openwrt/staging/nbd.git
6 years agomerge: properly remove %n / %N references
Jo-Philipp Wich [Sat, 9 Dec 2017 15:01:14 +0000 (16:01 +0100)]
merge: properly remove %n / %N references

- use %d instead of %n for opkg feed identifiers
- remove %n / %N references from version files

Fixes bf5cef47b3 merge: release/banner: drop release name and update banner.
Fixes FS#1213.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agoramips: fix a typo in 02_network
Pavel Kubelun [Fri, 8 Dec 2017 19:36:06 +0000 (22:36 +0300)]
ramips: fix a typo in 02_network

The typo in network defaults script in ramips target that prevents
defaults to initialize.

Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
6 years agonetifd: always send DHCPv4 hostname
Mathias Kresin [Fri, 8 Dec 2017 08:35:26 +0000 (09:35 +0100)]
netifd: always send DHCPv4 hostname

udhcpc doesn't send a hostname by default. Use the system hostname if
nothing else is specified, to always send a hostname.

It syncs the behaviour to odhcpc, which always sends a hostname.

Signed-off-by: Mathias Kresin <dev@kresin.me>
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoprocd: nand: remove nand_board_name platform override
Mathias Kresin [Fri, 7 Apr 2017 16:06:17 +0000 (18:06 +0200)]
procd: nand: remove nand_board_name platform override

It isn't uses anymore by any target.

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoar71xx: remove nand_board_name platform override
Mathias Kresin [Fri, 7 Apr 2017 16:03:50 +0000 (18:03 +0200)]
ar71xx: remove nand_board_name platform override

The boardname isn't used any longer to find the subdirectory in the
sysupgrade tar archive, which makes this override useless.

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoprocd: nand: dont rely on boardname in nand_upgrade_tar
Mathias Kresin [Fri, 7 Apr 2017 06:39:59 +0000 (08:39 +0200)]
procd: nand: dont rely on boardname in nand_upgrade_tar

Kernel and rootfs in a subdirectory matching the userspace boardname,
was intended to use a single sysupgrade-tar archive for multiple boards
with different kernel/rootfs images. This feature was never used.

Use the first found directory in the tar archive instead of relying on
a directory named according to the userspace boardname.

It allows to change the boardname without adding another compatibility
layer - using the nand_board_name() function - for (sub)targets using
the metadata based image validation in favour to
nand_do_platform_check().

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agokernel: MIPS compile out no-op DMA mapping ops where possible
Felix Fietkau [Tue, 5 Dec 2017 12:01:40 +0000 (13:01 +0100)]
kernel: MIPS compile out no-op DMA mapping ops where possible

Slightly improves networking throughput on some devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoag71xx: Reduce NAPI weight to 32.
Rosen Penev [Mon, 4 Dec 2017 19:40:22 +0000 (11:40 -0800)]
ag71xx: Reduce NAPI weight to 32.

Qualcomm claims this reduces cache misses. Original commit message below:

From: Ben Menchaca <ben.menchaca@qca.qualcomm.com>
Date: Tue, 11 Jun 2013 12:18:46 -0500
Subject: [ag71xx] reduce NAPI weight

In an attempt to increase our cache warmth, we are decreasing NAPI.
This increases the warmth of the reused SKBs.

Signed-off-by: Ben Menchaca <ben.menchaca@qca.qualcomm.com>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agoRevert "ag71xx: Switch from driver to kernel macro for NAPI_WEIGHT."
Rosen Penev [Mon, 4 Dec 2017 19:40:21 +0000 (11:40 -0800)]
Revert "ag71xx: Switch from driver to kernel macro for NAPI_WEIGHT."

The motivation for this was misguided. It turns out tuning the NAPI weight could be useful for testing purposes. Therefore reverting.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agotoolchain: musl: update to current HEAD
Christian Lamparter [Sun, 19 Nov 2017 16:19:23 +0000 (17:19 +0100)]
toolchain: musl: update to current HEAD

Changes:

72656157 fix fgetwc when decoding a character that crosses buffer boundary
a223dbd2 add reverse iconv mappings for JIS-based encodings
105eff9d generalize iconv framework for 8-bit codepages
a71b46cf fix malloc state corruption when ldso rejects loading a second libc
d060edf6 reformat cjk iconv tables to be diff-friendly, match tool output
c21051e9 prevent fork's errno from being clobbered by atfork handlers
a39f20bf add iso-2022-jp support (decoding only) to iconv
5b546faa add iconv framework for decoding stateful encodings
0df5b39a simplify/optimize iconv utf-8 case
9eb6dd51 handle ascii range individually in each iconv case
bff59d13 move iconv_close to its own translation unit
79f49eff refactor iconv conversion descriptor encoding/decoding
30fdda6c fix getaddrinfo error code for non-numeric service with AI_NUMERICSERV
67b29947 fix mismatched type of __pthread_tsd_run_dtors weak definition
13935337 s390x: use generic ioctl.h
4dc44ce8 microblaze: add statx syscall from linux v4.13
ffd048a0 aarch64: add extra_context struct from linux v4.13
6651ef1f add new tcp.h socket options from linux v4.13
14ced228 add new fcntl.h macros from linux v4.13
754f66af ioctl TIOCGPTPEER from linux v4.13
c35a8bf4 add SO_ getsockopt options from linux v4.13
5daaed6a s390x: add syscall number for s390_guarded_storage from linux v4.12
2dc6760f i386: add arch_prctl syscall number from linux v4.12
840d45be aarch64: add new HWCAP_* flags from linux v4.12
4c811227 add ARPHDR_VSOCKMON from linux v4.12
54f04d99 add new SO_ socket options from linux v4.12
9864f60e add statx syscall numbers from linux v4.11
c519658c add TCP_NLA_* enums from linux v4.11
ee3ae782 add TCP_FASTOPEN_CONNECT tcp socket option from linux v4.11
3eb82f73 add ETH_P_IBOE from linux v4.11
bd1560f6 update aarch64 hwcap.h for linux v4.11
cee73f0c add kexec_file_load syscall number on powerpc from linux v4.10
8f569557 add microblaze syscall numbers from linux v4.10
d8004030 add TFD_TIMER_CANCEL_ON_SET that timerfd.h was missing
f5638c22 add ETH_MIN_MTU and ETH_MAX_MTU from linux v4.10
01369691 add IP_RECVFRAGSIZE and IPV6_RECVFRAGSIZE from linux v4.10
5c596ed8 add SCM_TIMESTAMPING_OPT_STATS and related TCP_ enums from linux v4.10
6fc6ca1a adjust posix_spawn dup2 action behavior to match future requirements

Cc: Syrone Wong <wong.syrone@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
6 years agobase-files: upgrade: make get_partitions() endian agnostic
Christian Lamparter [Sun, 19 Nov 2017 16:19:21 +0000 (17:19 +0100)]
base-files: upgrade: make get_partitions() endian agnostic

This patch fixes two issues with the current get_partitions()
function.

First: "Invalid partition table on $disk" will pop up on
legitimate images on big endian system.

This is because the little-endian representation of "55 AA" is
assumed in the context of little-endian architectures. On these
comparing it to the 16-bit word 0xAA55 does work as intented.
Whereas on big-endian systems, this would have to be 0x55AA.

This patch fixes the issue by replacing the integer conversion
and value match check with just a string comparision.

Second: The extraction of the type, start LBA and LBA num from
the partition table has the same endianness issue. This has been
fixed by using the new hex_le32_to_cpu() function. This function
will translate the stored little-endian data to the correct
byte-order if necessary.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
6 years agofirmware: ath10k-firmware: update QCA4019 firmware to 10.4-3.2.1-00058
Christian Lamparter [Sun, 19 Nov 2017 16:19:20 +0000 (17:19 +0100)]
firmware: ath10k-firmware: update QCA4019 firmware to 10.4-3.2.1-00058

This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.2.1-00058 firmware for the QCA4019.

Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
6 years agomerge: etc: update remaining files
Zoltan HERPAI [Tue, 7 Nov 2017 08:45:57 +0000 (09:45 +0100)]
merge: etc: update remaining files

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
6 years agomerge: uhttpd: update cert generation to match system defaults
Zoltan HERPAI [Tue, 7 Nov 2017 08:45:56 +0000 (09:45 +0100)]
merge: uhttpd: update cert generation to match system defaults

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
6 years agomerge: busybox: update CONFIG_NSLOOKUP in busybox config and respective patch
Zoltan HERPAI [Tue, 7 Nov 2017 08:45:55 +0000 (09:45 +0100)]
merge: busybox: update CONFIG_NSLOOKUP in busybox config and respective patch

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
6 years agomerge: packages: update branding in core packages
Zoltan HERPAI [Tue, 7 Nov 2017 08:45:54 +0000 (09:45 +0100)]
merge: packages: update branding in core packages

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
6 years agomerge: ssid: update default ssid
Zoltan HERPAI [Tue, 7 Nov 2017 08:45:53 +0000 (09:45 +0100)]
merge: ssid: update default ssid

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
6 years agomerge: targets: update image generation and targets
Zoltan HERPAI [Tue, 7 Nov 2017 08:45:52 +0000 (09:45 +0100)]
merge: targets: update image generation and targets

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
6 years agomerge: release/banner: drop release name and update banner
Zoltan HERPAI [Tue, 7 Nov 2017 08:45:51 +0000 (09:45 +0100)]
merge: release/banner: drop release name and update banner

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
6 years agomerge: base: update base-files and basic config
Zoltan HERPAI [Tue, 7 Nov 2017 08:45:50 +0000 (09:45 +0100)]
merge: base: update base-files and basic config

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
6 years agomt76: update to the latest version, fixes setting per-vif mac address
Felix Fietkau [Fri, 8 Dec 2017 16:57:24 +0000 (17:57 +0100)]
mt76: update to the latest version, fixes setting per-vif mac address

d02a05b mt7603: update firmware to version 20160107100755
4d4cd05 Partially revert "mt7603: use mcu command to set timing registers, fix OFDM timeout values"
170f334 mt76x2: remove MAC address limitation for multi-vif setups
3563b8f mt76x2: clean up MAC/BSSID address initialization
9de77e1 mt76x2: drop wiphy->addresses
a6a6e25 mt76x2: init: disable APCLI by default
c64633e mt76x2: configure rx filter based on monitor mode setting
ac815fa mt76x2: init: fix rx filter default value during init
e504656 mt7603: configure other-unicast drop based on monitor mode setting

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoar71xx: C58/C59 fix LAN1 working incorrectly
David Bauer [Mon, 27 Nov 2017 03:19:38 +0000 (04:19 +0100)]
ar71xx: C58/C59 fix LAN1 working incorrectly

This commit fixes LAN Port 1 not transferring data in case no
other LAN Port has active link-state on TP-Link Archer C58/C59.

Signed-off-by: David Bauer <mail@david-bauer.net>
6 years agoopenssl: update to 1.0.2n
Peter Wagner [Fri, 8 Dec 2017 05:23:26 +0000 (06:23 +0100)]
openssl: update to 1.0.2n

add no-ssl3-method again as 1.0.2n compiles without the ssl3-method(s)

Fixes CVEs: CVE-2017-3737, CVE-2017-3738

Signed-off-by: Peter Wagner <tripolar@gmx.at>
6 years agotools/sstrip: Fix compile under standard linux.
Rosen Penev [Thu, 23 Nov 2017 21:18:07 +0000 (13:18 -0800)]
tools/sstrip: Fix compile under standard linux.

bswap32 undefined is the issue. Added the proper header. Also fixed a few format/conversion warnings that clang complained about without -Wall or -Wextra.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agoodhcpd: fix faulty PKG_SOURCE_DATE in 711a816
Hans Dedecker [Thu, 7 Dec 2017 17:29:08 +0000 (18:29 +0100)]
odhcpd: fix faulty PKG_SOURCE_DATE in 711a816

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoopkg: bump to version 2017-12-07
Rafał Miłecki [Thu, 7 Dec 2017 17:20:29 +0000 (18:20 +0100)]
opkg: bump to version 2017-12-07

Changes:
3b417b9 opkg_download: decode file:/ URLs
71c27cb file_util: implement urldecode_path()
d1fe095 file_util: consolidate hex/unhex routines
ebdfc12 add opkg option http_timeout
9f003e3 opkg: encode archive filenames while constructing download URLs
73e6c81 file_util: implement urlencode_path() helper
468158f libopkg: fix SHA256 calculation for big endian system

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 years agorpcd: update to version from 2017-12-07
Daniel Golle [Thu, 7 Dec 2017 16:22:05 +0000 (17:22 +0100)]
rpcd: update to version from 2017-12-07

cfe1e75c91bc1 sys: packagelist: allow listing all packages
74a784f037867 sys: fix passwd path

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
6 years agodnsmasq: write atomic host file
Hans Dedecker [Thu, 7 Dec 2017 09:11:50 +0000 (10:11 +0100)]
dnsmasq: write atomic host file

Different invocations of the dnsmasq init script (e.g. at startup by procd)
will rewrite the dhcp host file which might result into dnsmasq reading an
empty dhcp host file as it is being rewritten by the dnsmasq init script.
Let the dnsmasq init script first write to a temp dhcp host file so it does
not overwrite the contents of the existing dhcp host file.

Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agostrace: Update to 4.20
Rosen Penev [Wed, 6 Dec 2017 23:55:25 +0000 (15:55 -0800)]
strace: Update to 4.20

Compiled and tested on mvebu. Mainly a kernel 4.14 change. Also
reordered the Makefile a little bit.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agohostapd: backport fix for wnm_sleep_mode=0
Timo Sigurdsson [Tue, 14 Nov 2017 20:41:30 +0000 (21:41 +0100)]
hostapd: backport fix for wnm_sleep_mode=0

wpa_disable_eapol_key_retries can't prevent attacks against the Wireless
Network Management (WNM) Sleep Mode handshake. Currently, hostapd
processes WNM Sleep Mode requests from clients regardless of the setting
wnm_sleep_mode. Backport Jouni Malinen's upstream patch 114f2830 in
order to ignore such requests by clients when wnm_sleep_mode is disabled
(which is the default).

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[rewrite commit subject (<= 50 characters), bump PKG_RELEASE]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
6 years agohostapd: Expose the tdls_prohibit option to UCI
Timo Sigurdsson [Tue, 14 Nov 2017 20:41:29 +0000 (21:41 +0100)]
hostapd: Expose the tdls_prohibit option to UCI

wpa_disable_eapol_key_retries can't prevent attacks against the
Tunneled Direct-Link Setup (TDLS) handshake. Jouni Malinen suggested
that the existing hostapd option tdls_prohibit can be used to further
complicate this possibility at the AP side. tdls_prohibit=1 makes
hostapd advertise that use of TDLS is not allowed in the BSS.

Note: If an attacker manages to lure both TDLS peers into a fake
AP, hiding the tdls_prohibit advertisement from them, it might be
possible to bypass this protection.

Make this option configurable via UCI, but disabled by default.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
6 years agokernel: bump 4.9 to 4.9.67
Stijn Tintel [Wed, 6 Dec 2017 22:51:31 +0000 (23:51 +0100)]
kernel: bump 4.9 to 4.9.67

Refresh patches.
Remove upstreamed patches:
- generic/190-1-5-e1000e-Fix-error-path-in-link-detection.patch
- generic/190-3-5-e1000e-Fix-return-value-test.patch
- generic/190-4-5-e1000e-Separate-signaling-for-link-check-link-up.patch
- generic/190-5-5-e1000e-Avoid-receiver-overrun-interrupt-bursts.patch
- ramips/0102-MIPS-ralink-Fix-MT7628-pinmux.patch
- ramips/0103-MIPS-ralink-Fix-typo-in-mt7628-pinmux-function
Update patches that no longer apply:
- layerscape/815-spi-support-layerscape.patch
- ramips/0099-pci-mt7620.patch

Compile-tested on ar71xx, brcm2708/bcm2708, octeon and x86/64.
Runtime-tested on ar71xx, brcm2708/bcm2708, octeon and x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
6 years agoiproute2: align ip help text for tiny variant
Hans Dedecker [Wed, 6 Dec 2017 21:14:09 +0000 (22:14 +0100)]
iproute2: align ip help text for tiny variant

Tiny variant supports a subset of the ip commands; align the ip help
text so it actually reflects which commands are supported in the
tiny variant.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoiproute2: update to v4.14.1
Russell Senior [Tue, 28 Nov 2017 07:15:50 +0000 (23:15 -0800)]
iproute2: update to v4.14.1

Preserves optionality of libmnl by letting configuration
script follow the HAVE_MNL environment variable.

Signed-off-by: Russell Senior <russell@personaltelco.net>
6 years agoodhcpd: update to latest git HEAD
Hans Dedecker [Wed, 6 Dec 2017 18:14:38 +0000 (19:14 +0100)]
odhcpd: update to latest git HEAD

c516801 dhcpv4: notify DHCP ACK and RELEASE via ubus

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoramips: add support for Asus RT-N11P / RT-N12+ / RT-N12E b1
Zoltan HERPAI [Wed, 6 Dec 2017 14:43:55 +0000 (15:43 +0100)]
ramips: add support for Asus RT-N11P / RT-N12+ / RT-N12E b1

This is a variant of the MT7620N-based Asus routers.

Specifications:

- MT7620N (580 MHz)
- 32 MB RAM
- 8 MB Flash
- 5x 10/100Mbps Ethernet (built-in switch)
- 2.4 GHz WLAN
- 2x external, non-detachable antennas
- UART (J2) header on PCB (115200 8n1)

Flash instructions:

1. Configure PC with static IP 192.168.1.75/24
2. Connect PC with one of LAN ports, press the reset button, power up
   the router and keep button pressed for around 6-7 seconds. All 4 LEDs will
   start to blink, which is when the router will accept firmware files via TFTP.
   No known limitations on firmware filenames, just send it with a TFTP client
   to 192.168.1.1.
3. Router will download file from server, write it to flash and reboot.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
6 years agodnsmasq: backport infinite dns retries fix
Hans Dedecker [Wed, 6 Dec 2017 13:22:59 +0000 (14:22 +0100)]
dnsmasq: backport infinite dns retries fix

If all configured dns servers return refused in response to a query in
strict mode; dnsmasq will end up in an infinite loop retransmitting the
dns query resulting into high CPU load.
Problem is fixed by checking for the end of a dns server list iteration
in strict mode.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agosdk: restrict base feed repo to public git for CONFIG_BUILDBOT only
Rafał Miłecki [Mon, 4 Dec 2017 11:48:30 +0000 (12:48 +0100)]
sdk: restrict base feed repo to public git for CONFIG_BUILDBOT only

This allows people to build SDK from custom repository (git access using
ssh) and keep original URL in SDK's feeds.conf.default.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
6 years agobuild: avoid failing in append-metadata if image could not be generated
Felix Fietkau [Mon, 4 Dec 2017 19:24:24 +0000 (20:24 +0100)]
build: avoid failing in append-metadata if image could not be generated

The image build might have failed due to a size check

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agosamba36: backport an upstream fix for an information leak (CVE-2017-15275)
Felix Fietkau [Mon, 4 Dec 2017 08:56:32 +0000 (09:56 +0100)]
samba36: backport an upstream fix for an information leak (CVE-2017-15275)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agomt76: update to the latest version, adds stability fixes
Felix Fietkau [Sun, 3 Dec 2017 18:05:06 +0000 (19:05 +0100)]
mt76: update to the latest version, adds stability fixes

11f42a8 mt76x2: add channel argument to eeprom tx power functions
3bd7e76 mt76x2: initialize channel power limits
19fff41 mt76x2: convert between per-chain tx power and combined output
737cf2b mt7603: rename mt7603_mac_reset to mt7603_pse_reset
8026638 mt7603: rename MT_PSE_RESET register
c4dd32a mt7603: remove watchdog reset on interface stop
d99092b mt7603: remove WARN_ON_ONCE for workaround checks
c8807b4 mt7603: simplify PSE reset
d8a5990 mt7603: warn if PSE reset fails
c079960 mt7603: clean up dma debug reads
96817d6 mt7603: make mt7603_mac_watchdog_reset() static
e953c78 mt7603: clear wtbl PS bit for powersave responses
57a2e33 mt7603: set tx-skip flag for powersave clients
c8e5ab1 mt7603: initialize wtbl ps flag on station add
b4034cf mt76x2: remove some harmless WARN_ONs in tx status and rx path
8e17d36 mt7603: remove some harmless WARN_ONs in rx path

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agolayerscape: rename firmware packages to avoid name collisions
Ted Hess [Fri, 1 Dec 2017 21:32:26 +0000 (16:32 -0500)]
layerscape: rename firmware packages to avoid name collisions

layerscape firmware package names collide with existing package contributions.
Ex: layerscape mc and midnight-commander(mc) are in conflict.

Firmware packages: mc, ppa, rcw and dpl are renamed to ls-mc, ls-ppa, ls-rcw
and ls-dpl respectively.

Signed-off-by: Ted Hess <thess@kitschensync.net>
6 years agopackages: dnsmasq: remove unused stamp file
Roman Yeryomin [Fri, 1 Dec 2017 22:05:48 +0000 (00:05 +0200)]
packages: dnsmasq: remove unused stamp file

Signed-off-by: Roman Yeryomin <roman@advem.lv>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
6 years agocurl: bump to 7.57.0 (3 CVEs)
Hans Dedecker [Wed, 29 Nov 2017 21:56:41 +0000 (22:56 +0100)]
curl: bump to 7.57.0 (3 CVEs)

CVE-2017-8816: NTLM buffer overflow via integer overflow
CVE-2017-8817: FTP wildcard out of bounds read
CVE-2017-8818: SSL out of buffer access

For other bugfixes and changes in 7.57.0 see https://curl.haxx.se/changes.html

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoltq-ifxos: fix compilation against glibc
Yousong Zhou [Thu, 30 Nov 2017 06:52:30 +0000 (14:52 +0800)]
ltq-ifxos: fix compilation against glibc

Fixes FS#1196

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
6 years agotarget: replace odhcpd by odhcpd-ipv6only
Hans Dedecker [Wed, 29 Nov 2017 21:26:34 +0000 (22:26 +0100)]
target: replace odhcpd by odhcpd-ipv6only

Replace in router DEFAULT_PACKAGES odhcpd by odhcpd-ipv6only as
such there's no DHCPv4 server functionality overlap with dnsmasq

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agodnsmasq: add interface to ubus notification
Borja Salazar [Wed, 29 Nov 2017 08:32:36 +0000 (09:32 +0100)]
dnsmasq: add interface to ubus notification

Signed-off-by: Borja Salazar <borja.salazar@fon.com>
6 years agomt76: update to the latest version, fixes encrypted mesh support and HT20 issues
Felix Fietkau [Wed, 29 Nov 2017 16:50:02 +0000 (17:50 +0100)]
mt76: update to the latest version, fixes encrypted mesh support and HT20 issues

fc28872 mac80211: add missing include
a4c82ca mt7603: add missing include required on newer kernels
792859b mt76x2: fix transmission of encrypted management frames
a51358e mt76x2: increase OFDM SIFS time

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agomac80211: tweak TSQ settings
Felix Fietkau [Thu, 16 Nov 2017 08:57:13 +0000 (09:57 +0100)]
mac80211: tweak TSQ settings

Latencies can be much higher on wifi devices, especially with
aggregation. Tune the network stack setting introduced in the previous
commit to account for that.
This commit reintroduces the previously reverted one with a fix for the
crash issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agoramips: add missing reset button for Nexx WT1520
INAGAKI Hiroshi [Sat, 25 Nov 2017 16:42:50 +0000 (01:42 +0900)]
ramips: add missing reset button for Nexx WT1520

This commit adds missing the GPIO key used as reset button.
Nexx WT1520 has a GPIO key for factory reset, but it's not defined in
WT1520.dtsi and cannot use it.

Drop the UART (full) from the device tree source file, it was never
used for this board. Adjust the kernel bootargs accordingly.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
[add note about dropped UART (full) to the commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agodnsmasq: fix dhcp-host entries with empty macs
Jo-Philipp Wich [Tue, 28 Nov 2017 11:38:40 +0000 (11:38 +0000)]
dnsmasq: fix dhcp-host entries with empty macs

Due to improper localization of helper variables, "config host" entries
without a given mac address may inherit the mac address of a preceeding,
leading to invalid generated netive configuration.

Fix the issue by marking the "macs" and "tags" helper variables in
dhcp_host_add() local, avoiding the need for explicitely resetting them
with each invocation.

Reported-by: Russell Senior <russell@personaltelco.net>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agoRevert "mac80211: tweak TSQ settings"
Felix Fietkau [Tue, 28 Nov 2017 13:23:09 +0000 (14:23 +0100)]
Revert "mac80211: tweak TSQ settings"

This reverts commit 2dc485250d516f1535eeaf53f0f2f5742e5f9e0c.
This patch needs some additional checks in order to avoid overwriting
unrelated fields for request sockets.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agowireguard: bump to snapshot 20171127
Kevin Darbyshire-Bryant [Mon, 27 Nov 2017 10:14:54 +0000 (10:14 +0000)]
wireguard: bump to snapshot 20171127

== Changes ==

 * compat: support timespec64 on old kernels
 * compat: support AVX512BW+VL by lying
 * compat: fix typo and ranges
 * compat: support 4.15's netlink and barrier changes
 * poly1305-avx512: requires AVX512F+VL+BW

 Numerous compat fixes which should keep us supporting 3.10-4.15-rc1.

 * blake2s: AVX512F+VL implementation
 * blake2s: tweak avx512 code
 * blake2s: hmac space optimization

 Another terrific submission from Samuel Neves: we now have an implementation
 of Blake2s using AVX512, which is extremely fast.

 * allowedips: optimize
 * allowedips: simplify
 * chacha20: directly assign constant and initial state

 Small performance tweaks.

 * tools: fix removing preshared keys
 * qemu: use netfilter.org https site
 * qemu: take shared lock for untarring

 Small bug fixes.

Remove myself from the maintainers list: we have enough and I'm happy to
carry on doing package bumps on ad-hoc basis without the 'official'
title.

Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agolldpd: bump to 0.9.9
Stijn Tintel [Mon, 27 Nov 2017 08:43:23 +0000 (09:43 +0100)]
lldpd: bump to 0.9.9

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
6 years agonghttp2: bump to 1.28.0
Hans Dedecker [Mon, 27 Nov 2017 08:53:37 +0000 (09:53 +0100)]
nghttp2: bump to 1.28.0

939ad5dd Update manual pages
24d92b97 Add deprecation warning when spdylay support is enabled
4c92ff18 Bump up version number to 1.28.0, LT revision to 29:0:15
280db5c6 Update neverbleed
7fbcb2d0 Merge pull request #1074 from nghttp2/fix-doc
53aeb2c3 Fix doc
ff200bfc clang-format-5.0
fee3151f Switch to clang-format-5.0
99a85159 Update manual pages
2a981a3f Merge pull request #1066 from nghttp2/nghttpx-add-affinity-cookie-secure
0028275d nghttpx: Add affinity-cookie-secure parameter to backend option
ee8bfddf Merge pull request #1063 from nghttp2/error_callback2
194acb1f src: Use nghttp2_error_callback2
43a2a70a Add nghttp2_error_callback2
73344ae9 nghttpx: Use plain hex string format for client serial
c479f612 Merge pull request #1060 from nghttp2/nghttpx-add-client-serial
eca0a302 nghttpx: Add $tls_client_serial log variable
4720c5cb nghttpx: Make client serial available in mruby script
cd55ab28 nghttpx: Add function to get serial number from certificate
d402cfdf Merge pull request #1057 from nghttp2/nghttpx-add-tls-client-issuer-name
22502182 Add tls_client_issuer_name log variable and expose it to mruby
05e1fd5e Update manual pages
943d7923 Add Session Affinity section to nghttpx howto
568ecbfb doc: Add missing port
f5ddd7f4 nghttpx: Make initial_addr_idx_ unsigned
88abbce7 nghttpx: Fix compile error with gcc
16e90365 nghttpx: Fix affinity retry
fa7945c6 nghttpx: Refactor
daca43f0 nghttpx: Fix stalled backend connection on retry
16bc11e6 nghttpx: Remove duplicated util::make_socket_nodelay
6f7e94cd Merge pull request #1047 from PiotrSikora/go_vet
61efa15a integration: Fix issues reported by the `go vet` tool.
8c0ea56b Merge pull request #1036 from nghttp2/nghttpx-affinity-cookie
54905371 nghttpx: Refactor
6010d393 integration: Add tests
be5c39a1 src: Add tests
b8fda680 nghttpx: Cookie based session affinity
e29b9c12 Merge pull request #1045 from nghttp2/nghttpx-sha1-fingerprint
539e2781 nghttpx: Add tls_client_fingerprint_sha1 to mruby and accesslog
7008afd4 nghttpx: Refactor get_x509_fingerprint to accept hash function
77a41756 Merge pull request #1041 from nghttp2/fix-examples-client-server
b15045d6 Merge pull request #1040 from nghttp2/nghttpx-mruby-add-more-tls-vars
03084f75 examples: Make client and server work with libevent-2.1.8
60baca27 nghttpx: Add more TLS related attributes to mruby Env object
86990db2 Merge pull request #1038 from nghttp2/nghttpx-add-more-logging-vars
cb376bcd nghttpx: Add client fingerprint and subject name to accesslog
f2b8edd1 nghttpx: Fix memory leak
c4f8afcf nghttpx: Get TLS info only when it is necessary when writing accesslog
1a1a216d Merge pull request #1037 from nghttp2/nghttpx-mruby-tls-client-vars
9f80a82c nghttpx: Add client fingerprint and subject name to mruby env
c573c80b nghttpx: Pass a pointer to SSL instead of TLSSessionInfo to LogSpec
3cd6817e Fix typos
d4a69658 Add another warning about mruby
8e06fe49 Fix typo
aaeeec8f Fix typos
66d5e246 Bump up version number to 1.28.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agobuild: accept gcc/g++ without minor version
Justin Kilpatrick [Sat, 25 Nov 2017 21:14:59 +0000 (16:14 -0500)]
build: accept gcc/g++ without minor version

Build dependency: Please install the GNU C Compiler (gcc) 4.8 or later cc
  -dumpversion | grep -E '(4\.[8-9]|5\.[0-9]|6\.[0-9]|7\.[0-9])'
Build dependency: Please install the GNU C++ Compiler (g++) 4.8 or later
  g++ -dumpversion | grep -E '(4\.[8-9]|5\.[0-9]|6\.[0-9]|7\.[0-9])'

Prerequisite check failed. Use FORCE=1 to override.

On my Fedora 26 machine gcc and g++ -dumpversion returns a whole number
'7' failing the regex introduced in commit:

b78de6207f6fc1a9db857942cb89f9fcf730a240

This change makes minor versions optional in the build dependency regex
for gcc and g++ whenever any minor version would be accepted and the
whole number version is sufficient as a dependency check. For versions
4.* a minor version is still required.

Signed-off-by: Justin Kilpatrick <jkilpatr@redhat.com>
6 years agotoolchain: Test for supported versions of GCC
Daniel Engberg [Fri, 20 Oct 2017 11:47:43 +0000 (13:47 +0200)]
toolchain: Test for supported versions of GCC

Only test for supported versions of GCC
The version bump requirement for GCC is because gdb doesn't build with older
versions.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
6 years agomwlwifi: Update to latest commit in upstream repo
Daniel Engberg [Wed, 1 Nov 2017 10:29:16 +0000 (11:29 +0100)]
mwlwifi: Update to latest commit in upstream repo

Update to latest commit in upstream repo
Bumps 88W8964 firmware to 9.3.0.8

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
6 years agobuild: allow defining license information per binary package
Michael Heimpold [Tue, 31 Oct 2017 20:29:50 +0000 (21:29 +0100)]
build: allow defining license information per binary package

At the moment, license information can only be specified on a
"per source package" level while other metadata fields (e.g. maintainer)
can be given for each binary package. Apply the same logic for license
fields as well. This can be used e.g. in cases where a library is
distributed under some license while related tools are distributed
under a different one.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
6 years agokmod-sched-cake: update to latest git HEAD
Fushan Wen [Sat, 25 Nov 2017 02:19:17 +0000 (10:19 +0800)]
kmod-sched-cake: update to latest git HEAD

dfb2f6c pkt_sched: make compile again
5ab7026 sch_cake: make compile again
6f28803 codel5: make more checkpatch compliant
bd426aa Fix build error on 4.12
e4a3628 Whitespace tidy up

Signed-off-by: Fushan Wen <qydwhotmail@gmail.com>
6 years agokernel: Update kernel 4.4 to 4.4.100
Rosen Penev [Thu, 23 Nov 2017 21:42:13 +0000 (13:42 -0800)]
kernel: Update kernel 4.4 to 4.4.100

Run-tested on ramips

Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agoodhcpd: update to latest git HEAD
Hans Dedecker [Sat, 25 Nov 2017 17:13:41 +0000 (18:13 +0100)]
odhcpd: update to latest git HEAD

92e205d dhcpv6: fix compile issues when CER-ID extension is enabled

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoodhcpd: add a full and ipv6only variant (FS#1188)
Hans Dedecker [Sat, 25 Nov 2017 16:56:01 +0000 (17:56 +0100)]
odhcpd: add a full and ipv6only variant (FS#1188)

Add an ipv6only variant providing server services for RA, stateful and stateless
DHCPv6, prefix delegation and relay support for DHCPv6, NDP and RA.

The full variant called odhcpd supports DHCPv4 server as before.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agokernel: bump 4.9 to 4.9.65
Stijn Tintel [Fri, 24 Nov 2017 09:36:24 +0000 (10:36 +0100)]
kernel: bump 4.9 to 4.9.65

Refresh patches.
Compile-tested: ar71xx, octeon, x86/64.
Runtime-tested: ar71xx, octeon, x86/64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
6 years agowireguard: bump to 20171122
Kevin Darbyshire-Bryant [Fri, 24 Nov 2017 10:28:13 +0000 (10:28 +0000)]
wireguard: bump to 20171122

Bump to latest WireGuard snapshot release:

ed479fa (tag: 0.0.20171122) version: bump snapshot
efd9db0 chacha20poly1305: poly cleans up its own state
5700b61 poly1305-x86_64: unclobber %rbp
314c172 global: switch from timeval to timespec
9e4aa7a poly1305: import MIPS64 primitive from OpenSSL
7a5ce4e chacha20poly1305: import ARM primitives from OpenSSL
abad6ee chacha20poly1305: import x86_64 primitives from OpenSSL
6507a03 chacha20poly1305: add more test vectors, some of which are weird
6f136a3 compat: new kernels have netlink fixes
e4b3875 compat: stable finally backported fix
cc07250 qemu: use unprefixed strip when not cross-compiling
64f1a6d tools: tighten up strtoul parsing
c3a04fe device: uninitialize socket first in destruction
82e6e3b socket: only free socket after successful creation of new
df318d1 compat: fix compilation with PaX
d911cd9 curve25519-neon: compile in thumb mode
d355e57 compat: 3.16.50 got proper rt6_get_cookie
666ee61 qemu: update kernel
2420e18 allowedips: do not write out of bounds
185c324 selftest: allowedips: randomized test mutex update
3f6ed7e wg-quick: document localhost exception and v6 rule

Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agouboot-sunxi: fix build of HAOYU Electronics Marsboard A10
Hauke Mehrtens [Thu, 23 Nov 2017 20:25:46 +0000 (21:25 +0100)]
uboot-sunxi: fix build of HAOYU Electronics Marsboard A10

The uboot target is named MarsBoard_A10 and it was not build at all.
This fixes a build problem seen by the build bot.

Fixes: 6a3565985fde ("sunxi: Added profile for HAOYU Electronics Marsboard A10")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agosunxi: remove support for kernel 4.4
Hauke Mehrtens [Thu, 23 Nov 2017 18:17:11 +0000 (19:17 +0100)]
sunxi: remove support for kernel 4.4

Kernel 4.9 is working good on this target, remove support for kernel 4.4
now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agosunxi: backport sunxi-mmc controller driver from 4.13
Hauke Mehrtens [Sun, 1 Oct 2017 12:01:28 +0000 (14:01 +0200)]
sunxi: backport sunxi-mmc controller driver from 4.13

There are multiple problems on the A64 SoC with the older drivers which
are fixed in the upstream kernel.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agokernel: i2c-piix4: fix dependency on TARGET_x86
Hauke Mehrtens [Wed, 22 Nov 2017 21:31:28 +0000 (22:31 +0100)]
kernel: i2c-piix4: fix dependency on TARGET_x86

Fix the target dependency to make it possible to select this module also
on x86 target and its subtargets.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agokernel: e100: take e100 firmware from linux-firmware repository
Hauke Mehrtens [Sun, 12 Nov 2017 13:52:29 +0000 (14:52 +0100)]
kernel: e100: take e100 firmware from linux-firmware repository

The firmware directory in the Linux kernel was removed in kernel 4.14,
take the e100 firmware files now from the linux-firmware repository
instead. To do so create the new package e100-firmware. This will also
work with older kernel versions.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agokernel: add NFS4 client support
Marcin Jurkowski [Thu, 26 Oct 2017 22:46:22 +0000 (00:46 +0200)]
kernel: add NFS4 client support

Adds NFS4 client support:
 1. Package kmod-fs-nfs is split into kmod-fs-nfs (nfs.ko) and
    kmod-fs-nfs-v3 (nfsv3.ko).
 2. A new package kmod-fs-nfs-v4 (nfsv4.ko) is created.
 3. Package kmod-fs-nfs-common-v4 is renamed to kmod-fs-nfs-rpcsec
    and includes additional module rpcsec_gss_krb5.ko.
    CONFIG_NFS_V4 goes into kmod-fs-nfs-v4, CONFIG_NFSD_V4 (NFS4
    server) is removed. Missing kernel module oid_registry.ko
    needed by auth_rpcgss.ko is added to the package.

A new package kmod-crypto-cts needed by rpcsec_gss_krb5.ko is
also created.

Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
[add dependency to kmod-crypto-ecb in fs-nfs-common-rpcsec]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agokernel: Hyper-V PCI pass through
Lucian Cristian [Wed, 15 Nov 2017 13:44:33 +0000 (15:44 +0200)]
kernel: Hyper-V PCI pass through

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
6 years agokernel: add 32bit x86 HYPER-V support
Lucian Cristian [Wed, 15 Nov 2017 14:19:09 +0000 (16:19 +0200)]
kernel: add 32bit x86 HYPER-V support

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
[refresh config]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agokernel: add kmod-i2c-i801
Martin Schiller [Wed, 22 Nov 2017 12:48:23 +0000 (13:48 +0100)]
kernel: add kmod-i2c-i801

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Add i2c-smbus.ko and fix target dependency]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agokernel: add it87-wdt watchdog timer module
Martin Schiller [Wed, 22 Nov 2017 13:28:41 +0000 (14:28 +0100)]
kernel: add it87-wdt watchdog timer module

The module parameters "nogameport=1" and "nocir=1" are needed,
because this is not supported on recent chips and doesn't
really tell if the system is stable.

As this features will already be removed in linux-4.13 or newer,
this module parameters can be removed in the future.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
6 years agokernel: bump 4.9 to 4.9.63
Koen Vandeputte [Mon, 20 Nov 2017 09:51:09 +0000 (10:51 +0100)]
kernel: bump 4.9 to 4.9.63

Refreshed all patches.

Removed upstreamed parts.

Compile-tested: cns3xxx, imx6, mvebu, layerscape
Run-tested: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agolibusb-compat: Upgrade to 0.1.15
Rosen Penev [Wed, 22 Nov 2017 05:57:54 +0000 (21:57 -0800)]
libusb-compat: Upgrade to 0.1.15

Compile tested on ramips (mt7621)

Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agotools/e2fsprogs: Update to 1.43.7
Rosen Penev [Wed, 22 Nov 2017 05:57:53 +0000 (21:57 -0800)]
tools/e2fsprogs: Update to 1.43.7

Compile tested on Fedora 27.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agousbutils: Update usb.ids file to latest
Rosen Penev [Wed, 22 Nov 2017 05:57:52 +0000 (21:57 -0800)]
usbutils: Update usb.ids file to latest

Signed-off-by: Rosen Penev <rosenp@gmail.com>
6 years agowireless-regdb: fix PKG_MIRROR_HASH
Christian Lamparter [Sun, 19 Nov 2017 16:19:22 +0000 (17:19 +0100)]
wireless-regdb: fix PKG_MIRROR_HASH

make check complains about PKG_MIRROR_HASH of the wireless-regdb package:

WARNING: PKG_MIRROR_HASH does not match wireless-regdb-2017-10-20-4343d359.tar.xz
hash 5f5b669f32ae36cb65b1d99efbbbfd42c2983cda32f6448346e3e54ffaba3889

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
6 years agoacx-mac80211: fix build on kernel 4.9
Mathias Kresin [Sun, 19 Nov 2017 09:43:08 +0000 (10:43 +0100)]
acx-mac80211: fix build on kernel 4.9

The DEFINE_PCI_DEVICE_TABLE macro was removed with upstream commit
7e9321599011 ("treewide: remove references to the now unnecessary
DEFINE_PCI_DEVICE_TABLE").

Use the pci_device_id struct to fix the acx-mac80211 build failure on
ramips.

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoramips: use pinmux nodes from dtsi
Mathias Kresin [Sat, 18 Nov 2017 21:05:16 +0000 (22:05 +0100)]
ramips: use pinmux nodes from dtsi

Use the pinmux nodes from the included dtsi file instead of adding
duplicate nodes.

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoramips: add missing pinmuxes to SoC dtsi
Mathias Kresin [Sat, 18 Nov 2017 09:51:07 +0000 (10:51 +0100)]
ramips: add missing pinmuxes to SoC dtsi

Add pinmuxes defined by some board which are including the dtsi files
to the dtsi files itself. Allows to reduce duplication.

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoramips: backport MT7628 pinmux fixes
Mathias Kresin [Sat, 18 Nov 2017 20:07:45 +0000 (21:07 +0100)]
ramips: backport MT7628 pinmux fixes

According to the datasheet the REFCLK pin is shared with GPIO#37 and
the PERST pin is shared with GPIO#36.

While at it fix a typo inside the pinmux setup code. The function is called
refclk and not reclk.

Update device tree source files accordingly.

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoramips: fix Planex CS-QR10 device packages
Mathias Kresin [Sat, 18 Nov 2017 11:19:00 +0000 (12:19 +0100)]
ramips: fix Planex CS-QR10 device packages

Add kmod-sound-core, it is a dependency of kmod-sound-mt7620 and will
not be autoselected.

Remove kmod-i2c-core, it will be autoselected by kmod-i2c-ralink.

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoramips: fix DCH-M225 support
Mathias Kresin [Sat, 18 Nov 2017 10:59:22 +0000 (11:59 +0100)]
ramips: fix DCH-M225 support

Setting the pins of the UARTF group to GPIO+I2S at the time the I2C
driver loads is to late for the wps GPIO button.

The gpio-keys driver fails to load since the pin used by the wps button
is not yet set to GPIO. The wps button with the rfkill keycode is
essential for this wireless only board.

Add the missing sound and I2C kernel modules corresponding to the
device nodes.

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoodhcpd: fix gcc7 build error
Hans Dedecker [Tue, 21 Nov 2017 14:07:07 +0000 (15:07 +0100)]
odhcpd: fix gcc7 build error

0573422 ndp: add switch/case fallthrough comments

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agohostapd: remove unused local var declaration
Leon M. George [Mon, 20 Nov 2017 16:38:09 +0000 (17:38 +0100)]
hostapd: remove unused local var declaration

Signed-off-by: Leon M. George <leon@georgemail.eu>
6 years agohostapd: don't set htmode for wpa_supplicant
Leon M. George [Mon, 20 Nov 2017 16:36:55 +0000 (17:36 +0100)]
hostapd: don't set htmode for wpa_supplicant

no longer supported

Signed-off-by: Leon M. George <leon@georgemail.eu>
6 years agoodhcpd: update to latest git HEAD (make dhcpv4 support optional)
Hans Dedecker [Wed, 15 Nov 2017 14:42:47 +0000 (15:42 +0100)]
odhcpd: update to latest git HEAD (make dhcpv4 support optional)

fd80621 dhcpv4: make DHCPv4 support compiletime configurable
cf29925 treewide: rework handling of netlink events
24cdc1b treewide: add netlink file
5dfb716 treewide: align function naming

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agomac80211: fix a race condition that could lead to a use-after-free on a timer
Felix Fietkau [Mon, 20 Nov 2017 19:05:19 +0000 (20:05 +0100)]
mac80211: fix a race condition that could lead to a use-after-free on a timer

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agomac80211: fix netlink family id for nl80211 messages
Felix Fietkau [Mon, 20 Nov 2017 11:52:21 +0000 (12:52 +0100)]
mac80211: fix netlink family id for nl80211 messages

Fixes responses for nl80211 calls

Reported-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agokernel: fix lzo and lz4 modules
John Crispin [Wed, 15 Nov 2017 20:38:02 +0000 (21:38 +0100)]
kernel: fix lzo and lz4 modules

both of these have been split up and require additional ko files.

Signed-off-by: John Crispin <john@phrozen.org>
6 years agodnsmasq: load instance-specific conf-file if exists
Emerson Pinter [Wed, 15 Nov 2017 19:20:44 +0000 (17:20 -0200)]
dnsmasq: load instance-specific conf-file if exists

Without this change, the instance-specific conf-file is being added to procd_add_jail_mount,
but not used by dnsmasq.

Signed-off-by: Emerson Pinter <dev@pinter.com.br>
6 years agowolfssl: add PKG_CPE_ID ids to package and tools
Alexander Couzens [Sun, 19 Nov 2017 01:28:38 +0000 (02:28 +0100)]
wolfssl: add PKG_CPE_ID ids to package and tools

CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
6 years agoopenssl: Add optimization option
Daniel Engberg [Sat, 4 Nov 2017 19:45:30 +0000 (20:45 +0100)]
openssl: Add optimization option

Add option to optimize for speed instead of size

cmd: openssl speed md5 sha1 sha256 sha512 des des-ede3 aes-128-cbc \
aes-192-cbc aes-256-cbc rsa2048 dsa2048

=== Linksys WRT3200ACM ===

Default optimization:
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5              14111.49k    47147.75k   123375.02k   206937.09k   258828.97k
sha1             14495.71k    46763.99k   116679.94k   188115.29k   228294.66k
des cbc          22315.63k    23118.98k    23323.14k    23348.22k    23363.58k
des ede3          8085.97k     8217.26k     8255.74k     8266.41k     8273.92k
aes-128 cbc      48740.10k    52606.12k    54224.98k    56263.68k    54774.44k
aes-192 cbc      43410.83k    47325.31k    48994.05k    49377.96k    48532.14k
aes-256 cbc      39132.46k    42512.60k    43692.63k    43997.18k    44070.23k
sha256           19987.80k    47314.69k    86119.08k   109352.28k   119466.67k
sha512            8034.63k    32321.92k    47495.94k    65777.32k    74080.26k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.020387s 0.000528s     49.1   1892.2
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.005920s 0.006396s    168.9    156.3

Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT):
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5              14655.49k    48561.79k   126953.56k   210741.93k   262430.72k
sha1             14607.90k    47032.15k   117725.87k   188226.22k   228499.46k
des cbc          28041.11k    29586.84k    29939.80k    30047.91k    30067.37k
des ede3         10697.93k    10899.75k    10956.97k    10972.84k    10980.01k
aes-128 cbc      58852.70k    65956.07k    68675.67k    69388.29k    69607.42k
aes-192 cbc      50299.73k    56501.23k    58491.65k    59008.00k    59159.89k
aes-256 cbc      44684.38k    47944.36k    49098.67k    49573.89k    49463.30k
sha256           19673.53k    47248.58k    86775.04k   110053.72k   119382.02k
sha512            8029.67k    32033.02k    47440.04k    65740.12k    74072.06k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.019666s 0.000529s     50.8   1892.0
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.005882s 0.006450s    170.0    155.0

=== D-Link DIR-860L (B1) ===
Default optimization:
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5               3376.97k    11654.74k    32966.76k    60016.27k    80729.43k
sha1              2310.95k     6024.87k    11680.32k    15273.93k    16784.07k
des cbc           6787.21k     7014.36k     7072.49k     7088.73k     7092.48k
des ede3          2462.47k     2499.87k     2509.48k     2511.35k     2514.75k
aes-128 cbc      10014.28k    11018.87k    11308.99k    11381.03k    11406.20k
aes-192 cbc       8930.35k     9675.27k     9895.97k     9954.57k     9971.92k
aes-256 cbc       8022.81k     8624.03k     8799.60k     8843.14k     8856.07k
sha256            2546.33k     5542.19k     9326.99k    11249.03k    11969.57k
sha512             877.22k     3503.44k     4856.01k     6554.96k     7299.32k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.109348s 0.003132s      9.1    319.3
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.032745s 0.037212s     30.5     26.9

Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT):
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5               3660.39k    12401.37k    34501.23k    62438.83k    81786.64k
sha1              3500.20k    10730.70k    25056.19k    37715.86k    44253.13k
des cbc           7189.75k     7545.88k     7641.90k     7665.71k     7672.18k
des ede3          2690.64k     2734.33k     2745.24k     2748.13k     2748.81k
aes-128 cbc      11325.29k    12731.75k    13151.34k    13259.95k    13289.55k
aes-192 cbc       9932.36k    10997.65k    11309.84k    11389.53k    11408.92k
aes-256 cbc       8845.13k     9677.01k     9920.30k     9980.77k     9996.42k
sha256            3200.50k     7107.76k    12230.85k    14933.73k    15962.15k
sha512             879.12k     3510.79k     4956.45k     6711.45k     7484.39k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.085641s 0.002365s     11.7    422.9
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.023881s 0.026120s     41.9     38.3

-O3 is considered safe for OpenSSL
Ref: https://wiki.openssl.org/index.php/Compilation_and_Installation
Tested hardware: Linksys WRT3200ACM / D-Link DIR-860L (B1)

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
6 years agoixp4xx: Update to 4.9 kernel, refresh patches. Remove kmod-spi-gpio-old usage.
Ted Hess [Sat, 18 Nov 2017 13:21:38 +0000 (08:21 -0500)]
ixp4xx: Update to 4.9 kernel, refresh patches. Remove kmod-spi-gpio-old usage.

Signed-off-by: Ted Hess <thess@kitschensync.net>
6 years agonetifd: update to latest git HEAD
Hans Dedecker [Fri, 17 Nov 2017 20:50:27 +0000 (21:50 +0100)]
netifd: update to latest git HEAD

c92106e interface-ip: add missing IPv6 policy rule

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agobcm53xx: use otrx for creating TRX images
Rafał Miłecki [Fri, 17 Nov 2017 10:43:33 +0000 (11:43 +0100)]
bcm53xx: use otrx for creating TRX images

The advantage is that we don't have to specify max TRX size anymore and
otrx doesn't allocate a buffer of that size. It saves us allocating
32 MiB for every image we generate.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 years agofirmware-utils: add otrx tool for handling TRX images
Rafał Miłecki [Fri, 17 Nov 2017 10:42:59 +0000 (11:42 +0100)]
firmware-utils: add otrx tool for handling TRX images

It can be a replacement for the trx tool. The advantage is that otrx
doesn't alloc buffer for the whole TRX which can be a nice optimization
when creating big images.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>