openwrt/staging/luka.git
5 years agoopenssl: add configuration options, disable ssl3
Eneas U de Queiroz [Mon, 22 Oct 2018 14:32:56 +0000 (11:32 -0300)]
openssl: add configuration options, disable ssl3

Adds the following configuration options:
* using optimized assembler code (was always on before)
* use of x86 SSE2 instructions
* dyanic engine support
* include error messages
* Camellia, Gost, Idea, MDC2, Seed & Whirlpool algorithms
* RFC3779, CMS protocols
* VIA padlock hardware acceleration engine

Installs openssl.cnf with the library as it is used by engines
independent of the openssl util.

Fixes DTLS option that was innefective before.

Disables insecure SSL3 protocol and SHA0.

Adds openwrt-specific targets to Configure script, including asm support
for i386, ppc and mips64.

Strips building dirs from CFLAGS shown in binary.

Skips the fuzz directory during build.

Removed include/crypto/devcrypto.h that was included here, to use the
cryptodev-linux package, now that it was been moved from the packages
feed to the main openwrt repository.

This decreses the size of the ipk binray on MIPS32 by about 3.3%:
old:
706.957 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
199.294 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk

new:
693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
5 years agobase-files: fix ucert verification
Felix Fietkau [Tue, 12 Feb 2019 15:37:30 +0000 (16:37 +0100)]
base-files: fix ucert verification

ucert needs to check the firmware part with metadata, but without the signature.
Use the new fwtool mode to extract that without altering the firmware image inside
the check

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 years agofwtool: add support for extracting the truncated data part to stdout
Felix Fietkau [Tue, 12 Feb 2019 15:24:14 +0000 (16:24 +0100)]
fwtool: add support for extracting the truncated data part to stdout

This allows extracing the firmware + metadata from a signed firmware without
altering the original image file

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 years agofwtool: do not strip metadata if extracting signature
Felix Fietkau [Tue, 12 Feb 2019 14:59:11 +0000 (15:59 +0100)]
fwtool: do not strip metadata if extracting signature

This allows the signature to cover the metadata area

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 years agohostapd: fix race condition in mesh new peer handling
Felix Fietkau [Tue, 12 Feb 2019 13:26:04 +0000 (14:26 +0100)]
hostapd: fix race condition in mesh new peer handling

Avoid trying to add the same station to the driver multiple times

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 years agohostapd: send wpa_supplicant logging output to syslog
Felix Fietkau [Tue, 12 Feb 2019 13:04:07 +0000 (14:04 +0100)]
hostapd: send wpa_supplicant logging output to syslog

Helpful for debugging network connectivity issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 years agomac80211: brcmfmac: backport early changes queued for the Linux 5.1
Rafał Miłecki [Tue, 12 Feb 2019 13:17:46 +0000 (14:17 +0100)]
mac80211: brcmfmac: backport early changes queued for the Linux 5.1

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
5 years agomac80211: brcmfmac: backport remaining patches from the Linux 5.0
Rafał Miłecki [Tue, 12 Feb 2019 12:43:06 +0000 (13:43 +0100)]
mac80211: brcmfmac: backport remaining patches from the Linux 5.0

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
5 years agoiproute2: tc: reduce size of dynamic symbol table
Tony Ambardar [Fri, 14 Dec 2018 07:49:32 +0000 (23:49 -0800)]
iproute2: tc: reduce size of dynamic symbol table

In the case of SHARED_LIBS=y, don't use -export-dynamic to place *all*
symbols into the dynamic symbol table. Instead, use --dynamic-list to
export a smaller set of symbols similar to that defined in static-syms.h
in the case of SHARED_LIBS=n, avoiding an 11 KB tc package size increase.

Also increment PKG_RELEASE.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agoiproute2: tc: enable and fix support for using .so plugins
Tony Ambardar [Thu, 13 Dec 2018 19:48:55 +0000 (11:48 -0800)]
iproute2: tc: enable and fix support for using .so plugins

This enables using the tc module m_xt.so, which uses the act_ipt kernel
module to allow tc actions based on iptables targets. e.g.

   tc filter add dev eth0 parent 1: prio 10 protocol ip \
   u32 match u32 0 0 action xt -j DSCP --set-dscp-class BE

Make the SHARED_LIBS parameter configurable and based on tc package
selection.

Fix a problem using the tc m_xt.so plugin as also described in
https://bugs.debian.org/868059:

  Sync include/xtables.h from iptables to make sure the right offset is
  used when accessing structure members defined in libxtables. One could
  get “Extension does not know id …” otherwise. (See also: #868059)

Patch to sync the included xtables.h with system iptables 1.6.x. This
continues to work with iptables 1.8.2.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agoiproute2: simplify linking libelf for eBFP/XDP object file support
Tony Ambardar [Sat, 24 Nov 2018 00:33:45 +0000 (16:33 -0800)]
iproute2: simplify linking libelf for eBFP/XDP object file support

Simplify build and runtime dependencies on libelf, which allows tc and ip
to load BPF and XDP object files respectively.

Preserve optionality of libelf by having configuration script follow the
HAVE_ELF environment variable, used similarly to the HAVE_MNL variable.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agoiproute2: use tc package variant to limit other package sizes
Tony Ambardar [Sun, 16 Dec 2018 02:26:48 +0000 (18:26 -0800)]
iproute2: use tc package variant to limit other package sizes

Replace the old 'tc' with a singleton package variant which will be used
to enable additional functionality and limit it only to tc. Non-variant
packages will only be installed during 'tiny' variant builds, hence will
be configured without extra features, thus preserving previously limited
functionality and reduced package sizes.

Also set ip-tiny as the default variant, and install 'tiny' versions of
development libraries.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agoiproute2: simplify Makefile, patches and fix feature detection
Tony Ambardar [Sat, 24 Nov 2018 07:56:24 +0000 (23:56 -0800)]
iproute2: simplify Makefile, patches and fix feature detection

Compile-based feature detection (e.g. xtables, ipset support) was broken
due to silent compilation errors in the configure script, caused by a
Makefile variable KERNEL_INCLUDE referring to kernel build headers. Use
userspace headers by setting the same "user_headers" kernel include path
as used for the iptables build.

Remove redundant or unused Build/Configure definitions from package
Makefile, including KERNEL_INCLUDE, LIBC_INCLUDE and DBM includes.

Don't pass LDFLAGS within MAKE_FLAGS as this interferes with LDFLAGS in
tc/Makefile and masks a link parameter ("-Wl,-export-dynamic"). Instead,
use standard TARGET_LDFLAGS.

Replace EXTRA_CCOPTS in MAKE_FLAGS with cleaner TARGET_CPPFLAGS, and also
drop now unneeded patch 150-extra-ccopts.patch.

Enable defining XT_LIB_DIR from Makefile, needed to set the iptables
modules directory to something other than /lib/xtables, and also add
libxtables dependency. Both are needed with working xtables detection.
Note that libxtables is also pulled in by iptables, firewall or luci, so
this change has no size impact in most cases.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agoiproute2: fix broken configuration patch
Tony Ambardar [Fri, 23 Nov 2018 09:09:23 +0000 (01:09 -0800)]
iproute2: fix broken configuration patch

Since v4.13, iproute2 switched to a config.mk file with greater use of
pkg-config for library/feature detection. Replace the old Config patch
with one modifying the configure script but enabling the same changes:
 - explicitly disable TC_CONFIG_ATM
 - rely on feature detection for IP_CONFIG_SETNS and TC_CONFIG_XT

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agobase-files: enable BPF JIT sysctl by default
Tony Ambardar [Tue, 18 Dec 2018 06:13:22 +0000 (22:13 -0800)]
base-files: enable BPF JIT sysctl by default

Set net.core.bpf_jit_enable=1 in /etc/sysctl.d/10-default.conf.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agokernel: enable CONFIG_BPF_JIT by default
Tony Ambardar [Tue, 18 Dec 2018 05:29:33 +0000 (21:29 -0800)]
kernel: enable CONFIG_BPF_JIT by default

Enable the built-in BPF JIT compiler for all 4.9, 4.14 and 4.19 kernels,
which should speed up cBPF and eBPF-based packet filtering (tc, iptables)
and packet sniffing (libpcap, tcpdump, fwknopd, etc).

This has minimal kernel size impact, increasing the size of uImage-lzma
(normally ~2 MB on mips_24kc or mips64el_mips64) by 5 KB for the MIPS32
arch cBPF JIT and by 9 KB for the MIPS64 arch eBPF JIT, on kernel 4.14.

With JIT enabled (cBPF only), the standard BPF test module (test_bpf.ko)
running on a DIR-835 (mips_24kc) used 33 CPU seconds, but 68 without JIT.

This change aligns with the notion of OpenWRT as the network go-to swiss
army knife for packet handling, especially on CPU-constrained platforms.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agokernel/modules: add kmod-bpf-test package
Tony Ambardar [Mon, 19 Nov 2018 17:16:48 +0000 (09:16 -0800)]
kernel/modules: add kmod-bpf-test package

Add the test_bpf module that runs various test vectors against the BPF
interpreter or BPF JIT compiler. The module must be manually loaded, as
with the kmod-crypto-test module which serves a similar purpose.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agokernel/modules: add kmod-sched-bpf package
Tony Ambardar [Fri, 26 Oct 2018 09:16:32 +0000 (02:16 -0700)]
kernel/modules: add kmod-sched-bpf package

Add cls_bpf and act_bpf modules for additional tc classifier and action
support of cBPF and eBPF.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agokernel/modules: add kmod-sched-ipset package
Tony Ambardar [Tue, 30 Oct 2018 13:27:04 +0000 (06:27 -0700)]
kernel/modules: add kmod-sched-ipset package

Add em_ipset module to support tc filter classification by IP set. Build
as a standalone package to help avoid pulling in rest of kmod-sched and
isolate new dependency on kmod-ipt-ipset.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agokernel/modules: kmod-sched: add some common, useful actions
Tony Ambardar [Tue, 30 Oct 2018 12:50:51 +0000 (05:50 -0700)]
kernel/modules: kmod-sched: add some common, useful actions

Add act_pedit, act_csum, act_gact and act_simple modules for additional
tc action support. Module act_simple helps with debug and logging, similar
to iptables LOG target, while act_gact provides common generic actions.
Modules act_pedit and act_csum support general packet mangling, and have
been the subject of feature requests and forum discussions (e.g. DSCP),
as well as being added to the Turris OS fork of OpenWrt ~2 years ago.

Also select dependency kmod-lib-crc32c to support act_csum.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agokernel/modules: kmod-sched-core: add missing dependency, useful module
Tony Ambardar [Tue, 30 Oct 2018 12:50:51 +0000 (05:50 -0700)]
kernel/modules: kmod-sched-core: add missing dependency, useful module

All tc ematch modules, including those in kmod-sched-core and kmod-sched,
use cls_basic as a core dependency. Relocate cls_basic from kmod-sched to
kmod-sched-core to avoid requiring kmod-sched unnecessarily.

This change is also backwards compatible since any past tc ematch users
will have had to install both kmod-sched-core and kmod-sched anyway.

Add the matchall kernel module cls_matchall introduced in kernel 4.8. The
matchall classifier matches every packet and allows the user to apply
actions on it. It is a simpler, more efficient replacement for the common
but cryptic tc classifier idiom "u32 match u32 0 0".

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
5 years agoath79: add support for Xiaomi Mi Router 4Q
David Bauer [Fri, 1 Feb 2019 19:48:41 +0000 (20:48 +0100)]
ath79: add support for Xiaomi Mi Router 4Q

Hardware
--------
CPU:   Qualcomm Atheros QCA9561
RAM:   64M DDR2
FLASH: 16M SPI-NOR
ETH:   1x WAN - 2x LAN
WiFi:  QCA9561 3T3R
BTN:   1x Reset - 1x WPS
LED:   1x Blue - 1x Red - 1x Yellow
UART:  TX - GND - RX - VCC (From ethernet port)
       115200n8 - 3.3V

Installation
------------
1. Connect to the device via UART.

2. Interrupt the U-Boot on power-on by pressing enter when prompted.

3. Connect you computer to one of the routers LAN ports.
   Assign yourself the IP 192.168.31.10/24.
   Copy the OpenWRT initramfs image to a tftp server root directory.
   Rename the image to 'x4q.bin'.

4. Load the initramfs image to the router by executing following command
   in U-Boot. The image will boot afterwards.

   > tftpboot 0x81000000 x4q.bin; bootm

5. SCP the sysupgrade-image into '/tmp'.
   Remember to assign yourself an IP in 192.168.1.0/24 for this step!

6. Install OpenWRT permanently by executing

   > sysupgrade -n /tmp/<OpenWRT-sysupgrade-image>

Signed-off-by: David Bauer <mail@david-bauer.net>
5 years agogemini: Fix kmod-led-trig-heartbeat typo
Linus Walleij [Thu, 7 Feb 2019 19:47:07 +0000 (20:47 +0100)]
gemini: Fix kmod-led-trig-heartbeat typo

It's kmod-ledtrig-* not kmod-led-trig-*.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
[extended subject]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
5 years agomac80211: ath10k: support for management rate control
Sven Eckelmann [Fri, 8 Feb 2019 20:20:20 +0000 (21:20 +0100)]
mac80211: ath10k: support for management rate control

Issues a wmi command to firmware when multicast rate change is received with the
new BSS_CHANGED_MCAST_RATE flag.  Also fixes the incorrect fixed_rate setting
for CCK rates which got introduced with addition of ath10k_rates_rev2 enum.

By default the firmware uses 1Mbps and 6Mbps rate for management packets
in 2G and 5G bands respectively. But when the user selects different
basic rates from the userspace, we need to send the management
packets at the lowest basic rate selected by the user.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
5 years agoath10k-ct: support for management rate control
Sven Eckelmann [Fri, 8 Feb 2019 20:20:20 +0000 (21:20 +0100)]
ath10k-ct: support for management rate control

By default the firmware uses 1Mbps and 6Mbps rate for management packets
in 2G and 5G bands respectively. But when the user selects different
basic rates from the userspace, we need to send the management
packets at the lowest basic rate selected by the user.

This change makes use of WMI_VDEV_PARAM_MGMT_RATE param for configuring the
management packets rate to the firmware.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
5 years agoath10k-firmware: update Candela Tech firmware images
Christian Lamparter [Sun, 10 Feb 2019 17:27:45 +0000 (18:27 +0100)]
ath10k-firmware: update Candela Tech firmware images

Release notes since last time:

2019-02-08:
  Fix rate-ctrl assert related to bad logic that tried to guess
  that lower bandwidth probes were automatically successful if
  higher was. The NSS mismatch that can happen here caused the
  assert. Just comment out the offending code
  (per comment from original QCA code). This is bug 69.

2019-02-10:
  Fix bssid mis-alignment that broke 4-addr vlan mode (bug 67).
  Original buggy commit was
  commit 2bf89e70ecd1 ("dev-ds: Better packing of wal_vdev struct.")

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
5 years agobuild: add KERNEL_ENTRY and sort DEFAULT_DEVICE_VARS
Christian Lamparter [Wed, 6 Feb 2019 16:41:49 +0000 (17:41 +0100)]
build: add KERNEL_ENTRY and sort DEFAULT_DEVICE_VARS

The KERNEL_ENTRY was missing from the DEFAULT_DEVICE_VARS.

This bug was discovered while preparing alternative images
for the mpc85xx's TP-Link WDR4900-V1, which all failed to
boot due to this:
|## Booting kernel from Legacy Image at 02000000 ...
|   Image Name:   POWERPC OpenWrt Linux-4.14.96
|   Image Type:   PowerPC Linux Kernel Image (uncompressed)
|   Data Size:    2056568 Bytes = 2 MiB
|   Load Address: 01000000
|   Entry Point:  00000000
|   Verifying Checksum ... OK

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
5 years agomac80211: brcmfmac: fix a possible NULL pointer dereference
Rafał Miłecki [Mon, 11 Feb 2019 10:25:54 +0000 (11:25 +0100)]
mac80211: brcmfmac: fix a possible NULL pointer dereference

This fixes a possible crash in the brcmf_fw_request_nvram_done():
[   31.687293] Backtrace:
[   31.689760] [<c004fb4c>] (__wake_up_common) from [<c004fc38>] (__wake_up_locked+0x1c/0x24)
[   31.698043]  r10:c6794000 r9:00000009 r8:00000001 r7:bf54dda0 r6:a0000013 r5:c78e7d38
[   31.705928]  r4:c78e7d3c r3:00000000
[   31.709528] [<c004fc1c>] (__wake_up_locked) from [<c00502a8>] (complete+0x3c/0x4c)
[   31.717148] [<c005026c>] (complete) from [<bf54590c>] (brcmf_fw_request_nvram_done+0x5c8/0x6a4 [brcmfmac])
[   31.726818]  r7:bf54dda0 r6:c6794000 r5:00001990 r4:c6782380
[   31.732544] [<bf545344>] (brcmf_fw_request_nvram_done [brcmfmac]) from [<c0204e40>] (request_firmware_work_func+0x38/0x60)
[   31.743607]  r10:00000008 r9:c6bdd700 r8:00000000 r7:c72c3cd8 r6:c67f4300 r5:c6bda300
[   31.751493]  r4:c67f4300
[   31.754046] [<c0204e08>] (request_firmware_work_func) from [<c0034458>] (process_one_work+0x1e0/0x318)
[   31.763365]  r4:c72c3cc0
[   31.765913] [<c0034278>] (process_one_work) from [<c0035234>] (worker_thread+0x2f4/0x448)
[   31.774107]  r10:00000008 r9:00000000 r8:c6bda314 r7:c72c3cd8 r6:c6bda300 r5:c6bda300
[   31.781993]  r4:c72c3cc0
[   31.784545] [<c0034f40>] (worker_thread) from [<c003984c>] (kthread+0x100/0x114)
[   31.791949]  r10:00000000 r9:00000000 r8:00000000 r7:c0034f40 r6:c72c3cc0 r5:00000000
[   31.799836]  r4:c735dc00 r3:c79ed540
[   31.803438] [<c003974c>] (kthread) from [<c00097d0>] (ret_from_fork+0x14/0x24)
[   31.810672]  r7:00000000 r6:00000000 r5:c003974c r4:c735dc00
[   31.816378] Code: e5b53004 e1a07001 e1a06002 e243000c (e5934000)
[   31.822487] ---[ end trace a0ffbb07a810d503 ]---

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
5 years agoar71xx: add rssileds for xw devices
Koen Vandeputte [Mon, 11 Feb 2019 08:24:11 +0000 (09:24 +0100)]
ar71xx: add rssileds for xw devices

Commit 7ebbbda29377 ("ar71xx: ubnt-(xm,xw): fix LED RSSI indication")
adds support for using the RSSI strenght via LEDS.

The rssileds package addition got lost during altering the patch.
Add it again to fix this.

Fixes: 7ebbbda29377 ("ar71xx: ubnt-(xm,xw): fix LED RSSI indication")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agotools/mpfr: Update to 4.0.2
Daniel Engberg [Sun, 10 Feb 2019 11:32:19 +0000 (11:32 +0000)]
tools/mpfr: Update to 4.0.2

Update mpfr to 4.0.2
Use official site as last resort
Force thread-safety functionality
Refresh patches

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
5 years agotools/bison: Update to 3.3.2
Daniel Engberg [Sun, 10 Feb 2019 12:16:30 +0000 (12:16 +0000)]
tools/bison: Update to 3.3.2

Update bison to 3.3.2
Enable pthreads support
Refresh patches

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
5 years agotools/sed: Update to 4.7
Daniel Engberg [Sun, 10 Feb 2019 12:35:19 +0000 (12:35 +0000)]
tools/sed: Update to 4.7

Update sed to 4.7
Enable pthreads support

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
5 years agotools/tar: Update to 1.31
Daniel Engberg [Sun, 10 Feb 2019 11:53:02 +0000 (11:53 +0000)]
tools/tar: Update to 1.31

Update tar to 1.31
Fixes CVE-2018-20482
Switch to tar.xz tarball
Refresh patches

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
5 years agoglibc: update to latest 2.27 commit [BZ #24180]
Hans Dedecker [Sat, 9 Feb 2019 19:54:52 +0000 (20:54 +0100)]
glibc: update to latest 2.27 commit [BZ #24180]

9f44fa22cb Add compiler barriers around modifications of the robust mutex list for pthread_mutex_trylock. [BZ #24180]

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agovti: remove setting default firewall zone to wan
Hans Dedecker [Sat, 9 Feb 2019 19:59:55 +0000 (20:59 +0100)]
vti: remove setting default firewall zone to wan

Same reasoning as in bdedb798150a58ad7ce3c4741f2f31df97e84c3f; don't set
default firewall zone to wan as the firewall zone for the vti interface
can be configured in the firewall config or it makes it impossible not to
specify a firewall zone for the vti interface.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agoipip: remove setting default firewall zone to wan
Hans Dedecker [Sat, 9 Feb 2019 19:48:11 +0000 (20:48 +0100)]
ipip: remove setting default firewall zone to wan

Same reasoning as in bdedb798150a58ad7ce3c4741f2f31df97e84c3f; don't set
default firewall zone to wan as the firewall zone for the ipip interface
can be configured in the firewall config or it makes it impossible not to
specify a firewall zone for the ipip interface.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agokernel: fold xt_FLOWOFFLOAD fixes into the main patch
Felix Fietkau [Thu, 31 Jan 2019 17:26:30 +0000 (18:26 +0100)]
kernel: fold xt_FLOWOFFLOAD fixes into the main patch

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 years agonetfilter: fix checking method of conntrack helper
HsiuWen Yen [Thu, 31 Jan 2019 16:45:22 +0000 (00:45 +0800)]
netfilter: fix checking method of conntrack helper

This patch uses nfct_help() to detect whether an established connection
needs conntrack helper instead of using test_bit(IPS_HELPER_BIT,
&ct->status).

The reason for this modification is that IPS_HELPER_BIT is only set when
the conntrack helper is attached by explicit CT target.

However, in the case that a device enables conntrack helper via the other
ways (e.g., command "echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper")
, the status of IPS_HELPER_BIT will not present any change. That means the
IPS_HELPER_BIT might lose the checking ability in the context.

Signed-off-by: HsiuWen Yen <y.hsiuwen@gmail.com>
5 years agobase-files: do not strip fwtool signature data during check
Felix Fietkau [Sat, 9 Feb 2019 13:34:12 +0000 (14:34 +0100)]
base-files: do not strip fwtool signature data during check

Same reason as in commit 9808bd279927bcd2d3a78d19a55229b93bbbcf05 -
sysupgrade --test must not alter the image in any way

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 years agoar71xx: ubnt-(xm,xw): fix LED RSSI indication
Lech Perczak [Tue, 11 Sep 2018 21:50:56 +0000 (23:50 +0200)]
ar71xx: ubnt-(xm,xw): fix LED RSSI indication

When mapping for RSSI LEDs was defined for interface wlan0 on
Ubiquiti XM and XW family, it missed connection to actual interface.
Therefore create the mapping to interface, so RSSI LEDs work without
additional configuration, after starting rssileds service.

Also add the required package for this.

While at that, remove coefficients needed for PWM LEDs, as XM and XW
boards do not support PWM LEDs.

Tested-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
[Squashed commits + remove custom device_packages + slighty rewrite the commit msg]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoar71xx: fix RB941-2nD detection
Julien Rabier [Mon, 4 Feb 2019 20:03:35 +0000 (21:03 +0100)]
ar71xx: fix RB941-2nD detection

Some hAP lite routers aren't detected because
/proc/cpuinfo shows "RouterBOARD RB941-2nD"
instead of "RouterBOARD 941-2nD".

Fix that.

Signed-off-by: Julien Rabier <taziden@flexiden.org>
[Alter string to include all flavours + slight rewrite of commit msg]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoar71xx: fix Arduino Yun enabling of level shifters outputs
Edoardo Scaglia [Fri, 1 Feb 2019 15:43:46 +0000 (16:43 +0100)]
ar71xx: fix Arduino Yun enabling of level shifters outputs

As show in Arduino Yun schematic [1] GPIO 21 and 22 are connected to
output enable pin (OE) of two NTB01xx level shifters.

NTB01xx datasheets [2] [3] states that OE pin are active-high
therefore we should initialize GPIO 21 (DS_GPIO_OE) and GPIO 22
(DS_GPIO_OE2) accordingly to actually enable level shifters outputs.

[1] https://www.arduino.cc/en/uploads/Main/arduino-Yun-schematic.pdf
[2] https://www.nxp.com/docs/en/data-sheet/NTB0102.pdf
[3] https://www.nxp.com/docs/en/data-sheet/NTB0104.pdf

Signed-off-by: Edoardo Scaglia <edoardo.87@gmail.com>
5 years agokernel: add missing symbols to 4.19
Petr Štetiar [Thu, 3 Jan 2019 19:20:19 +0000 (20:20 +0100)]
kernel: add missing symbols to 4.19

While preparing 4.19 for imx6 and test building it with
CONFIG_ALL_KMODS=y with verbose mode enabled, I was asked by kernel
config about few missing symbols/modules

Let's add them to the generic config.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
[slight rewrite of commit log]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.19 to 4.19.20
Koen Vandeputte [Thu, 7 Feb 2019 10:34:28 +0000 (11:34 +0100)]
kernel: bump 4.19 to 4.19.20

Refreshed all patches.

Remove upstreamed:
- 100-arm-cns3xxx-fix-writing-to-wrong-PCI-registers-after.patch

Altered patches:
- 721-phy_packets.patch

Compile-tested on: imx6
Runtime-tested on: imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.14 to 4.14.98
Koen Vandeputte [Thu, 7 Feb 2019 10:10:31 +0000 (11:10 +0100)]
kernel: bump 4.14 to 4.14.98

Refreshed all patches.

Remove upstreamed:
- 100-arm-cns3xxx-fix-writing-to-wrong-PCI-registers-after.patch

Altered patches:
- 721-phy_packets.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.155
Koen Vandeputte [Thu, 7 Feb 2019 10:32:51 +0000 (11:32 +0100)]
kernel: bump 4.9 to 4.9.155

Refreshed all patches.

Remove upstreamed:
- 100-arm-cns3xxx-fix-writing-to-wrong-PCI-registers-after.patch

Altered patches:
- 721-phy_packets.patch

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 3.18 to 3.18.134
Koen Vandeputte [Thu, 7 Feb 2019 10:08:08 +0000 (11:08 +0100)]
kernel: bump 3.18 to 3.18.134

Refreshed all patches.

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agomac80211: rt2x00: remove patch causing low tx power
Daniel Golle [Fri, 8 Feb 2019 03:50:47 +0000 (04:50 +0100)]
mac80211: rt2x00: remove patch causing low tx power

Remove 980-rt2x00-reduce-power-consumption-on-mt7620.patch which in
combination with the most recently added patch reportedly causes TX
power to be too weak.

"without patches rssi on receiver is ~ -23dBm with 980 about -35dBm,
with both patches drops below -40dBm. with 987 only ~-28dBm"

We may need to reconsider this once we have implemented TSSI.

Fixes: cdb58b2bfe ("mac80211: rt2x00: reduce tx power to nominal level on RT6352")
Reported-by: Tomislav Požega <pozega.tomislav@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
5 years agocurl: bump to 7.64.0
Deng Qingfang [Fri, 8 Feb 2019 03:07:04 +0000 (11:07 +0800)]
curl: bump to 7.64.0

Fixed CVEs:

CVE-2018-16890
CVE-2019-3822
CVE-2019-3823

For other changes in version 7.64.0 see https://curl.haxx.se/changes.html#7_64_0

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
5 years agomac80211: rt2x00: reduce tx power to nominal level on RT6352
Daniel Golle [Thu, 7 Feb 2019 23:03:40 +0000 (00:03 +0100)]
mac80211: rt2x00: reduce tx power to nominal level on RT6352

Current implementation of RT6352 support provides too high tx power
at least on iPA/eLNA devices. Reduce amplification of variable gain
amplifier by 6dB to match board target power of 17dBm.
Transmited signal strength with this patch is similar to that of
stock firmware or pandorabox firmware. Throughput measured with iperf
improves. Device tested: Xiaomi Miwifi Mini.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
5 years agogre: remove setting default firewall zone to wan
Florian Eckert [Thu, 11 Oct 2018 11:10:56 +0000 (13:10 +0200)]
gre: remove setting default firewall zone to wan

There are two problems with this behaviour that the zone is set to wan
if no zone config option is defined in the interface section.

* The zone for the interface is "normally" specified in the firewall
config file. So if we have defined "no" zone for this interface zone
option is set now to "wan" additonaly if we add the interface in the firewall
config section to the "lan" zone, the interface is added to lan and wan at once.

iptables-save | grep <iface>

This is not what I expect.

* If I do not want to set a zone to this interface it is not possible.

Remove the default assigment to wan if no zone option is defined.
If some one need the option it stil possible to define this option.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
5 years agoath79: ag71xx: Fix tx queue timeouts during ifup
Petr Štetiar [Thu, 3 Jan 2019 02:25:11 +0000 (03:25 +0100)]
ath79: ag71xx: Fix tx queue timeouts during ifup

On ath79 and UBNT Bullet M XW (ar9342) I was experiencing weird issues during
network setup[1] which I was able to reproduce easily with following commands:

 uci set network.lan.ipaddr='192.168.1.20'
 uci commit network
 ifup lan

Which resulted after some time in:

 ...
 WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:461 dev_watchdog+0x16c/0x280
 NETDEV WATCHDOG: eth0 (ag71xx): transmit queue 0 timed out
 ...

Sometimes I wasn't able to use networking anymore, sometimes it was enough to
just ifdown/ifup lan and network was backup. On ar71xx it was all working just
fine.

I've found out, that it was happening because ag71xx_poll() wasn't called, thus
the TX queue wasn't emptied. The ag71xx_poll() is being called from napi
hrtimer, which is enabled by napi_schedule() in ar71xx_interrupt(), but since
no interrupts were ever fired again after ag71xx_stop() was called, it was
always leading to tx queue timeouts:

 *** ag71xx_hard_start_xmit()
 eth0: packet injected into TX queue
 eth0: raw intr=00000001 TXPS POLL
 eth0: enable polling mode
 eth0: processing TX ring, flush=no
 eth0: disable polling mode, rx=1, tx=1,limit=32

 ( `ifup lan done here` )

 *** ag71xx_stop()
 *** ag71xx_open()
 *** ag71xx_hw_enable()
 IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
 IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
 *** ag71xx_hard_start_xmit()
 eth0: packet injected into TX queue
 *** ag71xx_hard_start_xmit()
 eth0: packet injected into TX queue
 ...
 WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:320 dev_watchdog+0x164/0x274

So I've looked at ag71xx_stop() in ar71xx, added the missing bits to ath79 and
fixed this issue.

1. https://github.com/openwrt/openwrt/pull/1635#issuecomment-448638246

Signed-off-by: Petr Štetiar <ynezz@true.cz>
[move ag->link before ag71xx_hw_disable to retain ordering as original]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: rename symbol in kernel 4.19 config
Koen Vandeputte [Thu, 7 Feb 2019 12:01:35 +0000 (13:01 +0100)]
kernel: rename symbol in kernel 4.19 config

A symbol was renamed upstream starting from kernel 4.18 [1]

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.0-rc5&id=34b13e5e4641c0e9e0aad471a6d8dfb7999276f1

5 years agonat46: Fix mirror hash
Hauke Mehrtens [Thu, 7 Feb 2019 10:12:49 +0000 (11:12 +0100)]
nat46: Fix mirror hash

The package hash does not match the one of the package found on the
mirrors and which is generated when I do the git clone.

Fixes: 4856fa30a6c ("nat46: import for routing, add myself as maintainer")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
5 years agobrcm2708: fix early bootloader config restore
Stijn Tintel [Tue, 5 Feb 2019 02:34:01 +0000 (04:34 +0200)]
brcm2708: fix early bootloader config restore

Restoring the bootloader config before rebooting fails:
tar: invalid tar magic

Add the -z option to the tar command to fix this.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
5 years agobrcm2708: drop 4.9 support
Stijn Tintel [Sat, 2 Feb 2019 20:53:15 +0000 (21:53 +0100)]
brcm2708: drop 4.9 support

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
5 years agoath79: add support for TP-LINK Archer C7 v4
Oldřich Jedlička [Tue, 1 Jan 2019 22:11:49 +0000 (23:11 +0100)]
ath79: add support for TP-LINK Archer C7 v4

TP-Link Archer C7 v4 is a dual-band AC1750 router, based on the
Qualcomm/Atheros QCA9561 SoC + QCA9880.

Specification:

- 775/650/258 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 3T3R 5 GHz
- 5x 10/100/1000 Mbps Ethernet
- 7x LED, 2x button
- UART header on PCB

Flash instruction:
1. Upload openwrt-ath79-generic-tplink_archer-c7-v4-squashfs-factory.bin
   via Web interface

Flash instruction using TFTP recovery:
1. Set PC to fixed ip address 192.168.0.66
2. Download openwrt-ath79-generic-tplink_archer-c7-v4-squashfs-factory.bin
   and rename it to ArcherC7v4_tp_recovery.bin
3. Start a tftp server with the file tp_recovery.bin in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
   the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
5 years agobuild: Fix missing device variables for artifacts
Petr Štetiar [Fri, 18 Jan 2019 08:25:59 +0000 (09:25 +0100)]
build: Fix missing device variables for artifacts

It was reported to me today on IRC, that building of artifacts doesn't
work properly if the concat_cmd references DEVICE_NAME variable. I've
found out, that it's due to missing call of Device/Export in artifacts
building code path, so this patch adds the missing Device/Export call
which in turn exports DEFAULT_DEVICE_VARS into the artifacts
environment.

Fixes: 493c9a35516c ("build: Introduce building of artifacts")
Tested-by: Oskari Lemmela <oskari@lemmela.net>
Reported-by: Oskari Lemmela <oskari@lemmela.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agoramips: drop m25p,chunked-io from dts
Chuanhong Guo [Mon, 28 Jan 2019 06:37:07 +0000 (14:37 +0800)]
ramips: drop m25p,chunked-io from dts

This option was a spi nor hack which is dropped in commit
bcf4a5f474 ("ramips: remove chunked-io patch and set spi->max_transfer_size instead")

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [edit message]
5 years agoramips: enable MT7610E 5GHz radio of MT7620a_MT7610e EVB
Deng Qingfang [Wed, 9 Jan 2019 12:54:34 +0000 (20:54 +0800)]
ramips: enable MT7610E 5GHz radio of MT7620a_MT7610e EVB

This enables MT7610E of the EVB

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
5 years agoramips: add kmod-mt76x2 to WeVo 11AC NAS
Ju Se Hoon [Tue, 8 Jan 2019 08:54:19 +0000 (17:54 +0900)]
ramips: add kmod-mt76x2 to WeVo 11AC NAS

The WeVo 11AC NAS has a MT7612E 802.11ac chip on the PCB.

Signed-off-by: Ju Se Hoon <joosahoon@gmail.com>
[renamed author from Albis-dev to real name, editted commit message]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
5 years agotoolchain/musl: update to version 1.1.21
Christian Lamparter [Tue, 22 Jan 2019 15:24:11 +0000 (16:24 +0100)]
toolchain/musl: update to version 1.1.21

<https://www.openwall.com/lists/musl/2019/01/21/8>
"This release makes improvements with respect to default thread stack
size, including increasing the default from 80k to 128k, increasing
the default guard size from 4k to 8k, and allowing the default to be
increased via ELF headers so that programs that need larger stacks can
be build without source-level changes, using just LDFLAGS.
Insufficient stack size for AIO threads on kernels that don't honor
the constant MINSIGSTKSZ is also fixed.

The glob core has been rewritten to fix inability to see past
searchable-but-unreadable path components, and to avoid excessive
stack usage and unnecessary syscalls. The tsearch AVL tree
implementation has also been rewritten for better size and
performance. The math library adds more native single-instruction
implementations for arm, s390x, powerpc, and x86_64.

Various bugs are fixed, including several possible deadlocks, one of
which was a new regression in 1.1.20."

detailed release notes can be found in the WHATSNEW file:
<http://git.musl-libc.org/cgit/musl/tree/WHATSNEW#n1989>

Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
5 years agoramips: dts: Unify naming of gpio-led nodes
Petr Štetiar [Sun, 30 Dec 2018 11:42:53 +0000 (12:42 +0100)]
ramips: dts: Unify naming of gpio-led nodes

In DTS Checklist[1] we're now demanding proper generic node names, as
the name of a node should reflect the function of the device and use
generic name for that[2]. Everybody seems to be copy&pasting from DTS
files available in the repository today, so let's unify that naming
there as well and provide proper examples.

1. https://openwrt.org/submitting-patches#dts_checklist
2. https://github.com/devicetree-org/devicetree-specification/blob/master/source/devicetree-basics.rst#generic-names-recommendation

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [split up]
5 years agoramips: dts: Unify naming of gpio-keys nodes
Petr Štetiar [Sun, 30 Dec 2018 11:17:25 +0000 (12:17 +0100)]
ramips: dts: Unify naming of gpio-keys nodes

In DTS Checklist[1] we're now demanding proper generic node names, as
the name of a node should reflect the function of the device and use
generic name for that[2]. Everybody seems to be copy&pasting from DTS
files available in the repository today, so let's unify that naming
there as well and provide proper examples.

1. https://openwrt.org/submitting-patches#dts_checklist
2. https://github.com/devicetree-org/devicetree-specification/blob/master/source/devicetree-basics.rst#generic-names-recommendation

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [split up]
5 years agoipq40xx: fix ASUS RT-AC58U switch port numbering
Christian Lamparter [Thu, 31 Jan 2019 21:29:32 +0000 (22:29 +0100)]
ipq40xx: fix ASUS RT-AC58U switch port numbering

This patch fixes the ASUS' RT-AC58U port order by
unifying the configuration with the NBG6617.

Reported-by: Roberto Socrates (rtac58u-user on the forum)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
5 years agoipq40xx: consolidate 02_network board defaults
Christian Lamparter [Thu, 31 Jan 2019 21:23:53 +0000 (22:23 +0100)]
ipq40xx: consolidate 02_network board defaults

This patch splits the big board case switch in 02_network in
two functions ipq40xx_setup_interfaces() and ipq40xx_setup_macs()
just like ath79 and ramips do.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
5 years agobrcm63xx: dts: Unify naming of gpio-led nodes
Petr Štetiar [Sun, 30 Dec 2018 11:42:53 +0000 (12:42 +0100)]
brcm63xx: dts: Unify naming of gpio-led nodes

In DTS Checklist[1] we're now demanding proper generic node names, as
the name of a node should reflect the function of the device and use
generic name for that[2]. Everybody seems to be copy&pasting from DTS
files available in the repository today, so let's unify that naming
there as well and provide proper examples.

1. https://openwrt.org/submitting-patches#dts_checklist
2. https://github.com/devicetree-org/devicetree-specification/blob/master/source/devicetree-basics.rst#generic-names-recommendation

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [split up]
5 years agobrcm63xx: dts: Unify naming of gpio-keys nodes
Petr Štetiar [Sun, 30 Dec 2018 11:17:25 +0000 (12:17 +0100)]
brcm63xx: dts: Unify naming of gpio-keys nodes

In DTS Checklist[1] we're now demanding proper generic node names, as
the name of a node should reflect the function of the device and use
generic name for that[2]. Everybody seems to be copy&pasting from DTS
files available in the repository today, so let's unify that naming
there as well and provide proper examples.

1. https://openwrt.org/submitting-patches#dts_checklist
2. https://github.com/devicetree-org/devicetree-specification/blob/master/source/devicetree-basics.rst#generic-names-recommendation

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [split up]
5 years agoglibc: update to latest 2.27 commit (BZ #24155,BZ #24097)
Hans Dedecker [Mon, 4 Feb 2019 20:24:02 +0000 (21:24 +0100)]
glibc: update to latest 2.27 commit (BZ #24155,BZ #24097)

2ebadb6451 x86-64 memcmp: Use unsigned Jcc instructions on size [BZ #24155]
3a5ae8db68 x86-64 strnlen/wcsnlen: Properly handle the length parameter [BZ #24097]
2c016ffa24 x86-64 strncpy: Properly handle the length parameter [BZ #24097]
d8457edece x86-64 strncmp family: Properly handle the length parameter [BZ #24097]
55f8812858 x86-64 memset/wmemset: Properly handle the length parameter [BZ #24097]
efc3714845 x86-64 memrchr: Properly handle the length parameter [BZ #24097]
a4690969ed x86-64 memcpy: Properly handle the length parameter [BZ #24097]
6465327195 x86-64 memcmp/wmemcmp: Properly handle the length parameter [BZ #24097]
50117e00a1 x86-64 memchr/wmemchr: Properly handle the length parameter [BZ #24097]

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agoath10k-firmware: update Candela Tech firmware images
Koen Vandeputte [Mon, 4 Feb 2019 10:48:48 +0000 (11:48 +0100)]
ath10k-firmware: update Candela Tech firmware images

*  Jan 2, 2019
Rebase patches to make 9980 bisectable.

*  Jan 2, 2019
Fix scheduling related assert when wal-peer is deleted with pending
tx buffers (bug 54, and others)

*  Jan 7, 2019:
Fix specifying retransmits for AMPDU frames.  It was previously ignored
since it is a 'software' retransmit instead of a hardware retransmit.

*  Jan 9, 2019
Fix potential way to get zero rates selected (and then assert)

*  Jan 18, 2019
pfsched has specific work-around to just return if we find invalid flags AND
if we are in an out-of-order situation.  Maybe this is last of the pfsched
related issues (bug 54 and similar).

*  Jan 24, 2019
The rcSibUpdate method can be called concurrently with IRQ tx-completion callback,
and that could potentially allow the tx-completion callback to see invalid state
and assert or otherwise mess up the rate-ctrl logic.  So, disable IRQs in
rcSibUpdate to prevent this.  Related to bug 58.

*  Jan 28, 2019
Ensure that cached config is applied to ratectrl objects when fetched from
the cache.  This should fix part of bug 58.

*  Jan 28, 2019
Ensure that ratectrl objects from cachemgr are always initialized.  This fixes
another part of bug 58.

*  Jan 30, 2019
Better use of temporary rate-ctrl object.  Make sure it is initialized, simplify
code path.  This finishes up porting forward similar changes I made for wave-1
firmware long ago, and fixes another potential way to hit bug-58 issues.

*  Jan 30, 2019
Cachemgr did not have a callback for when memory was logically freed.  This means
that peers could keep stale references to rate-ctrl objects that were in process
of being DMA'd into to load a different peer's rate-ctrl state.  This was causing
the bugcheck logic to fail early and often, and I suspect it might be a root cause
of bug 58 as well.  The fix is to add a callback and set any 'deleted' memory references
to NULL so that we cannot access it accidentally.  Thanks to excellent logs and patience
from the bug-58 reporter!

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agotoolchain/gcc: backport FORTIFY patch to 5.5.0
Hans Dedecker [Mon, 4 Feb 2019 07:48:01 +0000 (08:48 +0100)]
toolchain/gcc: backport FORTIFY patch to 5.5.0

Commit e61061a0886e2d0d6b075d75ae9b53d0a6bc9042 added support for hardening
options  in the toolchain. However this breaks the gcc5.5.0 compilation in
case FORTIFY_SOURCE is set different from FORTIFY_SOURCE_NONE as reported
in [1].
Fix this by backporting the upstream patch which fixes this in later gcc versions

[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?format=multiple&id=61164

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agomt76: update to the latest version
Felix Fietkau [Sun, 3 Feb 2019 19:45:26 +0000 (20:45 +0100)]
mt76: update to the latest version

a9d4c0e mt76: mt76x2: avoid running DPD calibration if tx is blocked
4d7e13f mt76: explicitly disable energy detect cca during scan
e3c1aad mt76: run MAC work every 100ms
4e8766a mt76: clear CCA timer stats in mt76x02_edcca_init
e301f23 mt76: measure the time between mt76x02_edcca_check runs
74075ef mt76: increase ED/CCA tx block threshold

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 years agokernel: Fix drm dependency on drm_panel_orientation_quirks.ko for 4.19
Petr Štetiar [Thu, 3 Jan 2019 20:31:41 +0000 (21:31 +0100)]
kernel: Fix drm dependency on drm_panel_orientation_quirks.ko for 4.19

Package kmod-drm is missing dependencies for the following libraries:

 drm_panel_orientation_quirks.ko

It seems, that since Linux 4.15-rc2 drm depends on drm_panel_orientation_quirks.ko

 commit 8d70f395e6cbece665b12b4bf6dbc48d12623014
 Author: Hans de Goede <j.w.r.degoede@gmail.com>
 Date:   Sat Nov 25 20:35:49 2017 +0100

    drm: Add support for a panel-orientation connector property, v6

    On some devices the LCD panel is mounted in the casing in such a way that
    the up/top side of the panel does not match with the top side of the
    device (e.g. it is mounted upside-down).

    This commit adds the necessary infra for lcd-panel drm_connector-s to
    have a "panel orientation" property to communicate how the panel is
    orientated vs the casing.

    Userspace can use this property to check for non-normal orientation and
    then adjust the displayed image accordingly by rotating it to compensate.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agokernel: bump 4.19 to 4.19.19
Koen Vandeputte [Thu, 31 Jan 2019 15:53:27 +0000 (16:53 +0100)]
kernel: bump 4.19 to 4.19.19

Refreshed all patches.

Remove upstreamed patch:
- 800-v5.0-usb-leds-fix-regression-in-usbport-led-trigger.patch

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.14 to 4.14.97
Koen Vandeputte [Thu, 31 Jan 2019 15:52:41 +0000 (16:52 +0100)]
kernel: bump 4.14 to 4.14.97

Refreshed all patches.

Adapted patches:
- 012-kbuild-add-macro-for-controlling-warnings-to-linux-c.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.154
Koen Vandeputte [Thu, 31 Jan 2019 14:56:42 +0000 (15:56 +0100)]
kernel: bump 4.9 to 4.9.154

Refreshed all patches.

Adapted patches:
- 012-kbuild-add-macro-for-controlling-warnings-to-linux-c.patch

Compile-tested on: ar7
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agobcm53xx: add first DTS changes queued for the Linux 5.1
Rafał Miłecki [Fri, 1 Feb 2019 06:07:32 +0000 (07:07 +0100)]
bcm53xx: add first DTS changes queued for the Linux 5.1

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
5 years agoramips: rb750gr3: License DTS as GPL-2.0-or-later OR MIT
Anton Arapov [Wed, 16 Jan 2019 07:56:08 +0000 (08:56 +0100)]
ramips: rb750gr3: License DTS as GPL-2.0-or-later OR MIT

Adding license in order to fully satisfy dts checklist:
- https://openwrt.org/submitting-patches#dts_checklist

Signed-off-by: Anton Arapov <arapov@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Acked-by: Thibaut <hacks@slashdirt.org>
Acked-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Acked-by: Chuanhong Guo <gch981213@gmail.com>
Acked-by: Andrew Yong <me@ndoo.sg>
Acked-by: Alex Maclean <monkeh@monkeh.net>
5 years agomt76: update to the latest version
Felix Fietkau [Thu, 31 Jan 2019 22:17:49 +0000 (23:17 +0100)]
mt76: update to the latest version

a4ec45c mt7603: fix LED support (copy CFLAGS from main Makefile)
edda5c5 mt76x02: use mask for vifs
dd52191 mt76x02: use commmon add interface for mt76x2u
a80acaf mt76x02: initialize mutli bss mode when set up address
38e832d mt76x02: minor beaconing init changes
171adaf mt76x02: init beacon config for mt76x2u
dcab682 mt76: beaconing fixes for USB
ff81de1 mt76x02: enable support for IBSS and MESH
8027b5d mt7603: remove copyright headers
e747e80 mt76: fix software encryption issues
2afa0d7 mt7603: remove WCID override for software encrypted frames

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 years agonetifd: handle hotplug event socket errors
Hans Dedecker [Thu, 31 Jan 2019 21:10:58 +0000 (22:10 +0100)]
netifd: handle hotplug event socket errors

5cd7215 system-linux: handle hotplug event socket ENOBUFS errors

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agoopenssl: update list of mirrors
Sven Roederer [Wed, 30 Jan 2019 19:17:10 +0000 (20:17 +0100)]
openssl: update list of mirrors

Host "gd.tuwien.ac.at" does not exists anymore, so we replace it by "ftp.pca.dfn.de" from the official list of mirrors.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
5 years agouboot-omap: add 'rootwait' to the kernel cmdline
Andre Heider [Thu, 31 Jan 2019 10:12:25 +0000 (11:12 +0100)]
uboot-omap: add 'rootwait' to the kernel cmdline

Some SD cards take a while to get detected, fix booting of those.

Signed-off-by: Andre Heider <a.heider@gmail.com>
5 years agoomap: fix build without ext4 rootfs
Andre Heider [Thu, 31 Jan 2019 10:12:24 +0000 (11:12 +0100)]
omap: fix build without ext4 rootfs

Same fix as 7b76219e, just for omap.

Signed-off-by: Andre Heider <a.heider@gmail.com>
5 years agoscripts: ipkg-make-index.sh: dereference symbolic links
Jo-Philipp Wich [Thu, 31 Jan 2019 11:25:19 +0000 (12:25 +0100)]
scripts: ipkg-make-index.sh: dereference symbolic links

Use `stat -L` instead of `ls -l` to follow symbolic links when obtaining
the file size of .ipk archives.

Without this change, the size of the symlink, not the size of the target
file is encoded in the package index file.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agodnsmasq: latest pre-2.81 patches
Kevin Darbyshire-Bryant [Fri, 18 Jan 2019 08:56:59 +0000 (08:56 +0000)]
dnsmasq: latest pre-2.81 patches

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
5 years agoopkg: update to latest Git head
Jo-Philipp Wich [Thu, 31 Jan 2019 09:22:03 +0000 (10:22 +0100)]
opkg: update to latest Git head

d4ba162 libopkg: only perform size check when information is available

Fixes: e079591b84 ("opkg: update to latest Git head")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agoopkg: update to latest Git head
Jo-Philipp Wich [Thu, 31 Jan 2019 07:49:27 +0000 (08:49 +0100)]
opkg: update to latest Git head

cb66403 libopkg: check for file size mismatches

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agomt76: update to the latest version
Felix Fietkau [Wed, 30 Jan 2019 14:17:01 +0000 (15:17 +0100)]
mt76: update to the latest version

c3da1aa mt7603: trigger beacon stuck detection faster
7a53138 mt7603: trigger watchdog reset if flushing CAB queue fails
6eef33b mt7603: remove mt7603_txq_init
ae30c30 mt76: add driver callback for when a sta is associated
0db925f mt7603: update HT/VHT capabilities after assoc
b5ac8e4 mt7603: initialize LED callbacks only if CONFIG_MT76_LEDS is set
c989bac mt76x0: eeprom: fix chan_vs_power map in mt76x0_get_power_info
24bd2c0 mt76x0: phy: report target_power in debugfs
bc7ce2a mt76x0: init: introduce mt76x0_init_txpower routine

Signed-off-by: Felix Fietkau <nbd@nbd.name>
5 years agoramips: fix D-Link DIR-615 H1 switch port mapping
Mirko Parthey [Wed, 30 Jan 2019 00:24:36 +0000 (01:24 +0100)]
ramips: fix D-Link DIR-615 H1 switch port mapping

Reuse a device-specific switch port mapping which also applies to the
D-Link DIR-615 H1.

Signed-off-by: Mirko Parthey <mirko.parthey@web.de>
5 years agobase-files: config_get: prevent filename globbing
Günther Kelleter [Mon, 8 Oct 2018 13:30:00 +0000 (15:30 +0200)]
base-files: config_get: prevent filename globbing

When config_get is called as "config_get section option" the option
is unexpectedly globbed by the shell which differs from the way options
are read to a variable with "config_get variable section option".
Add another layer of double quotes to fix it.

Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
5 years agobuild: Use LINUX_DIR for Kernel/Patch
Michal Hrusecky [Thu, 11 Oct 2018 16:23:19 +0000 (18:23 +0200)]
build: Use LINUX_DIR for Kernel/Patch

Use LINUX_DIR as a path when patching kernel. Doesn't break the current usage,
but allows to create packages that will contain variation of a kernel with
kernel being build in some subdirectory of PKG_BUILD_DIR.

Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
5 years agoar71xx: fix packed-not-aligned error with GCC 8.
Jo-Philipp Wich [Sat, 20 Oct 2018 10:18:03 +0000 (12:18 +0200)]
ar71xx: fix packed-not-aligned error with GCC 8.

Building ar71xx currently fails with:

    In file included from ./include/linux/ipv6.h:5,
                     from ./include/net/ipv6.h:16,
                     from ./include/net/inetpeer.h:16,
                     from ./include/net/ip_fib.h:24,
                     from ./include/net/switchdev.h:17,
                     from ./include/net/dsa.h:23,
                     from arch/mips/ath79/dev-dsa.h:15,
                     from arch/mips/ath79/dev-dsa.c:17:
    ./include/uapi/linux/ipv6.h:107:1: error: alignment 1 of 'struct ipv6_destopt_hao' is less than 2 [-Werror=packed-not-aligned]
     } __attribute__((packed));

Address this issue by correcting the alignment of the struct packing
pragma accordingly.

Fixes: FS#1805
Reported-by: Pascal Ernster <git@hardfalcon.net>
[reword subject, rewrap commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agobuild: fix umask detection bashism
Thorsten Glaser [Mon, 22 Oct 2018 17:28:50 +0000 (19:28 +0200)]
build: fix umask detection bashism

the leading 0 is optional and not emitted by some shells

Signed-off-by: Thorsten Glaser <tg@mirbsd.org>
5 years agobuild: fix STAGING_DIR cleaning for packages
Jeffery To [Wed, 12 Dec 2018 17:33:36 +0000 (01:33 +0800)]
build: fix STAGING_DIR cleaning for packages

This fixes two issues with cleaning package files from STAGING_DIR:

* CleanStaging currently can only remove files and not directories. This
  changes CleanStaging to use clean-package.sh, which does remove
  directories.

* Because of the way directories are ordered in the staging files list,
  clean-package.sh currently tries (and fails) to remove parent
  directories before removing subdirectories. This changes
  clean-package.sh to process the staging files list in reverse, so that
  subdirectories are removed first.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
5 years agobusybox: keep syslog.conf during sysupgrade
Val Kulkov [Thu, 20 Dec 2018 20:04:43 +0000 (15:04 -0500)]
busybox: keep syslog.conf during sysupgrade

If a user finds that logd is too barebone for their needs and wishes
to have more control over syslog, the user presently has an option
to enable CONFIG_BUSYBOX_CONFIG_FEATURE_SYSLOG and configure syslog
with settings in /etc/syslog.conf.

Presently /etc/syslog.conf silently disappears on sysupgrade. This
patch prevents such unwanted behaviour if busybox syslog is enabled
via CONFIG_BUSYBOX_CONFIG_FEATURE_SYSLOG.

Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
5 years agoar71xx: use correct wan mac address for the TP-Link Archer C7 v4
David Santamaría Rogado [Fri, 18 Jan 2019 21:28:41 +0000 (22:28 +0100)]
ar71xx: use correct wan mac address for the TP-Link Archer C7 v4

The correct MAC address for this device is lan_mac +1, there is no
need to set lan_mac so use base_mac variable instead lan_mac.

Based on this PR for ath79:
https://github.com/openwrt/openwrt/pull/1726

Signed-off-by: David Santamaría Rogado <howl.nsp@gmail.com>
[fix alphabetical ordering, reword subject]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agoopenssl: bump to 1.0.2q
Sven Roederer [Mon, 28 Jan 2019 19:11:50 +0000 (20:11 +0100)]
openssl: bump to 1.0.2q

This fixes the following security problems:
 * CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication
 * CVE-2018-0734: Timing vulnerability in DSA signature generation
 * Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module

Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
5 years agouhttpd: disable concurrent requests by default
Jo-Philipp Wich [Wed, 30 Jan 2019 09:12:00 +0000 (10:12 +0100)]
uhttpd: disable concurrent requests by default

In order to avoid straining CPU and memory resources on lower end devices,
avoid running multiple CGI requests in parallel.

Ref: https://forum.openwrt.org/t/high-load-fix-on-openwrt-luci/29006
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agoiproute2: drop libbsd dependency
Hans Dedecker [Tue, 29 Jan 2019 12:37:24 +0000 (13:37 +0100)]
iproute2: drop libbsd dependency

As the usage of libbsd is no longer limited to glibc, prevent libbsd
being picked up by removing the dependency on libbsd.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agowpa_supplicant: fix calling channel switch via wpa_cli on mesh interfaces
Felix Fietkau [Mon, 28 Jan 2019 20:36:44 +0000 (21:36 +0100)]
wpa_supplicant: fix calling channel switch via wpa_cli on mesh interfaces

Signed-off-by: Felix Fietkau <nbd@nbd.name>