openwrt/staging/nbd.git
6 years agonetdevices.mk: add missing dependency to kmod-hwmon-core
Hauke Mehrtens [Sat, 27 Jan 2018 23:24:24 +0000 (00:24 +0100)]
netdevices.mk: add missing dependency to kmod-hwmon-core

The IGB and IXGBE drivers depend on kmod-hwmon core now.

Fixes: af707a178fa5 ("netdevices.mk: add hwmon to IGB and IXGBE drivers")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agonetdevices.mk: add hwmon to IGB and IXGBE drivers
Philip Prindeville [Wed, 24 Jan 2018 02:00:11 +0000 (19:00 -0700)]
netdevices.mk: add hwmon to IGB and IXGBE drivers

Off-chip NICs can run hotter than the CPU, so they're definitely
worth instrumenting.

Adding hardware monitoring increases by ~3744 and ~2672 bytes,
respectively, the sizes of the igb.ko and ixgbe.ko drivers.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
6 years agolantiq: ase: turn off fpu emulator in default build
Yousong Zhou [Mon, 29 Jan 2018 07:07:51 +0000 (15:07 +0800)]
lantiq: ase: turn off fpu emulator in default build

It was only enabled when the target was added back in commit 9b321bc
("lantiq: add Amazon-SE subtarget")

Leave pistachio alone as devices of this target are not likely have
small_flash or low_mem constraint

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agobuild: add config option KERNEL_MIPS_FPU_EMULATOR
Yousong Zhou [Mon, 29 Jan 2018 01:40:52 +0000 (09:40 +0800)]
build: add config option KERNEL_MIPS_FPU_EMULATOR

To make it more accessible for nodejs users to configure and run a build
on mips target lacking hardware fpu

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agocurl: bump to 7.58.0
Hans Dedecker [Fri, 26 Jan 2018 20:17:46 +0000 (21:17 +0100)]
curl: bump to 7.58.0

a0b5e8944 progress-bar: get screen width on windows
65ceb20df test1454: --connect-to with IPv6 address w/o IPv6 support!
eb6e3c4f6 CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support
96186de1f docs: fix man page syntax to make test 1140 OK again
af32cd385 http: prevent custom Authorization headers in redirects
993dd5651 curl: progress bar refresh, get width using ioctl()
9d82cde7b RELEASE-NOTES: synced with bb0ffcc36
bb0ffcc36 libcurl-env.3: first take
ec122c4c8 TODO: two possible name resolver improvements
a5e6d6ebc http2: don't close connection when single transfer is stopped
87ddeee59 test558: fix for multissl builds
da07dbb86 examples/url2file.c: add missing curl_global_cleanup() call
ddafd45af SSH: Fix state machine for ssh-agent authentication
9e4ad1e2a openssl: fix potential memory leak in SSLKEYLOGFILE logic
ca9c93e3e openssl: fix the libressl build again
2c0c4dff0 unit1307: test many wildcards too
2a1b2b4ef curl_fnmatch: only allow 5 '*' sections in a single pattern
cb5accab9 ftp-wildcard: fix matching an empty string with "*[^a]"
25c40c9af SMB: fix numeric constant suffix and variable types
945df7410 CURLOPT_TCP_NODELAY.3: fix typo
8dd4edeb9 smtp/pop3/imap_get_message: decrease the data length too...
84fcaa2e7 openssl: enable SSLKEYLOGFILE support by default
e44ddfd47 mime: clone mime tree upon easy handle duplication.
2c821bba8 docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
a06311be2 test395: HTTP with overflow Content-Length value
67595e7d2 test394: verify abort of rubbish in Content-Length: value
ac17d7947 test393: verify --max-filesize with excessive Content-Length
f68e67271 HTTP: bail out on negative Content-Length: values
0616dfa1e configure.ac: append extra linker flags instead of prepending them.
650b9c1d6 RELEASE-NOTES: synced with 6fa10c8fa
6fa10c8fa setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
3b548ffde setopt: reintroduce non-static Curl_vsetopt() for OS400 support
fa3dbb9a1 http2: fix incorrect trailer buffer size
2a6dbb815 easy: fix connection ownership in curl_easy_pause
89f680473 system.h: Additionally check __LONG_MAX__ for defining curl_off_t
14d07be37 COPYING: it's 2018!
a8ce5efba progress: calculate transfer speed on milliseconds if possible
d4e40f069 scripts: allow all perl scripts to be run directly
e4f86025d mail-rcpt.d: fix short-text description
908a9a674 build: remove HAVE_LIMITS_H check
129390a51 openssl: fix memory leak of SSLKEYLOGFILE filename
272613df0 Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX"
481539e90 test1554: improve the error handling
593dcc553 test1554: add global initialization and cleanup
dc831260b curl_version_info.3: call the argument 'age'
58d7cd28a brotli: data at the end of content can be lost
a0f3eaf25 examples/cacertinmem: ignore cert-already-exists error
859ac3602 tool_getparam: Support size modifiers for --max-filesize
b399b0490 build: Fixed incorrect script termination from commit ad1dc10e61
a9b774a77 Makefile.vc: Added our standard copyright header
22fddb85a winbuild: Added support for VC15
ad1dc10e6 build: Added Visual Studio 2017 project files
d409640d6 build-wolfssl.bat: Added support for VC15
a4e88317d build-openssl.bat: Added support for VC15
c97648b55 curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX
b43755789 examples/rtsp: fix error handling macros
f009bbe1f curl_easy_reset: release mime-related data.
4acc9d3d1 content_encoding: rework zlib_inflate
e639d4ca4 brotli: allow compiling with version 0.6.0.
9c6a6be88 CURLOPT_READFUNCTION.3: refer to argument with correct name
02f207a76 rand: add a clang-analyzer work-around
13ce373a5 krb5: fix a potential access of uninitialized memory
41982b6ac conncache: fix a return code [regression]
5d0ba70e1 curl: support >256 bytes warning messsages
188a43a8f libssh: fix a syntax error in configure.ac
7ef0c2d86 examples/smtp-mail.c: use separate defines for options and mail
621b24505 THANKS: added missing names
cc0cca1ba mailmap: added/clarified several names
9d7a59c8f setopt: less *or equal* than INT_MAX/1000 should be fine
2437dbbf1 vtls: replaced getenv() with curl_getenv()
ef5633d4b RELEASE-NOTES: synced with 3b9ea70ee
3b9ea70ee TODO: Expose tried IP addresses that failed
48c184a60 curl.1: mention http:// and https:// as valid proxy prefixes
76db03dd9 curl.1: documented two missing valid exit codes
63e58b8b4 CURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-reference
671f0b506 Revert "curl: don't set CURLOPT_INTERLEAVEDATA"
4b6f3cff7 tests: mark data files as non-executable in git
98c572ed3 tests: update .gitignore for libtests
e959f16c5 multi_done: prune DNS cache
06a0a26fb mailmap: fixup two old git Author "aliases"
7ab4e7adb openssl: Disable file buffering for Win32 SSLKEYLOGFILE
b1b94305d RESOLVE: output verbose text when trying to set a duplicate name
bbea75ad6 CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE
a4a56ec93 sftp: allow quoted commands to use relative paths
9fb5a943f CURLOPT_PRIVATE.3: fix grammar
179ee78e8 curl: remove __EMX__ #ifdefs
9dfb19483 openssl: improve data-pending check for https proxy
9ffad8eb1 curl: don't set CURLOPT_INTERLEAVEDATA
912324024 curl.h: remove incorrect comment about ERRORBUFFER
ebaab4d17 configure: add AX_CODE_COVERAGE only if using gcc
b5881d1fb curl: limit -# update frequency for unknown total size
546e7db78 BINDINGS: another PostgreSQL client
55e609890 CONNECT: keep close connection flag in http_connect_state struct
c103cac3c include: get netinet/in.h before linux/tcp.h
00cda0f9b openldap: fix checksrc nits
ff07f07cc openldap: add commented out debug possibilities
bb0ca2d44 examples: move threaded-shared-conn.c to the "complicated" ones
4fb85b87b RELEASE-NOTES: synced with b261c44e8
b261c44e8 URL: tolerate backslash after drive letter for FILE:
24dcd7466 tests: added netinet/in6.h includes in test servers
76ebd5417 configure: check for netinet/in6.h
0c65678e7 curl-config: add --ssl-backends
ea3a5d07d conncache: only allow multiplexing within same multi handle
415b8dff8 threaded-shared-conn.c: fixed typo in commenta
5254d8bf2 threaded-shared-conn.c: new example
07cb27c98 conncache: fix several lock issues
85f0133ea libssh: remove dead code in sftp_qoute
615edc1f7 sasl_getmesssage: make sure we have a long enough string to pass
440140946 libssh2: remove dead code from SSH_SFTP_QUOTE
6401ddad4 ssh-libssh.c: please checksrc
918530752 libssh: fixed dereference in statvfs access
8dad32bcf RESOURCES: update spec names
a08f5a77c libssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFS
8843c0939 libssh: no need to call sftp_get_error as ssh_get_error is sufficient
3cef6f22e libssh: fix minor static code analyzer nits
10bb0b471 openssl: pkcs12 is supported by boringssl
8eff32f0b travis: use pip2 instead of pip
b7f534597 lib582: do not verify host for SFTP
a2f396680 libssh: added SFTP support
c75c9d4fb symbols-in-versions: added new symbols with 7.56.3 version
05675ab5a .travis.yml: added build --with-libssh
38aef6dc4 libssh2: return CURLE_UPLOAD_FAILED on failure to upload
75427291e libssh2: send the correct CURLE error code on scp file not found
c92d2e14c Added support for libssh SSH SCP back-end
3973ee6a6 RELEASE-NOTES: synced with af8cc7a69
af8cc7a69 curlver: towards 7.57.1
4b4142491 lib: don't export all symbols, just everything curl_*
9194a9959 SSL: Avoid magic allocation of SSL backend specific data
744ee5838 examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL
270494e1a travis: add boringssl build

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoRevert "netdevices.mk: add hwmon to IGB and IXGBE drivers"
John Crispin [Sun, 28 Jan 2018 07:53:50 +0000 (08:53 +0100)]
Revert "netdevices.mk: add hwmon to IGB and IXGBE drivers"

This reverts commit af707a178fa5f23dcf149da3e545958c0085500a.

Signed-off-by: John Crispin <john@phrozen.org>
6 years agoRevert "netdevices.mk: add missing dependency to kmod-hwmon-core"
John Crispin [Sun, 28 Jan 2018 07:51:11 +0000 (08:51 +0100)]
Revert "netdevices.mk: add missing dependency to kmod-hwmon-core"

This reverts commit 53f62bc5e5c36c1a08e162d8b26de7d831fc36e5.

commit made the builders fail with
"Package kmod-igb is missing dependencies for the following libraries: hwmon.ko"

Signed-off-by: John Crispin <john@phrozen.org>
6 years agoprocd: fix procd_lock() when prepare_roofs
Yousong Zhou [Sun, 28 Jan 2018 01:43:30 +0000 (09:43 +0800)]
procd: fix procd_lock() when prepare_roofs

This fixes the following errors when doing "make package/install"

    /home/yousong/git-repo/lede-project/lede/build_dir/target-mips_24kc_musl/root-malta/lib/functions/procd.sh: line 47: /home/yousong/git-repo/l
    ede-project/lede/build_dir/target-mips_24kc_musl/root-malta/var/lock/procd_urandom_seed.lock: No such file or directory
    flock: 1000: Bad file descriptor

Fixes FS#1260

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agonetdevices.mk: add missing dependency to kmod-hwmon-core
Hauke Mehrtens [Sat, 27 Jan 2018 23:24:24 +0000 (00:24 +0100)]
netdevices.mk: add missing dependency to kmod-hwmon-core

The IGB and IXGBE drivers depend on kmod-hwmon core now.

Fixes: af707a178fa5 ("netdevices.mk: add hwmon to IGB and IXGBE drivers")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agobinutils: assertion failure bfd/elfxx-mips.c:3860
Hauke Mehrtens [Sat, 27 Jan 2018 21:51:59 +0000 (22:51 +0100)]
binutils: assertion failure bfd/elfxx-mips.c:3860

With forced PIE and SSP support I ran into this assertion failure.
backport two patches to fix this problem from the binutils 2.28 branch.
This fix is already included in binutils 2.28.1 and 2.29.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agotoolchain: gcc: update 7.x to 7.3.0
Hauke Mehrtens [Sat, 27 Jan 2018 13:28:46 +0000 (14:28 +0100)]
toolchain: gcc: update 7.x to 7.3.0

This version still generates broken code in our setup for MIPS.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agobuild: cleanup SSP_SUPPORT configure option
Julien Dusser [Sun, 7 Jan 2018 17:47:21 +0000 (18:47 +0100)]
build: cleanup SSP_SUPPORT configure option

Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh,
avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain
and depends it means 'build gcc with libssp'.

Musl no longer uses libssp (1877bc9d8f), it has internal support, so
SSP_SUPPORT was disabled leading some package to not use SSP.

No information why Glibc and uClibc use libssp, but they may also provide
their own SSP support. uClibc used it own with commit 933b588e25 but it was
reverted in f3cacb9e84 without details.

Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT
if either USE_MUSL or GCC_LIBSSP.

Signed-off-by: Julien Dusser <julien.dusser@free.fr>
6 years agotoolchain: add gcc configure default PIE and SSP
Julien Dusser [Sun, 7 Jan 2018 16:41:35 +0000 (17:41 +0100)]
toolchain: add gcc configure default PIE and SSP

GCC supports starting version 5 --enable-default-ssp and starting version 6
--enable-default-pie.

It produces hardened binaries by default without dealing with package
compilation flags.

Signed-off-by: Julien Dusser <julien.dusser@free.fr>
6 years agobuild: add hardened builds with PIE (ASLR) support
Julien Dusser [Mon, 8 Jan 2018 22:47:06 +0000 (23:47 +0100)]
build: add hardened builds with PIE (ASLR) support

Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.

Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.

Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.

If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.

Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
6 years agokernel-headers: adjust PKG_ variables when using git clone method
Alexandru Ardelean [Wed, 17 Jan 2018 10:55:15 +0000 (12:55 +0200)]
kernel-headers: adjust PKG_ variables when using git clone method

When using an external git clone for the kernel repo,
the build would fail because the build won't download
[via git] the kernel tarball.

This is because the `toolchain/kernel-headers` assumes
that the kernel would get downloaded via normal HTTP.
The reason for this is the `HostBuild` rule, which
calls the `Download/default` rule.

To use the `Download/default` we just need to conditionally
adjust some PKG_ vars.

We can safely use `LINUX_VERSION` as it was already adjusted
in the `kernel-version.mk` to avoid collisions with other tarballs.

Fixes:
 https://bugs.openwrt.org/index.php?do=details&task_id=503

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
6 years agokernel.mk: update LINUX_VERSION filename for cloned repo
Alexandru Ardelean [Mon, 15 Jan 2018 14:50:38 +0000 (16:50 +0200)]
kernel.mk: update LINUX_VERSION filename for cloned repo

In case there is an external git repo specified,
it could overwrite the kernel tarball that was
downloaded from kernel.org.

The only identifier for such a file is the
KERNEL_GIT_CLONE_URI & KERNEL_GIT_REF symbols,
so if we have to download it we'll use that
information [after some sanitization]
to create a different filename for the kernel tarball.

If KERNEL_GIT_REF symbol is empty, HEAD will be used
as mentioned in the description of KERNEL_GIT_REF.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
6 years agoConfig-devel.in: rename symbol KERNEL_GIT_BRANCH -> KERNEL_GIT_REF
Alexandru Ardelean [Wed, 17 Jan 2018 12:05:57 +0000 (14:05 +0200)]
Config-devel.in: rename symbol KERNEL_GIT_BRANCH -> KERNEL_GIT_REF

The Download/git rule will do a `git checkout <git-ref>`.
So, we can use any ref we want.

No need to limit just to branches.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
6 years agohostapd: add support for hostapd's radius_client_addr
Stephan Brunner [Fri, 19 Jan 2018 13:03:46 +0000 (14:03 +0100)]
hostapd: add support for hostapd's radius_client_addr

Add support for hostapd's radius_client_addr in order to
force hostapd to send RADIUS packets from the correct source
interface rather than letting linux select the most appropriate.

Signed-off-by: Stephan Brunner <s.brunner@stephan-brunner.net>
6 years agoperf: use libunwind
Maxim Gorbachyov [Fri, 12 Jan 2018 17:54:41 +0000 (20:54 +0300)]
perf: use libunwind

Without libunwind perf does not show userspace stack frames.
Tested on mvebu.

Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
6 years agolibunwind: enable build for arm
Maxim Gorbachyov [Fri, 12 Jan 2018 17:42:20 +0000 (20:42 +0300)]
libunwind: enable build for arm

Tested with perf on mvebu.

Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
6 years agonetdevices.mk: add hwmon to IGB and IXGBE drivers
Philip Prindeville [Wed, 24 Jan 2018 02:00:11 +0000 (19:00 -0700)]
netdevices.mk: add hwmon to IGB and IXGBE drivers

Off-chip NICs can run hotter than the CPU, so they're definitely
worth instrumenting.

Adding hardware monitoring increases by ~3744 and ~2672 bytes,
respectively, the sizes of the igb.ko and ixgbe.ko drivers.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
6 years agokernel/modules/other: disable Nokia BT UART
Tim Harvey [Tue, 23 Jan 2018 22:31:09 +0000 (14:31 -0800)]
kernel/modules/other: disable Nokia BT UART

disable the Nokia BT UART present on Nikia N9, N900 & N950 added in 4.12.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
6 years agotoolchain/arc: update to the most recent release arc-2017.09
Evgeniy Didin [Wed, 24 Jan 2018 17:26:03 +0000 (20:26 +0300)]
toolchain/arc: update to the most recent release arc-2017.09

This commit finally bumps ARC tools to the most recent arc-2017.09 release version.

ARC GNU tools of version arc-2017.09 bring some quite significant changes like:
 * Binutils v2.29 with additional ARC patches
 * GCC 7.1.1 with additional ARC patches

More information on this release could be found here:
  https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/releases/tag/arc-2017.09-release

Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
CC: Alexey Brodkin <abrodkin@synopsys.com>
CC: John Crispin <john@phrozen.org>
6 years agouClibc-ng: update to 1.0.28
Evgeniy Didin [Wed, 24 Jan 2018 17:26:02 +0000 (20:26 +0300)]
uClibc-ng: update to 1.0.28

Lets update uClibc-ng to 1.0.28 version for compatibility with gcc 7.x.

Since 1.0.22 there were significant patches for compatibility with gcc 7.x:
 https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=5b0f49037e8ea8500b05c8f31ee88529ccac4cee
 https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/commit/?id=cee0b058fa0b4501b289a2da365182d60314d746

Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
CC: Alexey Brodkin <abrodkin@synopsys.com>
CC: John Crispin <john@phrozen.org>
6 years agomac80211: revert "wireless: set correct mandatory rate flags"
Matthias Schiffer [Fri, 26 Jan 2018 22:24:59 +0000 (23:24 +0100)]
mac80211: revert "wireless: set correct mandatory rate flags"

Revert upstream commit 1bd773c077de "wireless: set correct mandatory rate
flags", as it breaks 11s interoperability: nodes can only associate when
neither or both have this patch. As this is a regression from released
versions, revert to the old code for now.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agorules.mk: drop `include_mk` build rule
Alexandru Ardelean [Wed, 24 Jan 2018 10:56:39 +0000 (12:56 +0200)]
rules.mk: drop `include_mk` build rule

The only users of this were the python packages
from the `packages` feed.
The 2 python interpreters would export some mk
files (e.g. python-package.mk) and then other
python packages would include it via this rule.

But there's a few things wrong with this approach,
most of them drawing from the fact that python host
needs to be built first, to export these mk files.

By now all uses of include_mk have been corrected
in the feeds and this can be removed.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
6 years agoopenssl: tell the build system that we are doing CROSS_COMPILE
Yousong Zhou [Fri, 26 Jan 2018 10:13:21 +0000 (18:13 +0800)]
openssl: tell the build system that we are doing CROSS_COMPILE

So that it will not try to run c_rehash with the just built binaries on
certs/demo.

Fixes openwrt/packages#5432

Reported-by: Val Kulkov <val.kulkov@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agoiptables: make kmod-ipt-debug part of default ALL build
Yousong Zhou [Fri, 26 Jan 2018 06:40:25 +0000 (14:40 +0800)]
iptables: make kmod-ipt-debug part of default ALL build

The iptables TRACE target is only available in raw table that's why the
dependency was moved from iptables-mod-trace into kmod-ipt-debug

Fixes FS#1219

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agobuild: disable BUILD_PATENTED by default
Yousong Zhou [Thu, 25 Jan 2018 01:40:33 +0000 (09:40 +0800)]
build: disable BUILD_PATENTED by default

This is mainly for legal considerations and not promoting the usage of
and no redistribution of binaries of patented technologies seems to be
also the established practice in other linux distros.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agowireguard: bump to 20180118
Kevin Darbyshire-Bryant [Thu, 25 Jan 2018 17:20:51 +0000 (17:20 +0000)]
wireguard: bump to 20180118

Bump to latest wireguard release snapshot:

9a93a3d version: bump snapshot
7bc0579 contrib: keygen-html: update curve25519 implementation
ffc13a3 tools: import new curve25519 implementations
0ae7356 curve25519: wire up new impls and remove donna
f90e36b curve25519: resolve symbol clash between fe types
505bc05 curve25519: import 64-bit hacl-star implementation
8c02050 curve25519: import 32-bit fiat-crypto implementation
96157fd curve25519: modularize implementation
4830fc7 poly1305: remove indirect calls
bfd1a5e tools: plug memleak in config error path
09bf49b external-tests: add python implementation
b4d5801 wg-quick: ifnames have max len of 15
6fcd86c socket: check for null socket before fishing out sport
ddb8270 global: year bump
399d766 receive: treat packet checking as irrelevant for timers

No patch refresh required.

Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agoRevert "mt76: update to the latest version"
Felix Fietkau [Thu, 25 Jan 2018 20:18:57 +0000 (21:18 +0100)]
Revert "mt76: update to the latest version"

This reverts commit 99eb128acaf76a69119fd2de8e194f2b2bbb0427.
Connectivity issues reported by users, needs rework

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agomt76: update to the latest version
Felix Fietkau [Thu, 25 Jan 2018 15:49:14 +0000 (16:49 +0100)]
mt76: update to the latest version

2b7fae4 mt76: fix returnvar.cocci warnings
939e3e0 mt76x2: dfs: avoid tasklet scheduling during mt76x2_dfs_init_params()
cf59170 mt76x2: dfs: add set_domain handler
5e4d60e mt76x2: dfs: take into account dfs region in mt76x2_dfs_init_params()
f76e25f mt76x2: fix WMM parameter configuration
34d612d mt76: retry rx polling as long as there is budget left
0f8327a mt76x2: fix TSF value in probe responses
ad3f8e9 mt76: add an intermediate struct for rx status information
58a41f1 mt76: get station pointer by wcid and pass it to mac80211
b0508d3 mt76: implement A-MPDU rx reordering in the driver code
cf3cfc4 mt76: split mt76_rx_complete
461cdf9 mt76: pass the per-vif wcid to the core for multicast rx
9b2c778 mt76: validate rx CCMP PN
302af90 mt76x2: init: disable all pending tasklets during device removal
9f685fe mt7603: init: disable tbtt tasklet during device removal
c6f8cac mt76: let mac80211 validate CCMP PN for fragmented frames
3968dae mt7603: fix 40 mhz channel bandwidth reporting
9c2e03d mt7603: fix rx LDPC reporting

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoar71xx: add ew-balin platform from Embedded Wireless
Catrinel Catrinescu [Mon, 15 Jan 2018 15:45:16 +0000 (16:45 +0100)]
ar71xx: add ew-balin platform from Embedded Wireless

Add the Embedded Wireless "Balin" platform
 SoC: QCA AR9344 or AR9350
 RAM: DDR2-RAM 64MBytes
 Flash: SPI-NOR 16MBytes
 WLAN: 2 x 2 MIMO 2.4 & 5 GHz IEEE802.11 a/b/g/n
 Ethernet: 3 x 10/100 Mb/s
 USB: 1 x USB2.0 Host/Device bootstrap-pin at power-up
 PCI-Express: 1 x lane PCIe 1.2
 UART: 1 x Normal, 1 x High-Speed
 JTAG: 1 x EJTAG
 GPIO: 10 x Input/Output multiplexed

The module comes already with the current vanilla OpenWrt firmware.
To update, use "sysupgrade" image directly in vendor firmware.

Signed-off-by: Catrinel Catrinescu <cc@80211.de>
6 years agoar71xx: add unaligned access hacks for VXLAN
Matthias Schiffer [Tue, 23 Jan 2018 19:52:45 +0000 (20:52 +0100)]
ar71xx: add unaligned access hacks for VXLAN

Gives a ~5% performance gain.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agomusl: move BUILD_DIR_TOOLCHAIN/musl symlink to configure step
Felix Fietkau [Wed, 24 Jan 2018 15:46:22 +0000 (16:46 +0100)]
musl: move BUILD_DIR_TOOLCHAIN/musl symlink to configure step

Avoids Build/Prepare quilt related hacks

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agomusl: allow autorebuild
Felix Fietkau [Wed, 24 Jan 2018 15:43:28 +0000 (16:43 +0100)]
musl: allow autorebuild

Autorebuild is disabled for the toolchain to avoid build-order issues.
However, rebuilding musl is safe, so exclude it from that restriction.
Avoids the need for manual cleaning on kernel header <-> libc API
changes like the ones introduced recently

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agomac80211: mesh: drop frames appearing to be from us
Felix Fietkau [Fri, 19 Jan 2018 17:34:10 +0000 (18:34 +0100)]
mac80211: mesh: drop frames appearing to be from us

Upstream backport to fix issues arising from devices with duplicate MAC
addresses

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoramips: add support for Widora Neo 32MB flash revision
Jackson Ming Hu [Mon, 8 Jan 2018 05:27:28 +0000 (13:27 +0800)]
ramips: add support for Widora Neo 32MB flash revision

Widora has updated their Widora Neo board recently.

The new model uses 32MB WSON-8 factor SPI flash
instead of the original 16MB SOP-8 factor SPI flash.

All the other hardware components are the same as
the first revision.

Detailed hardware specs listed below:

CPU: MTK MT7688AN
RAM: 128MB DDR2
ROM: 32MB WSON-8 factor SPI Flash (Winbond)
WiFi: Built-in 802.11n 150Mbps?
Ethernet: 10/100Mbps x1
Audio codec: WM8960
Other IO: USB OTG;
  USB Power+Serial (CP2104);
  3x LEDs (Power, LAN, WiFi);
  2x Keys (WPS, CPU Reset)
  1x Audio In/Out
  1x IPEX antenna port
  1x Micro SD slot

Signed-off-by: Jackson Ming Hu <huming2207@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoramips: add flash size postfix to Widora neo
Mathias Kresin [Wed, 17 Jan 2018 07:14:41 +0000 (08:14 +0100)]
ramips: add flash size postfix to Widora neo

Rename the Widora neo by adding a flash size prefix. Move the common parts
into a dtsi to be prepare everything for upcomming support of the 32MB
version.

Migrate the Widora neo to the generic board detection as well.

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agokernel: generic: add 4.9 config option
Hans Dedecker [Tue, 23 Jan 2018 20:58:10 +0000 (21:58 +0100)]
kernel: generic: add 4.9 config option

When CGROUPS is enabled the new option CONFIG_CGROUP_NET_CLASSID is
selectable and not handled.
Add this option to the 4.9 kernel configuration.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agovxlan: add options to enable and disable UDP checksums
Matthias Schiffer [Wed, 24 Jan 2018 12:51:45 +0000 (13:51 +0100)]
vxlan: add options to enable and disable UDP checksums

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agonetifd: update to latest git HEAD
Matthias Schiffer [Wed, 24 Jan 2018 12:50:50 +0000 (13:50 +0100)]
netifd: update to latest git HEAD

af3cadb system-linux: VXLAN: add options to enable and disable UDP checksums

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6 years agoramips: Fix GB-PC1 cpuclock again
Rosen Penev [Sun, 21 Jan 2018 03:56:33 +0000 (19:56 -0800)]
ramips: Fix GB-PC1 cpuclock again

The intended frequency is 900 MHz, not 90.

Fixes: 7059ab48a6d5 ("ramips: fix cpuclock for the GB-PC1")
Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agoar71xx: fix MikroTik rb-nor-flash-16M-ac image
Daniel Golle [Wed, 24 Jan 2018 00:20:41 +0000 (01:20 +0100)]
ar71xx: fix MikroTik rb-nor-flash-16M-ac image

commit e15c63a375
ar71xx: add support for MikroTik RouterBOARD wAP G-5HacT2HnD (wAP AC)

changed the existing rb-nor-flash-16M-ac image in a way that it would
now only support the rb-wapg-5hact2hnd.
The board show however rather be added to the existing boards in the
rb-nor-flash-16M image template.

Reported-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
6 years agoprocd: update to latest git HEAD
Hans Dedecker [Tue, 23 Jan 2018 10:37:37 +0000 (11:37 +0100)]
procd: update to latest git HEAD

653629f trace: check asprintf() return value
67eb7e6 trace: add missing limits.h include

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoramips: add support for ZBT-WE1226
Daniel Golle [Tue, 23 Jan 2018 01:46:36 +0000 (02:46 +0100)]
ramips: add support for ZBT-WE1226

MT7628NN (580MHz), 8MB SPI NOR, 64MB DDR2 RAM

Everything except for the switch LEDs works great.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
6 years agosunxi: Orange Pi R1: configure USB Ethernet controller.
Hauke Mehrtens [Thu, 28 Dec 2017 18:36:08 +0000 (19:36 +0100)]
sunxi: Orange Pi R1: configure USB Ethernet controller.

Now the USB port is the WAN port.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agosunxi: Orange Pi R1: Fix USB Ethernet and activate SPI
Hauke Mehrtens [Thu, 28 Dec 2017 18:34:47 +0000 (19:34 +0100)]
sunxi: Orange Pi R1: Fix USB Ethernet and activate SPI

The USB Ethernet is not working with the patches proposed for upstream,
fix this and activate the SPI node as this board always has a SPI flash.

Both patches are also targeted for upstream kernel 4.16 and 4.17.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agosunxi: use upstream patch for Orange Pi R1
Hauke Mehrtens [Sun, 10 Dec 2017 19:56:56 +0000 (20:56 +0100)]
sunxi: use upstream patch for Orange Pi R1

Instead of using our own device tree definitions use the one provided in
the upstream kernel for 4.16.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agosunxi: backport stmmac network patches
Hauke Mehrtens [Sun, 10 Dec 2017 19:56:31 +0000 (20:56 +0100)]
sunxi: backport stmmac network patches

Ethernet support was initial added in kernel 4.13, but deactivated
before the final release. This is backports the changes which are
activating it again from kernel 4.15.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agosunxi: Add support for kernel 4.14
Hauke Mehrtens [Sun, 10 Dec 2017 17:42:44 +0000 (18:42 +0100)]
sunxi: Add support for kernel 4.14

This is based on the code for kernel 4.9, but a lot of 4.9 patches are
backports from more recent kernel version and can be removed now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agosunxi: refresh kernel configuration
Hauke Mehrtens [Sat, 16 Dec 2017 22:47:28 +0000 (23:47 +0100)]
sunxi: refresh kernel configuration

Just refresh the sunxi kernel configuration.
This also moves the CONFIG_CRYPTO_DEV_SUN4I_SS_PRNG option to the
config-4.9 file.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agoRevert "kernel: add IEEE-1284 parallel port support"
Jo-Philipp Wich [Mon, 22 Jan 2018 12:41:16 +0000 (13:41 +0100)]
Revert "kernel: add IEEE-1284 parallel port support"

This reverts commit 666e9cf2220b11ccd024cad13ad54ca71d40c5b3.

The change has not been build-tested on non-x86 targets and leads to
stalled kernel builds due to unset configuration symbols there.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agoprocd: update to latest git HEAD
John Crispin [Mon, 22 Jan 2018 11:53:34 +0000 (12:53 +0100)]
procd: update to latest git HEAD

846e20c procd: add timing to start/stop logging

Signed-off-by: John Crispin <john@phrozen.org>
6 years agoar71xx: add support for the MikroTik RB911-2Hn/5Hn boards
Gabor Juhos [Thu, 18 Jan 2018 12:50:32 +0000 (13:50 +0100)]
ar71xx: add support for the MikroTik RB911-2Hn/5Hn boards

The patch adds support for the MikroTik RB911-2Hn (911 Lite2)
and the RB911-5Hn (911 Lite5) boards:

  https://mikrotik.com/product/RB911-2Hn
  https://mikrotik.com/product/RB911-5Hn

The two boards are using the same hardware design, the only difference
between the two is the supported wireless band.

Specifications:
  * SoC: Atheros AR9344 (600MHz)
  * RAM: 64MiB
  * Storage: 16 MiB SPI NOR flash
  * Ethernet: 1x100M (Passive PoE in)
  * Wireless: AR9344 built-in wireless MAC, single chain
              802.11b/g/n (911-2Hn) or 802.11a/g/n (911-5Hn)

Notes:
  * Older versions of these boards might be equipped with a NAND
    flash chip instead of the SPI NOR device. Those boards are not
    supported (yet).
  * The MikroTik RB911-5HnD (911 Lite5 Dual) board also uses the
    same hardware. Support for that can be added later with little
    effort probably.

Installation:

1. Setup a DHCP/BOOTP Server with the following parameters:
   * DHCP-Option 66 (TFTP server name): pointing to a local TFTP
     server within the same subnet of the DHCP range
   * DHCP-Option 67 (Bootfile-Name): matching the initramfs filename
     of the to be booted image. The usable intramfs files are:
       - openwrt-ar71xx-mikrotik-vmlinux-initramfs.elf
       - openwrt-ar71xx-mikrotik-vmlinux-initramfs-lzma.elf
       - openwrt-ar71xx-mikrotik-rb-nor-flash-16M-initramfs-kernel.bin

2. Press the reset button on the board and keep that pressed.

3. Connect the board to your local network via its ethernet port.

4. Release the button after the LEDs on the board are turned off.
   Now the board should load and start the initramfs image from
   the TFTP server.

5. Upload the sysupgrade image to the board with scp:
     $ scp openwrt-ar71xx-mikrotik-rb-nor-flash-16M-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/fw.bin

5. Log in to the running system listening on 192.168.1.1 via ssh
   as root (without password):
     $ ssh root@192.168.1.1

7. Flash the uploaded firmware file from the ssh session via the
   sysupgrade command:
     root@OpenWrt:~# sysupgrade /tmp/fw.bin

Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
6 years agoar71xx: make leds-gpio usable with single-ended GPIOs
Gabor Juhos [Thu, 18 Jan 2018 12:50:31 +0000 (13:50 +0100)]
ar71xx: make leds-gpio usable with single-ended GPIOs

Add patches for the leds-gpio driver to make it usable with
open-drain and open-source kind of GPIO lines.

This type of functionality is required by various MikroTik boards.

Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
6 years agoar71xx: mach-rbspi: return rb_info from rbspi_platform_setup
Gabor Juhos [Thu, 18 Jan 2018 12:50:30 +0000 (13:50 +0100)]
ar71xx: mach-rbspi: return rb_info from rbspi_platform_setup

Modify the rbspi_platform_setup() function to return the pointer of the
rb_info structure. This allows board specific setup routines to access
the various fields of the information. It is useful for investigating
the hardware option bits for example.

Also update the board setup codes, to ensure that those handle the new
return value correctly.

Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
6 years agoar71xx: add definitions for RouterBOARD hardware option bits
Gabor Juhos [Thu, 18 Jan 2018 12:50:29 +0000 (13:50 +0100)]
ar71xx: add definitions for RouterBOARD hardware option bits

Add bit definitions for the 'hardware options' tag which is used in
the MikroTik devices' hardware configurations. These values can be
used in board setup codes, to do different initialization sequences.
The values were obtained from the RouterOS 6.41-rc38 patches.

Additionally, introduce two helper functions what make the processing
of the hardware options easy.

Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
6 years agouqmi: silence error on pin verification
Koen Vandeputte [Fri, 19 Jan 2018 10:31:52 +0000 (11:31 +0100)]
uqmi: silence error on pin verification

If a device only supports the 2nd verification method (uim),
the first method will fail as expected reporting an error:

"Command not supported"

Silence both separate methods and only report an error regarding
pin verification if both fail.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: add IEEE-1284 parallel port support
Daniel Gimpelevich [Thu, 18 Jan 2018 11:52:12 +0000 (03:52 -0800)]
kernel: add IEEE-1284 parallel port support

The kmod-lp package included both lp.ko and ppdev.ko, but ECP device
drivers may or may not require lp NOT to be loaded, needing only ppdev.
Additionally, There were no packages for any parport interface modules,
such as uss720 or parport_pc, provided here. It has not been otherwise
possible to use PC-style parport hardware for kmod-lp.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
6 years agopistachio: make patches apply again
Hauke Mehrtens [Sat, 20 Jan 2018 22:36:05 +0000 (23:36 +0100)]
pistachio: make patches apply again

Support for Winbond NAND flash detection was added into the generic
patches and this conflicted with this patch adding Gigadevice support.

Fixes: 02050f7e7d5b ("kernel/4.{4, 9}: add manufacturer ID for Winbond NANDs")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agoipq806x: make patches apply again
Hauke Mehrtens [Sat, 20 Jan 2018 22:21:52 +0000 (23:21 +0100)]
ipq806x: make patches apply again

Some part of this patch was added to the generic patches as it was
needed also for some other target. Do not add it here any more.

Fixes: 02050f7e7d5b ("kernel/4.{4, 9}: add manufacturer ID for Winbond NANDs")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agox86: Add CONFIG_RETPOLINE to fix build
Hauke Mehrtens [Sat, 20 Jan 2018 21:44:40 +0000 (22:44 +0100)]
x86: Add CONFIG_RETPOLINE to fix build

This adds support for the new configuration option CONFIG_RETPOLINE and
refreshes the configuration.

Fixes: d8565a06dc ("kernel: bump 4.9 to 4.9.77")
Fixes: 9ddfac8015 ("kernel: bump 4.14 to 4.14.14")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agokernel: use upstream patches for musl
Hauke Mehrtens [Sat, 3 Jun 2017 10:59:55 +0000 (12:59 +0200)]
kernel: use upstream patches for musl

This replaces the current patches used to make the kernel headers
compatible with musl with the version which was accepted upstream. This
is included in upstream kernel 4.15.
This was compile tested with iproute2 build on all supported kernel
versions with musl and one one with glibc.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agoubus: fix PKG_MIRROR_HASH
Hauke Mehrtens [Fri, 19 Jan 2018 22:59:30 +0000 (23:59 +0100)]
ubus: fix PKG_MIRROR_HASH

Fixes: dd975d15a71f ("ubus: fix wrong PKG_SOURCE_DATE")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agonftables: update to 0.8.1
Philip Prindeville [Wed, 20 Dec 2017 17:22:52 +0000 (10:22 -0700)]
nftables: update to 0.8.1

Note this requires libnftnl-1.0.8 or higher, so that update needs
to be merged first.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
6 years agolibnftnl: update to 1.0.9
Philip Prindeville [Wed, 20 Dec 2017 22:06:02 +0000 (15:06 -0700)]
libnftnl: update to 1.0.9

Also, drop unsupported configure options.

Don't use git retrieve but released tarball instead.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
6 years agokernel: backport fix for nftables on big Endian
Hauke Mehrtens [Sat, 20 Jan 2018 19:14:47 +0000 (20:14 +0100)]
kernel: backport fix for nftables on big Endian

nftables 0.8.1 generates some new commands which will not work without
this on big endian systems. This patch is included in Linux 4.11 and
later.

My rule matching a TCP port was not working:
nft add rule ip foo bar ct state new tcp dport 22 accept

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agotools/tar: update to 1.30
Hannu Nyman [Fri, 19 Jan 2018 16:55:28 +0000 (18:55 +0200)]
tools/tar: update to 1.30

update GNU tar to 1.30

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
6 years agokernel: bump 4.4 to 4.4.112
Kevin Darbyshire-Bryant [Thu, 18 Jan 2018 15:01:19 +0000 (15:01 +0000)]
kernel: bump 4.4 to 4.4.112

Refresh patches.
Remove upstreamed patches:

target/linux/generic/patches-4.4/030-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/patches-4.4/030-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch
target/linux/generic/patches-4.4/030-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/patches-4.4/030-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Compile-tested: ar71xx Archer C7 v2
Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agokernel: bump 4.9 to 4.9.77
Kevin Darbyshire-Bryant [Thu, 18 Jan 2018 13:51:13 +0000 (13:51 +0000)]
kernel: bump 4.9 to 4.9.77

Refresh patches.
Remove upstreamed patches:

target/linux/generic/backport-4.9/023-2-smsc75xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/backport-4.9/023-3-cx82310_eth-use-skb_cow_head-to-deal-with-cloned-skb.patch
target/linux/generic/backport-4.9/023-4-sr9700-use-skb_cow_head-to-deal-with-cloned-skbs.patch
target/linux/generic/backport-4.9/023-5-lan78xx-use-skb_cow_head-to-deal-with-cloned-skbs.patch

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Compile-tested: ar71xx Archer C7 v2
Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 4.14 to 4.14.14
Kevin Darbyshire-Bryant [Thu, 18 Jan 2018 14:13:53 +0000 (14:13 +0000)]
kernel: bump 4.14 to 4.14.14

Refresh patches.

CVEs completely or partially addressed:

CVE-2017-5715
CVE-2017-5753
CVE-2017-17741
CVE-2017-1000410

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel/4.{4, 9}: add manufacturer ID for Winbond NANDs
Gabor Juhos [Thu, 18 Jan 2018 21:13:09 +0000 (22:13 +0100)]
kernel/4.{4, 9}: add manufacturer ID for Winbond NANDs

Some MikroTik devices are using a Winbond NAND flash. Linux treats
it as an unknown NAND before version 4.11:

  nand: device found, Manufacturer ID: 0xef, Chip ID: 0xf1
  nand: Unknown NAND 128MiB 3,3V 8-bit
  nand: 128 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64

Backport a patch from 4.11 to show the manufacturer correctly:

  nand: device found, Manufacturer ID: 0xef, Chip ID: 0xf1
  nand: Winbond NAND 128MiB 3,3V 8-bit
  nand: 128 MiB, SLC, erase size: 128 KiB, page size: 2048, OOB size: 64

Tested on a MikroTik R951Ui-2HnD board.

Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
6 years agodnsmasq: backport validation fix in dnssec security fix
Kevin Darbyshire-Bryant [Sat, 20 Jan 2018 08:46:28 +0000 (08:46 +0000)]
dnsmasq: backport validation fix in dnssec security fix

A DNSSEC validation error was introduced in the fix for CVE-2017-15107

Backport the upstream fix to the fix (a simple typo)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agodnsmasq: backport dnssec security fix
Kevin Darbyshire-Bryant [Fri, 19 Jan 2018 17:16:08 +0000 (17:16 +0000)]
dnsmasq: backport dnssec security fix

CVE-2017-15107

An interesting problem has turned up in DNSSEC validation. It turns out
that NSEC records expanded from wildcards are allowed, so a domain can
include an NSEC record for *.example.org and an actual query reply could
expand that to anything in example.org  and still have it signed by the
signature for the wildcard. So, for example

!.example.org NSEC zz.example.org

is fine.

The problem is that most implementers (your author included, but also
the Google public DNS people, powerdns and Unbound) then took that
record to prove the nothing exists between !.example.org and
zz.example.org, whereas in fact it only provides that proof between
*.example.org and zz.example.org.

This gives an attacker a way to prove that anything between
!.example.org and *.example.org doesn't exists, when it may well do so.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agoipq806x: remove merged ipq4019 patch
Christian Lamparter [Thu, 18 Jan 2018 12:26:08 +0000 (13:26 +0100)]
ipq806x: remove merged ipq4019 patch

The patch 0022-dts-ipq4019-support-ARMv7-PMU.patch
was merged into 4.8-rc1.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[refresh patches]
Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoipq806x: remove dependency on non-existent kmod
Christian Lamparter [Wed, 17 Jan 2018 22:38:50 +0000 (23:38 +0100)]
ipq806x: remove dependency on non-existent kmod

During the integration of the ipq40xx target,
the phy drivers were included into the ipq806x's
target kernel config.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
6 years agoipq-wifi: align AVM FRITZ!Box 4040's board-2.bin package
Christian Lamparter [Wed, 17 Jan 2018 22:38:49 +0000 (23:38 +0100)]
ipq-wifi: align AVM FRITZ!Box 4040's board-2.bin package

This patch renames the AVM FRITZ!Box 4040's board-2.bin
file and package to match the 'vendor_product' format.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
6 years agoipq806x: overhaul AVM FRITZ!box 4040 device-tree file
Christian Lamparter [Wed, 17 Jan 2018 22:38:48 +0000 (23:38 +0100)]
ipq806x: overhaul AVM FRITZ!box 4040 device-tree file

This patch aligns the device-tree file with the latest
guidelines.
 - No longer include qcom-ipq4019-ap.dk01.1.dtsi. This
   file is only partially upstream and therefore subjected
   to changes that might not be compatible with the board.

   As a result, the definitions from the file have been
   copied into this dts.

 - exclusively use decimal GPIO addresses.

 - reorganize the reserved-memory layout to waste less
   memory. There's no point in keeping the u-boot loader
   around. This should also make it possible    to create
   an image that will boot with the original EVA/ADAM2 loader
   without needing to install the modified u-boot loader.
   And finally mark the "tz-apps" as reusable.
   There isn't a way to  upload apps to the trust-zone in OpenWrt
   yet. But it might see some use in the future as a "secure"
   key-store/TPM.

 - sort the first-level nodes alphabetically.
 - sort nodes with an address by the address.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
6 years agofirmware: ath10k-firmware: update QCA988x firmware to 10.2.4-1.0-00033
Christian Lamparter [Thu, 21 Dec 2017 18:13:04 +0000 (19:13 +0100)]
firmware: ath10k-firmware: update QCA988x firmware to 10.2.4-1.0-00033

This patch updates ath10k-firmware to use the
firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA988x.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
6 years agofirmware: ath10k-firmware: update QCA9887 firmware to 10.2.4-1.0-00033
Christian Lamparter [Thu, 21 Dec 2017 18:13:03 +0000 (19:13 +0100)]
firmware: ath10k-firmware: update QCA9887 firmware to 10.2.4-1.0-00033

This patch updates ath10k-firmware to use the
firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA9887.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
6 years agofirmware: ath10k-firmware: update QCA9888 firmware to 10.4-3.4-00104
Christian Lamparter [Thu, 21 Dec 2017 18:13:02 +0000 (19:13 +0100)]
firmware: ath10k-firmware: update QCA9888 firmware to 10.4-3.4-00104

This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA9888.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
6 years agofirmware: ath10k-firmware: update QCA9984 firmware to 10.4-3.4-00104
Christian Lamparter [Thu, 21 Dec 2017 18:13:01 +0000 (19:13 +0100)]
firmware: ath10k-firmware: update QCA9984 firmware to 10.4-3.4-00104

This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA9984.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
6 years agofirmware: ath10k-firmware: update QCA4019 firmware to 10.4-3.4-00104
Christian Lamparter [Thu, 21 Dec 2017 18:13:00 +0000 (19:13 +0100)]
firmware: ath10k-firmware: update QCA4019 firmware to 10.4-3.4-00104

This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA4019.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
6 years agofirmware: ath10k-firmware: update to 2017-12-20
Christian Lamparter [Thu, 21 Dec 2017 18:12:59 +0000 (19:12 +0100)]
firmware: ath10k-firmware: update to 2017-12-20

This update automatically includes a new firmware for the QCA6174:
firmware-6.bin_WLAN.RM.4.4.1-00079-QCARMSWPZ-1

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
6 years agoodhcp6c: add sendopts config support and update to latest git HEAD
Hans Dedecker [Tue, 16 Jan 2018 14:59:03 +0000 (15:59 +0100)]
odhcp6c: add sendopts config support and update to latest git HEAD

Add sendopts config support allowing to add options in sent DHCPv6 packets.

Options can be configured as follows :
uci set network.wan6.sendopts="sntpservers:3001:3001::1,3001:3001::2 11:00000000000000000000006674692F 0x3e8:ABCDEF"

Based on a patch by Frank Andrieu <fandrieu@gmail.com>

See https://git.openwrt.org/?p=project/odhcp6c.git;a=commit;h=510aaf6d528210c5e8a6159f9b80b32615e88c5f
for a more detailed description.

Latest git changes :
1f93bd4 dhcpv6: rework option passthrough logic
a477e95 odhcp6c: rework userclass and vendorclass command handling
510aaf6 odhcp6c: add -x opt:val support
ab75be1 treewide: update copyrights to 2018
f3a4609 odhcp6c: let odhcp6c_add_state return a success/failure indication

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoramips: tl-wr840n-v5: increase firmware partition for 4Mmtk layot
Serg Studzinskii [Sun, 24 Dec 2017 16:00:13 +0000 (18:00 +0200)]
ramips: tl-wr840n-v5: increase firmware partition for 4Mmtk layot

According to console log during TP-Link TL-WR840N v5 OEM firmware update
procedure 0x3e0000-0x3f0000 64kB "config" partition, which is used to store
router's configuration settings, is erased and recreated again during every
OEM firmware update procedure, thus does not contain any valuable factory data.
So it is conviniant to use this extra 64kB erase block for jffs overlay due
limited flash size on this device like it used on TP-Link's ar71xx boards.

Signed-off-by: Serg Studzinskii <serguzhg@gmail.com>
6 years agotools/mpfr: update to 4.0.0
Hannu Nyman [Wed, 17 Jan 2018 19:06:19 +0000 (21:06 +0200)]
tools/mpfr: update to 4.0.0

Update mpfr to 4.0.0

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
6 years agotools/mpc: Update to 1.1.0
Hannu Nyman [Wed, 17 Jan 2018 19:01:35 +0000 (21:01 +0200)]
tools/mpc: Update to 1.1.0

Update mpc to 1.1.0

(note: adds compatibility with mpfr 4.0.0)

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
6 years agoutil-linux: add fstrim support
Dirk Brenken [Fri, 12 Jan 2018 11:57:39 +0000 (12:57 +0100)]
util-linux: add fstrim support

This PR adds optional fstrim support

Signed-off-by: Dirk Brenken <dev@brenken.org>
6 years agokirkwood: fix sysupgrade
尤晓杰 [Wed, 17 Jan 2018 13:03:50 +0000 (21:03 +0800)]
kirkwood: fix sysupgrade

The platform_check_image() stub need to return 0 for success, otherwise
the sysupgrade will fail with:

  Image check 'platform_check_image' failed.

Fixes: aa6f5f1787a6 ("kirkwood: use image metadata")
Signed-off-by: 尤晓杰 <yxj790222@163.com>
[reworded commit message}
Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoipq806x: fix ZyXEL NBG6817 sysupgrade
Mathias Kresin [Wed, 17 Jan 2018 19:40:55 +0000 (20:40 +0100)]
ipq806x: fix ZyXEL NBG6817 sysupgrade

Use the first found directory in the tar archive instead of relying on
a directory named according to the userspace boardname.

It allows to change the boardname without adding another compatibility
layer to the zyxel sysupgrade.

Fixes: 33f09cf15178 ("ipq806x: convert to dt-based board-detection")
Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agobase-files: gpio switch: check if direction can be set
Mathias Kresin [Mon, 15 Jan 2018 00:23:36 +0000 (01:23 +0100)]
base-files: gpio switch: check if direction can be set

Obviously not all GPIO controller allow to change the direction. The issue
is around since the beginning of the script but only due to the recent
changes error messages are more visible.

Add a check if a change of the direction is supported by the GPIO
controller and fallback to setting only the value if not.

Fixes: FS#1271
Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agobase-files: gpio switch: fix inverted logic
Mathias Kresin [Sun, 14 Jan 2018 23:28:03 +0000 (00:28 +0100)]
base-files: gpio switch: fix inverted logic

GPIOs are exported as active high to the sysfs, hence the logic need to be
inverted.

Fixes: e66c47fb14f5 ("base-files: gpio switch: set output value with
       direction")
Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoubox: update to latest git HEAD
Hans Dedecker [Wed, 17 Jan 2018 13:23:13 +0000 (14:23 +0100)]
ubox: update to latest git HEAD

e7a63fb ubox: Remove unnecessary memset calls

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoubus: fix wrong PKG_SOURCE_DATE
Hans Dedecker [Wed, 17 Jan 2018 13:08:53 +0000 (14:08 +0100)]
ubus: fix wrong PKG_SOURCE_DATE

Fix wrong PKG_SOURCE_DATE introduced in e14cac0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoubus: update to latest git HEAD
Hans Dedecker [Wed, 17 Jan 2018 12:45:02 +0000 (13:45 +0100)]
ubus: update to latest git HEAD

5bae22e ubus/lua: pass notification name to callback
212ceb1 valgrind complained about these
d57907c fix invalid close() call

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoath9k: discard undersized packets
Felix Fietkau [Wed, 17 Jan 2018 11:32:22 +0000 (12:32 +0100)]
ath9k: discard undersized packets

Sometimes the hardware will push small packets that trigger a WARN_ON
in mac80211. Discard them early to avoid this issue.

Reported-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agobuild: remove use of STAGING_DIR_HOST/usr (fixes cmake build error on macOS)
Felix Fietkau [Wed, 17 Jan 2018 10:53:10 +0000 (11:53 +0100)]
build: remove use of STAGING_DIR_HOST/usr (fixes cmake build error on macOS)

This directory is never created, nor is it used anywhere. Using it in
HOST_LDFLAGS causes a linker warning to be emitted on macOS, which
messes with cmake configure tests.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years ago.gitignore: add .project & .cproject for eclipse users
Catrinel Catrinescu [Thu, 11 Jan 2018 09:35:46 +0000 (10:35 +0100)]
.gitignore: add .project & .cproject for eclipse users

For eclipse users, .project is always created inside the project.
For users of CDT within Eclipse, add also .cproject, thanks Dirk
Feytons.

Signed-off-by: Catrinel Catrinescu <cc@80211.de>