Length
f68e67271 HTTP: bail out on negative Content-Length: values
0616dfa1e configure.ac: append extra linker flags instead of prepending them.
650b9c1d6 RELEASE-NOTES: synced with 6fa10c8fa
6fa10c8fa setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
3b548ffde setopt: reintroduce non-static Curl_vsetopt() for OS400 support
fa3dbb9a1 http2: fix incorrect trailer buffer size
2a6dbb815 easy: fix connection ownership in curl_easy_pause
89f680473 system.h: Additionally check __LONG_MAX__ for defining curl_off_t
14d07be37 COPYING: it's 2018!
a8ce5efba progress: calculate transfer speed on milliseconds if possible
d4e40f069 scripts: allow all perl scripts to be run directly
e4f86025d mail-rcpt.d: fix short-text description
908a9a674 build: remove HAVE_LIMITS_H check
129390a51 openssl: fix memory leak of SSLKEYLOGFILE filename
272613df0 Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX"
481539e90 test1554: improve the error handling
593dcc553 test1554: add global initialization and cleanup
dc831260b curl_version_info.3: call the argument 'age'
58d7cd28a brotli: data at the end of content can be lost
a0f3eaf25 examples/cacertinmem: ignore cert-already-exists error
859ac3602 tool_getparam: Support size modifiers for --max-filesize
b399b0490 build: Fixed incorrect script termination from commit ad1dc10e61
a9b774a77 Makefile.vc: Added our standard copyright header
22fddb85a winbuild: Added support for VC15
ad1dc10e6 build: Added Visual Studio 2017 project files
d409640d6 build-wolfssl.bat: Added support for VC15
a4e88317d build-openssl.bat: Added support for VC15
c97648b55 curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX
b43755789 examples/rtsp: fix error handling macros
f009bbe1f curl_easy_reset: release mime-related data.
4acc9d3d1 content_encoding: rework zlib_inflate
e639d4ca4 brotli: allow compiling with version 0.6.0.
9c6a6be88 CURLOPT_READFUNCTION.3: refer to argument with correct name
02f207a76 rand: add a clang-analyzer work-around
13ce373a5 krb5: fix a potential access of uninitialized memory
41982b6ac conncache: fix a return code [regression]
5d0ba70e1 curl: support >256 bytes warning messsages
188a43a8f libssh: fix a syntax error in configure.ac
7ef0c2d86 examples/smtp-mail.c: use separate defines for options and mail
621b24505 THANKS: added missing names
cc0cca1ba mailmap: added/clarified several names
9d7a59c8f setopt: less *or equal* than INT_MAX/1000 should be fine
2437dbbf1 vtls: replaced getenv() with curl_getenv()
ef5633d4b RELEASE-NOTES: synced with 3b9ea70ee
3b9ea70ee TODO: Expose tried IP addresses that failed
48c184a60 curl.1: mention http:// and https:// as valid proxy prefixes
76db03dd9 curl.1: documented two missing valid exit codes
63e58b8b4 CURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-reference
671f0b506 Revert "curl: don't set CURLOPT_INTERLEAVEDATA"
4b6f3cff7 tests: mark data files as non-executable in git
98c572ed3 tests: update .gitignore for libtests
e959f16c5 multi_done: prune DNS cache
06a0a26fb mailmap: fixup two old git Author "aliases"
7ab4e7adb openssl: Disable file buffering for Win32 SSLKEYLOGFILE
b1b94305d RESOLVE: output verbose text when trying to set a duplicate name
bbea75ad6 CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE
a4a56ec93 sftp: allow quoted commands to use relative paths
9fb5a943f CURLOPT_PRIVATE.3: fix grammar
179ee78e8 curl: remove __EMX__ #ifdefs
9dfb19483 openssl: improve data-pending check for https proxy
9ffad8eb1 curl: don't set CURLOPT_INTERLEAVEDATA
912324024 curl.h: remove incorrect comment about ERRORBUFFER
ebaab4d17 configure: add AX_CODE_COVERAGE only if using gcc
b5881d1fb curl: limit -# update frequency for unknown total size
546e7db78 BINDINGS: another PostgreSQL client
55e609890 CONNECT: keep close connection flag in http_connect_state struct
c103cac3c include: get netinet/in.h before linux/tcp.h
00cda0f9b openldap: fix checksrc nits
ff07f07cc openldap: add commented out debug possibilities
bb0ca2d44 examples: move threaded-shared-conn.c to the "complicated" ones
4fb85b87b RELEASE-NOTES: synced with b261c44e8
b261c44e8 URL: tolerate backslash after drive letter for FILE:
24dcd7466 tests: added netinet/in6.h includes in test servers
76ebd5417 configure: check for netinet/in6.h
0c65678e7 curl-config: add --ssl-backends
ea3a5d07d conncache: only allow multiplexing within same multi handle
415b8dff8 threaded-shared-conn.c: fixed typo in commenta
5254d8bf2 threaded-shared-conn.c: new example
07cb27c98 conncache: fix several lock issues
85f0133ea libssh: remove dead code in sftp_qoute
615edc1f7 sasl_getmesssage: make sure we have a long enough string to pass
440140946 libssh2: remove dead code from SSH_SFTP_QUOTE
6401ddad4 ssh-libssh.c: please checksrc
918530752 libssh: fixed dereference in statvfs access
8dad32bcf RESOURCES: update spec names
a08f5a77c libssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFS
8843c0939 libssh: no need to call sftp_get_error as ssh_get_error is sufficient
3cef6f22e libssh: fix minor static code analyzer nits
10bb0b471 openssl: pkcs12 is supported by boringssl
8eff32f0b travis: use pip2 instead of pip
b7f534597 lib582: do not verify host for SFTP
a2f396680 libssh: added SFTP support
c75c9d4fb symbols-in-versions: added new symbols with 7.56.3 version
05675ab5a .travis.yml: added build --with-libssh
38aef6dc4 libssh2: return CURLE_UPLOAD_FAILED on failure to upload
75427291e libssh2: send the correct CURLE error code on scp file not found
c92d2e14c Added support for libssh SSH SCP back-end
3973ee6a6 RELEASE-NOTES: synced with af8cc7a69
af8cc7a69 curlver: towards 7.57.1
4b4142491 lib: don't export all symbols, just everything curl_*
9194a9959 SSL: Avoid magic allocation of SSL backend specific data
744ee5838 examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL
270494e1a travis: add boringssl build

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoRevert "netdevices.mk: add hwmon to IGB and IXGBE drivers"
John Crispin [Sun, 28 Jan 2018 07:53:50 +0000 (08:53 +0100)]
Revert "netdevices.mk: add hwmon to IGB and IXGBE drivers"

This reverts commit af707a178fa5f23dcf149da3e545958c0085500a.

Signed-off-by: John Crispin <john@phrozen.org>
6 years agoRevert "netdevices.mk: add missing dependency to kmod-hwmon-core"
John Crispin [Sun, 28 Jan 2018 07:51:11 +0000 (08:51 +0100)]
Revert "netdevices.mk: add missing dependency to kmod-hwmon-core"

This reverts commit 53f62bc5e5c36c1a08e162d8b26de7d831fc36e5.

commit made the builders fail with
"Package kmod-igb is missing dependencies for the following libraries: hwmon.ko"

Signed-off-by: John Crispin <john@phrozen.org>
6 years agoprocd: fix procd_lock() when prepare_roofs
Yousong Zhou [Sun, 28 Jan 2018 01:43:30 +0000 (09:43 +0800)]
procd: fix procd_lock() when prepare_roofs

This fixes the following errors when doing "make package/install"

    /home/yousong/git-repo/lede-project/lede/build_dir/target-mips_24kc_musl/root-malta/lib/functions/procd.sh: line 47: /home/yousong/git-repo/l
    ede-project/lede/build_dir/target-mips_24kc_musl/root-malta/var/lock/procd_urandom_seed.lock: No such file or directory
    flock: 1000: Bad file descriptor

Fixes FS#1260

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agonetdevices.mk: add missing dependency to kmod-hwmon-core
Hauke Mehrtens [Sat, 27 Jan 2018 23:24:24 +0000 (00:24 +0100)]
netdevices.mk: add missing dependency to kmod-hwmon-core

The IGB and IXGBE drivers depend on kmod-hwmon core now.

Fixes: af707a178fa5 ("netdevices.mk: add hwmon to IGB and IXGBE drivers")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agobinutils: assertion failure bfd/elfxx-mips.c:3860
Hauke Mehrtens [Sat, 27 Jan 2018 21:51:59 +0000 (22:51 +0100)]
binutils: assertion failure bfd/elfxx-mips.c:3860

With forced PIE and SSP support I ran into this assertion failure.
backport two patches to fix this problem from the binutils 2.28 branch.
This fix is already included in binutils 2.28.1 and 2.29.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agotoolchain: gcc: update 7.x to 7.3.0
Hauke Mehrtens [Sat, 27 Jan 2018 13:28:46 +0000 (14:28 +0100)]
toolchain: gcc: update 7.x to 7.3.0

This version still generates broken code in our setup for MIPS.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agobuild: cleanup SSP_SUPPORT configure option
Julien Dusser [Sun, 7 Jan 2018 17:47:21 +0000 (18:47 +0100)]
build: cleanup SSP_SUPPORT configure option

Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh,
avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain
and depends it means 'build gcc with libssp'.

Musl no longer uses libssp (1877bc9d8f), it has internal support, so
SSP_SUPPORT was disabled leading some package to not use SSP.

No information why Glibc and uClibc use libssp, but they may also provide
their own SSP support. uClibc used it own with commit 933b588e25 but it was
reverted in f3cacb9e84 without details.

Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT
if either USE_MUSL or GCC_LIBSSP.

Signed-off-by: Julien Dusser <julien.dusser@free.fr>
6 years agotoolchain: add gcc configure default PIE and SSP
Julien Dusser [Sun, 7 Jan 2018 16:41:35 +0000 (17:41 +0100)]
toolchain: add gcc configure default PIE and SSP

GCC supports starting version 5 --enable-default-ssp and starting version 6
--enable-default-pie.

It produces hardened binaries by default without dealing with package
compilation flags.

Signed-off-by: Julien Dusser <julien.dusser@free.fr>
6 years agobuild: add hardened builds with PIE (ASLR) support
Julien Dusser [Mon, 8 Jan 2018 22:47:06 +0000 (23:47 +0100)]
build: add hardened builds with PIE (ASLR) support

Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.

Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.

Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.

If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.

Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
6 years agokernel-headers: adjust PKG_ variables when using git clone method
Alexandru Ardelean [Wed, 17 Jan 2018 10:55:15 +0000 (12:55 +0200)]
kernel-headers: adjust PKG_ variables when using git clone method

When using an external git clone for the kernel repo,
the build would fail because the build won't download
[via git] the kernel tarball.

This is because the `toolchain/kernel-headers` assumes
that the kernel would get downloaded via normal HTTP.
The reason for this is the `HostBuild` rule, which
calls the `Download/default` rule.

To use the `Download/default` we just need to conditionally
adjust some PKG_ vars.

We can safely use `LINUX_VERSION` as it was already adjusted
in the `kernel-version.mk` to avoid collisions with other tarballs.

Fixes:
 https://bugs.openwrt.org/index.php?do=details&task_id=503

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
6 years agokernel.mk: update LINUX_VERSION filename for cloned repo
Alexandru Ardelean [Mon, 15 Jan 2018 14:50:38 +0000 (16:50 +0200)]
kernel.mk: update LINUX_VERSION filename for cloned repo

In case there is an external git repo specified,
it could overwrite the kernel tarball that was
downloaded from kernel.org.

The only identifier for such a file is the
KERNEL_GIT_CLONE_URI & KERNEL_GIT_REF symbols,
so if we have to download it we'll use that
information [after some sanitization]
to create a different filename for the kernel tarball.

If KERNEL_GIT_REF symbol is empty, HEAD will be used
as mentioned in the description of KERNEL_GIT_REF.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
6 years agoConfig-devel.in: rename symbol KERNEL_GIT_BRANCH -> KERNEL_GIT_REF
Alexandru Ardelean [Wed, 17 Jan 2018 12:05:57 +0000 (14:05 +0200)]
Config-devel.in: rename symbol KERNEL_GIT_BRANCH -> KERNEL_GIT_REF

The Download/git rule will do a `git checkout <git-ref>`.
So, we can use any ref we want.

No need to limit just to branches.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
6 years agohostapd: add support for hostapd's radius_client_addr
Stephan Brunner [Fri, 19 Jan 2018 13:03:46 +0000 (14:03 +0100)]
hostapd: add support for hostapd's radius_client_addr

Add support for hostapd's radius_client_addr in order to
force hostapd to send RADIUS packets from the correct source
interface rather than letting linux select the most appropriate.

Signed-off-by: Stephan Brunner <s.brunner@stephan-brunner.net>
6 years agoperf: use libunwind
Maxim Gorbachyov [Fri, 12 Jan 2018 17:54:41 +0000 (20:54 +0300)]
perf: use libunwind

Without libunwind perf does not show userspace stack frames.
Tested on mvebu.

Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
6 years agolibunwind: enable build for arm
Maxim Gorbachyov [Fri, 12 Jan 2018 17:42:20 +0000 (20:42 +0300)]
libunwind: enable build for arm

Tested with perf on mvebu.

Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
6 years agonetdevices.mk: add hwmon to IGB and IXGBE drivers
Philip Prindeville [Wed, 24 Jan 2018 02:00:11 +0000 (19:00 -0700)]
netdevices.mk: add hwmon to IGB and IXGBE drivers

Off-chip NICs can run hotter than the CPU, so they're definitely
worth instrumenting.

Adding hardware monitoring increases by ~3744 and ~2672 bytes,
respectively, the sizes of the igb.ko and ixgbe.ko drivers.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
6 years agokernel/modules/other: disable Nokia BT UART
Tim Harvey [Tue, 23 Jan 2018 22:31:09 +0000 (14:31 -0800)]
kernel/modules/other: disable Nokia BT UART

disable the Nokia BT UART present on Nikia N9, N900 & N950 added in 4.12.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
6 years agotoolchain/arc: update to the most recent release arc-2017.09
Evgeniy Didin [Wed, 24 Jan 2018 17:26:03 +0000 (20:26 +0300)]
toolchain/arc: update to the most recent release arc-2017.09

This commit finally bumps ARC tools to the most recent arc-2017.09 release version.

ARC GNU tools of version arc-2017.09 bring some quite significant changes like:
 * Binutils v2.29 with additional ARC patches
 * GCC 7.1.1 with additional ARC patches

More information on this release could be found here:
  https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/releases/tag/arc-2017.09-release

Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
CC: Alexey Brodkin <abrodkin@synopsys.com>
CC: John Crispin <john@phrozen.org>
6 years agouClibc-ng: update to 1.0.28
Evgeniy Didin [Wed, 24 Jan 2018 17:26:02 +0000 (20:26 +0300)]
uClibc-ng: update to 1.0.28

Lets update uClibc-ng to 1.0.28 version for compatibility with gcc 7.x.

Since 1.0.22 there were significant patches for compatibility with gcc 7.x:
 https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=5b0f49037e8ea8500b05c8f31ee88529ccac4cee
 https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=cee0b058fa0b4501b289a2da365182d60314d746

Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
CC: Alexey Brodkin <abrodkin@synopsys.com>
CC: John Crispin <john@phrozen.org>
6 years agomac80211: revert "wireless: set correct mandatory rate flags"
Matthias Schiffer [Fri, 26 Jan 2018 22:24:59 +0000 (23:24 +0100)]
mac80211: revert "wireless: set correct mandatory rate flags"

Revert upstream commit 1bd773c077de "wireless: set correct mandatory rate
flags", as it breaks 11s interoperability: nodes can only associate when
neither or both have this patch. As this is a regression from released
versions, revert to the old code for now.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agorules.mk: drop `include_mk` build rule
Alexandru Ardelean [Wed, 24 Jan 2018 10:56:39 +0000 (12:56 +0200)]
rules.mk: drop `include_mk` build rule

The only users of this were the python packages
from the `packages` feed.
The 2 python interpreters would export some mk
files (e.g. python-package.mk) and then other
python packages would include it via this rule.

But there's a few things wrong with this approach,
most of them drawing from the fact that python host
needs to be built first, to export these mk files.

By now all uses of include_mk have been corrected
in the feeds and this can be removed.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
6 years agoopenssl: tell the build system that we are doing CROSS_COMPILE
Yousong Zhou [Fri, 26 Jan 2018 10:13:21 +0000 (18:13 +0800)]
openssl: tell the build system that we are doing CROSS_COMPILE

So that it will not try to run c_rehash with the just built binaries on
certs/demo.

Fixes openwrt/packages#5432

Reported-by: Val Kulkov <val.kulkov@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agoiptables: make kmod-ipt-debug part of default ALL build
Yousong Zhou [Fri, 26 Jan 2018 06:40:25 +0000 (14:40 +0800)]
iptables: make kmod-ipt-debug part of default ALL build

The iptables TRACE target is only available in raw table that's why the
dependency was moved from iptables-mod-trace into kmod-ipt-debug

Fixes FS#1219

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agobuild: disable BUILD_PATENTED by default
Yousong Zhou [Thu, 25 Jan 2018 01:40:33 +0000 (09:40 +0800)]
build: disable BUILD_PATENTED by default

This is mainly for legal considerations and not promoting the usage of
and no redistribution of binaries of patented technologies seems to be
also the established practice in other linux distros.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agowireguard: bump to 20180118
Kevin Darbyshire-Bryant [Thu, 25 Jan 2018 17:20:51 +0000 (17:20 +0000)]
wireguard: bump to 20180118

Bump to latest wireguard release snapshot:

9a93a3d version: bump snapshot
7bc0579 contrib: keygen-html: update curve25519 implementation
ffc13a3 tools: import new curve25519 implementations
0ae7356 curve25519: wire up new impls and remove donna
f90e36b curve25519: resolve symbol clash between fe types
505bc05 curve25519: import 64-bit hacl-star implementation
8c02050 curve25519: import 32-bit fiat-crypto implementation
96157fd curve25519: modularize implementation
4830fc7 poly1305: remove indirect calls
bfd1a5e tools: plug memleak in config error path
09bf49b external-tests: add python implementation
b4d5801 wg-quick: ifnames have max len of 15
6fcd86c socket: check for null socket before fishing out sport
ddb8270 global: year bump
399d766 receive: treat packet checking as irrelevant for timers

No patch refresh required.

Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agoRevert "mt76: update to the latest version"
Felix Fietkau [Thu, 25 Jan 2018 20:18:57 +0000 (21:18 +0100)]
Revert "mt76: update to the latest version"

This reverts commit 99eb128acaf76a69119fd2de8e194f2b2bbb0427.
Connectivity issues reported by users, needs rework

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agomt76: update to the latest version
Felix Fietkau [Thu, 25 Jan 2018 15:49:14 +0000 (16:49 +0100)]
mt76: update to the latest version

2b7fae4 mt76: fix returnvar.cocci warnings
939e3e0 mt76x2: dfs: avoid tasklet scheduling during mt76x2_dfs_init_params()
cf59170 mt76x2: dfs: add set_domain handler
5e4d60e mt76x2: dfs: take into account dfs region in mt76x2_dfs_init_params()
f76e25f mt76x2: fix WMM parameter configuration
34d612d mt76: retry rx polling as long as there is budget left
0f8327a mt76x2: fix TSF value in probe responses
ad3f8e9 mt76: add an intermediate struct for rx status information
58a41f1 mt76: get station pointer by wcid and pass it to mac80211
b0508d3 mt76: implement A-MPDU rx reordering in the driver code
cf3cfc4 mt76: split mt76_rx_complete
461cdf9 mt76: pass the per-vif wcid to the core for multicast rx
9b2c778 mt76: validate rx CCMP PN
302af90 mt76x2: init: disable all pending tasklets during device removal
9f685fe mt7603: init: disable tbtt tasklet during device removal
c6f8cac mt76: let mac80211 validate CCMP PN for fragmented frames
3968dae mt7603: fix 40 mhz channel bandwidth reporting
9c2e03d mt7603: fix rx LDPC reporting

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoar71xx: add ew-balin platform from Embedded Wireless
Catrinel Catrinescu [Mon, 15 Jan 2018 15:45:16 +0000 (16:45 +0100)]
ar71xx: add ew-balin platform from Embedded Wireless

Add the Embedded Wireless "Balin" platform
 SoC: QCA AR9344 or AR9350
 RAM: DDR2-RAM 64MBytes
 Flash: SPI-NOR 16MBytes
 WLAN: 2 x 2 MIMO 2.4 & 5 GHz IEEE802.11 a/b/g/n
 Ethernet: 3 x 10/100 Mb/s
 USB: 1 x USB2.0 Host/Device bootstrap-pin at power-up
 PCI-Express: 1 x lane PCIe 1.2
 UART: 1 x Normal, 1 x High-Speed
 JTAG: 1 x EJTAG
 GPIO: 10 x Input/Output multiplexed

The module comes already with the current vanilla OpenWrt firmware.
To update, use "sysupgrade" image directly in vendor firmware.

Signed-off-by: Catrinel Catrinescu <cc@80211.de>
6 years agoar71xx: add unaligned access hacks for VXLAN
Matthias Schiffer [Tue, 23 Jan 2018 19:52:45 +0000 (20:52 +0100)]
ar71xx: add unaligned access hacks for VXLAN

Gives a ~5% performance gain.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agomusl: move BUILD_DIR_TOOLCHAIN/musl symlink to configure step
Felix Fietkau [Wed, 24 Jan 2018 15:46:22 +0000 (16:46 +0100)]
musl: move BUILD_DIR_TOOLCHAIN/musl symlink to configure step

Avoids Build/Prepare quilt related hacks

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agomusl: allow autorebuild
Felix Fietkau [Wed, 24 Jan 2018 15:43:28 +0000 (16:43 +0100)]
musl: allow autorebuild

Autorebuild is disabled for the toolchain to avoid build-order issues.
However, rebuilding musl is safe, so exclude it from that restriction.
Avoids the need for manual cleaning on kernel header <-> libc API
changes like the ones introduced recently

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agomac80211: mesh: drop frames appearing to be from us
Felix Fietkau [Fri, 19 Jan 2018 17:34:10 +0000 (18:34 +0100)]
mac80211: mesh: drop frames appearing to be from us

Upstream backport to fix issues arising from devices with duplicate MAC
addresses

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoramips: add support for Widora Neo 32MB flash revision
Jackson Ming Hu [Mon, 8 Jan 2018 05:27:28 +0000 (13:27 +0800)]
ramips: add support for Widora Neo 32MB flash revision

Widora has updated their Widora Neo board recently.

The new model uses 32MB WSON-8 factor SPI flash
instead of the original 16MB SOP-8 factor SPI flash.

All the other hardware components are the same as
the first revision.

Detailed hardware specs listed below:

CPU: MTK MT7688AN
RAM: 128MB DDR2
ROM: 32MB WSON-8 factor SPI Flash (Winbond)
WiFi: Built-in 802.11n 150Mbps?
Ethernet: 10/100Mbps x1
Audio codec: WM8960
Other IO: USB OTG;
  USB Power+Serial (CP2104);
  3x LEDs (Power, LAN, WiFi);
  2x Keys (WPS, CPU Reset)
  1x Audio In/Out
  1x IPEX antenna port
  1x Micro SD slot

Signed-off-by: Jackson Ming Hu <huming2207@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoramips: add flash size postfix to Widora neo
Mathias Kresin [Wed, 17 Jan 2018 07:14:41 +0000 (08:14 +0100)]
ramips: add flash size postfix to Widora neo

Rename the Widora neo by adding a flash size prefix. Move the common parts
into a dtsi to be prepare everything for upcomming support of the 32MB
version.

Migrate the Widora neo to the generic board detection as well.

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agokernel: generic: add 4.9 config option
Hans Dedecker [Tue, 23 Jan 2018 20:58:10 +0000 (21:58 +0100)]
kernel: generic: add 4.9 config option

When CGROUPS is enabled the new option CONFIG_CGROUP_NET_CLASSID is
selectable and not handled.
Add this option to the 4.9 kernel configuration.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agovxlan: add options to enable and disable UDP checksums
Matthias Schiffer [Wed, 24 Jan 2018 12:51:45 +0000 (13:51 +0100)]
vxlan: add options to enable and disable UDP checksums

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>