openwrt/staging/981213.git
5 years agobase-files: add function to get mac as text from flash
Mathias Kresin [Sat, 11 Aug 2018 08:10:21 +0000 (10:10 +0200)]
base-files: add function to get mac as text from flash

Add a function to get a mac stored as text from flash. The octets of
the mac address need to be separated by any separator supported by
macaddr_canonicalize().

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from dfee452713e6b3c10aafc6174f8087a920b54402)

5 years agobase-files: use consistent coding style
Mathias Kresin [Sat, 11 Aug 2018 08:48:08 +0000 (10:48 +0200)]
base-files: use consistent coding style

Add the opening bracket right after the function name, to do it the
same way for all functions in this file.

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from ec28d2797c1bff4a3a97e54fee648cc56185839a)

5 years agobase-files: make wifi report unknown command
Thibaut VARÈNE [Thu, 9 Aug 2018 18:33:45 +0000 (20:33 +0200)]
base-files: make wifi report unknown command

Avoid having /sbin/wifi silently ignore unknown keywords and execute
"up"; instead display the help message and exit with an error.

Spell out the "up" keyword (which has users), add it to usage output,
and preserve the implicit assumption that runing /sbin/wifi without
argument performs "up".

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(backported from 78b5764fd8a3c133f0caf170238242b32a97105b)

5 years agoodhcp6c: apply IPv6/ND configuration earlier
Hans Dedecker [Thu, 9 Aug 2018 15:56:19 +0000 (17:56 +0200)]
odhcp6c: apply IPv6/ND configuration earlier

Apply IPv6/ND configuration before proto_send_update so that all config info
is available when netifd is handling the notify_proto ubus call.
In particular this fixes an issue when netifd is updating the downstream IPv6 mtu
as netifd was still using the not yet updated upstream IPv6 mtu to set the
downstream IPv6 mtu

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 2e02fdb3637c7a0320d230a3232d61e874c1e4d1)

5 years agoustream-ssl: update to latest git HEAD
Eneas U de Queiroz [Mon, 6 Aug 2018 18:19:20 +0000 (18:19 +0000)]
ustream-ssl: update to latest git HEAD

23a3f28 openssl, wolfssl: match mbedTLS ciphersuite list
450ada0 ustream-ssl: Revised security on mbedtls
34b0b80 ustream-ssl: add openssl-1.1.0 compatibility

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(backported from 33fd1d0d91fe6f0bb639a6fad0f681ba651f8254)

5 years agoimagebuilder: manifest function show stderr
Paul Spooren [Sun, 5 Aug 2018 03:17:29 +0000 (12:17 +0900)]
imagebuilder: manifest function show stderr

This really simplifies debugging, if a package is not found or a feed is
not reachable, a proper stderr is printed. Currently it would only say
`_call_manifest` failed.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(backported from ad5c2897ec054b80549e526ef639dd75548d4747)

5 years agoscripts: time.pl: avoid hard Time::HiRes dependency
Jo-Philipp Wich [Sun, 5 Aug 2018 10:24:01 +0000 (12:24 +0200)]
scripts: time.pl: avoid hard Time::HiRes dependency

Use Time::HiRes when available and fallback to raw syscall interface
when not. If that fails too, simply report 0, 0 as real time.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from a692e4e3de60e1a10906511fb8ef2d14937d4a19)

5 years agobuild: remove GNU time dependency
Jo-Philipp Wich [Sat, 4 Aug 2018 22:06:27 +0000 (00:06 +0200)]
build: remove GNU time dependency

Replace the GNU time program invocation with a simple Perl script reporting
the timing values. Since we require Perl anyway for the build system, we can
as well use that instead of requiring a random GNU utility rarely installed
by default.

Fixes: ff6e62b288 ("build: log time taken by each packages/steps")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from d3ddf6631e491a831617a5ae8b3d7924e47a275a)

5 years agoiwinfo: update to latest Git HEAD
Jo-Philipp Wich [Tue, 31 Jul 2018 18:39:13 +0000 (20:39 +0200)]
iwinfo: update to latest Git HEAD

a514139 build: compile with -ffunction-sections, -fdata-sections and LTO
3c30b17 wl: only invoke nvram executable if it exists
65b8333 Revert "build: compile with -ffunction-sections, -fdata-sections and LTO"

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from fdd6c556ab42d040efcc92a53149e3f8ec357f69)

5 years agowolfssl: disable broken shipped Job server macro
Jo-Philipp Wich [Thu, 23 Aug 2018 18:03:29 +0000 (20:03 +0200)]
wolfssl: disable broken shipped Job server macro

The AX_AM_JOBSERVER macro shipped with m4/ax_am_jobserver.m4 is broken on
plain POSIX shells due to the use of `let`.

Shells lacking `let` will fail to run the generated m4sh code and end up
invoking "make" with "-jyes" as argument, fialing the build.

Since there is no reason in the first place for some random package to
muck with the make job server settings and since we do not want it to
randomly override "-j" either, simply remove references to this defunct
macro to let the build succeed on platforms which not happen to use bash
as default shell.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from a27de701b0250b06302350d25dc514e1b488dc59)

5 years agowolfssl: remove myself as maintainer
Alexandru Ardelean [Mon, 30 Jul 2018 14:03:18 +0000 (17:03 +0300)]
wolfssl: remove myself as maintainer

I no longer have the time, nor the desire to maintain this package.
Remove myself as maintainer.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(backported from 20346a63f69bbb919ffdf29bc2e77496d01719e3)

5 years agoopenvpn-easy-rsa: update to 3.0.4
Luiz Angelo Daros de Luca [Tue, 27 Mar 2018 05:42:06 +0000 (02:42 -0300)]
openvpn-easy-rsa: update to 3.0.4

Upstream renamed openssl-1.0.cnf to openssl-easyrsa.cnf.
However, pkg kept using openssl-1.0.cnf.

Upstream easyrsa searchs for vars, openssl-*, x509-types in the
same directory as easyrsa script. This was patched to revert
back to static /etc/easy-rsa/ directory (as does OpenSUSE).
EASYRSA_PKI still depends on $PWD.

Move easyrsa from /usr/sbin to /usr/bin as root is not needed.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(backported from f1bef0596fd2a983386c778a94486782bd272e27)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agokernel: package x86-optimized crypto-misc modules
Daniel Gimpelevich [Sun, 21 Jan 2018 21:00:12 +0000 (13:00 -0800)]
kernel: package x86-optimized crypto-misc modules

Some of the modules in the crypto-misc package have alternate
implementations optimized for different x86 instruction set extensions,
but only one of these was built for this package until now: twofish-i586.ko

Tested with insmod, on both x86 and x86_64. The modules now have an
autoload, which they previous didn't, loading the dependencies in the
correct order.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
(backported from c762817c9211f439c5da6ea30b6ed828c9861c4f)

5 years agobase-files: do not add relevant sections & options except when ipv6 is support in...
Rosy Song [Sat, 4 Aug 2018 11:01:18 +0000 (19:01 +0800)]
base-files: do not add relevant sections & options except when ipv6 is support in kernel

Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 2b637e5ab8ae24ff4176930f259dce195983d7ea)

5 years agobase-files: sysupgrade: abort if config backup fails
Andreas Ziegler [Fri, 3 Aug 2018 23:56:39 +0000 (01:56 +0200)]
base-files: sysupgrade: abort if config backup fails

Sysupgrade shouldn't proceed, if the backup of the configuration
fails because tar (or gzip) exit with a non-zero code.

Signed-off-by: Andreas Ziegler <dev@andreas-ziegler.de>
(backported from 72489ebeb65fd1e1d77e8d9fbe105827a98dbf03)

5 years agobase-files: fix HOME_URL replace
Chen Minqiang [Thu, 2 Aug 2018 01:10:15 +0000 (09:10 +0800)]
base-files: fix HOME_URL replace

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
(backported from 33bce21bb0f3def5a2516384a8ae16f88b9b193e)

5 years agoinclude: add netdev family support for nftables
Rosy Song [Wed, 18 Jul 2018 07:42:56 +0000 (15:42 +0800)]
include: add netdev family support for nftables

Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from b4d4e4ceb56825033dd4c8e401e9250ae5042a99)

5 years agoncurses: install lib on host build
Andy Walsh [Thu, 26 Jul 2018 08:34:33 +0000 (10:34 +0200)]
ncurses: install lib on host build

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(backported from 1639ebcb061abb3664e0b80f62f0019e37fda68e)

5 years agoigmpproxy: drop SSDP packets
Dmitry Tunin [Sat, 28 Jul 2018 14:48:42 +0000 (17:48 +0300)]
igmpproxy: drop SSDP packets

It is insecure to let this type of packets inside
They can e.g. open ports on some other routers with UPnP, etc

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
(backported from c128371124ce4d197a5fbc00e42b58e9d82c571e)

5 years agoinclude/verbose.mk: Add sc to failure message
Daniel Engberg [Tue, 24 Jul 2018 09:09:17 +0000 (11:09 +0200)]
include/verbose.mk: Add sc to failure message

Add sc to build error message

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(backported from 0aaa65075508035bdf6c8fc8fa9a79b94dc5eadc)

5 years agoigmpproxy: add a silent logging option
Dmitry Tunin [Sat, 28 Jul 2018 14:06:28 +0000 (17:06 +0300)]
igmpproxy: add a silent logging option

[0-3](none, minimal[default], more, maximum)

It is not 100% backward compatible, because now 0 disables logging

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
(backported from 7a6b2badfa56cfd833d64f113398198f71fd896e)

5 years agobcm53xx: exit if writing kernel during sysupgrade fails
Rafał Miłecki [Mon, 18 Jun 2018 11:46:04 +0000 (13:46 +0200)]
bcm53xx: exit if writing kernel during sysupgrade fails

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(backported from 93cc44c433fed754bd76f8016a1660a6b932361e)

5 years agobrcm2708: Update brcm2708-gpu-fw package
Christo Nedev [Fri, 1 Jun 2018 14:23:21 +0000 (14:23 +0000)]
brcm2708: Update brcm2708-gpu-fw package

Problem - rapsberry pi 3 b/b+ does not boot with bcm2710 images!

How Raspberry Pi boots Actualy?

When Raspberry is switched on GPU is activated.
1. GPU execute First stage bootloader from ROM.
First stage bootloader mount the FAT boot partition on the SD card
and execute second stage bootloader (bootcode.bin).
2. Second stage bootloader (bootcode.bin) activate SDRAM.
Load the GPU firmware (start.elf).
3. GPU firmware (start.elf)
  a) display Rainbow splash.
  b) read firmware configuration file config.txt and
     split the RAM using fixup.dat.
  c) loads a cmdline.txt
  d) enables the CPU.
  e) loads the kernel image configurable via config.txt

In your target/linux/brcm2708/image/config.txt
 493 ## kernel (string)
 494 ##     Alternative name to use when loading kernel.
 495 ##
 496 #kernel=""
it is not configured!

But in your target/linux/brcm2708/image/Makefile
  75   KERNEL_IMG := kernel8.img
  76   DEVICE_TITLE := Raspberry Pi 3B/3B+
you have kernel8.img

GPU Firmware search order by default for a PI 3 is:
kernel8.img if found boot in 64 bit mode
kernel8-32.img if found boot in 32 bit mode
kernel7.img if found boot in 32 bit mode
kernel.img if found boot in 32 bit mode

But a PI 2 will start the search from kernel7.img and
a PI 1 only looks for kernel.img.

Оbviously the kernel has been found.
But something goes wrong and the device is restarted.

In your package/kernel/brcm2708-gpu-fw/Makefile
  11 PKG_NAME:=brcm2708-gpu-fw
  12 PKG_VERSION:=2017-08-08
  13 PKG_RELEASE:=e7ba7ab135f5a68b2c00a919ea9ac8d5528a5d5b
boot loader is 10 monts old.

In conclusion, the best way to solve the problem is
to update the boot loader!

Fixup_cd.dat and start_cd.elf files are not necessary.
These are used when GPU memory is set to 16 MB, which disables
some GPU features.
I did not remove them just in case!

cheers

Signed-off-by: Christo Nedev <christo.nedev@gmail.com>
(backported from c335649629e641209a3539209defffeea090ad8f)

5 years agokernel: don't auto attach ubi on read error
Mathias Kresin [Sun, 8 Jul 2018 21:18:15 +0000 (23:18 +0200)]
kernel: don't auto attach ubi on read error

With a10a204aab26cc ("kernel: make ubi auto-attach check for a tar file
magic") the check for the magic was added without considering a failing
mtd_read(). If the read fails, no check is done and the mount code is
called straight away.

Failing with an error message for such cases seems to me the cleaner way,
as it would allow to spot hidden/workaround issues.

Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from 3716b5e4e6374883c80e61021923733b14cdb011)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agokernel: handle bad blocks in ubi auto attach code
Mathias Kresin [Sat, 7 Jul 2018 23:47:28 +0000 (01:47 +0200)]
kernel: handle bad blocks in ubi auto attach code

The first block(s) of the ubi mtd device might be bad. We need to take
care on our own to skip the bad block(s) and read the next one(s).

Don't treat recoverable read errors as fatal and check for the UBI magic
if the data of a block could be recovered using ECC or similar.

Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from 0ac91d82ed4d077150db902eb12d383c2be44fb2)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agokernel: improve ubi auto attach code readability
Mathias Kresin [Sat, 7 Jul 2018 23:38:08 +0000 (01:38 +0200)]
kernel: improve ubi auto attach code readability

Move the put_mtd_device() called on multiple error conditions to a goto
label to use it later for more error conditions.

The early return on failed open of the mtd device and mismatching mtd
type allows to get rid of one level of indentation. By jumping to the
cleanup code, a refcount bug is fixed for the wrong flash type condition.

While at it, make clear that we only check for the UBI magic if the read
from flash was successful.

Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from fdf6760cda15b2710287c66c9969a3ed527793d8)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agobuild: do not override CCACHE_DIR when ccache is disabled
Jo-Philipp Wich [Tue, 24 Jul 2018 13:23:05 +0000 (15:23 +0200)]
build: do not override CCACHE_DIR when ccache is disabled

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from 991c7a4f69976f72bcee3f76d6917b224da45ea1)

5 years agobuild: prereq-build.mk: fix gcc/g++ SetupHostCommand invocation
Jo-Philipp Wich [Tue, 24 Jul 2018 11:36:28 +0000 (13:36 +0200)]
build: prereq-build.mk: fix gcc/g++ SetupHostCommand invocation

A missing comma caused the first command option to be considered part of
the error message.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from a6f4c7bce8c62d2dded5c8c12f7f118e2a6c9ee5)

5 years agohostapd: remove unused struct hostapd_ubus_iface
Felix Fietkau [Thu, 19 Jul 2018 15:13:25 +0000 (17:13 +0200)]
hostapd: remove unused struct hostapd_ubus_iface

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from f0ac9afe695ed297caf093f02144b2adf04bca87)

5 years agobase-files: fix wrong sysctl parameter order
Luiz Angelo Daros de Luca [Tue, 17 Jul 2018 22:41:09 +0000 (19:41 -0300)]
base-files: fix wrong sysctl parameter order

Restarting service sysctl echos multiple errors like:

  sysctl: -e: No such file or directory

After the first filename, all remaining arguments are treated
as files.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(backported from 4c4288728611d334efb777b74e737e1f98e0dc1b)

5 years agohostapd: fix conflicts hell
Mathias Kresin [Wed, 11 Jul 2018 20:13:36 +0000 (22:13 +0200)]
hostapd: fix conflicts hell

Add each variant to the matching PROVIDERS variables after evaluating
the respective hostapd*, wpad* and wpa* variant.

Each package providing the same feature will automatically conflict with
all prior packages providing the same feature.

This way we can handle the conflicts automatically without introducing
recursive dependencies.

Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from 3838b16943c6021e3ff06d5733df890408ad7158)

5 years agohostapd: cleanup package definition
Mathias Kresin [Tue, 10 Jul 2018 19:17:33 +0000 (21:17 +0200)]
hostapd: cleanup package definition

Move common variables and/or values to the package (variant) default.
Add additional values in variant packages if necessary. Remove further
duplicates by introducing new templates.

Remove the ANY_[HOSTAPD|SUPPLICANT_PROVIDERS]_PROVIDERS. The are the
same as the variables without the any prefix. No need to maintain both
variables.

Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from 8af8ceb1c8558a6f25c50cb68b87a3a3425f3417)

5 years agoopenvpn: increase procd termination timeout to 15s
Jo-Philipp Wich [Tue, 17 Jul 2018 14:01:46 +0000 (16:01 +0200)]
openvpn: increase procd termination timeout to 15s

Increase the termination timeout to 15s to let OpenVPN properly tear down
its connections, especially when weak links or complex down scripts are
involved.

Fixes FS#859.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from 28d3a1b54b6726a0a93477d75d09a25f74ee361f)

5 years agolibrpc: add host build to install h files needed for nfs-kernel-server to get compiled
Peter Wagner [Tue, 3 Jul 2018 06:54:41 +0000 (08:54 +0200)]
librpc: add host build to install h files needed for nfs-kernel-server to get compiled

Signed-off-by: Peter Wagner <tripolar@gmx.at>
(backported from d8d2133c35c9c9b410e16cdebe878acd0da6382f)

5 years agoverbose.mk: quote SUBMAKE options
李国 [Fri, 6 Jul 2018 10:03:40 +0000 (18:03 +0800)]
verbose.mk: quote SUBMAKE options

build openwrt on centos 6 I should use devtoolset-3 to get gcc 4.9, but
it fail when make menuconfig. so I have to give option HOSTCC='gcc
-Wl,--copy-dt-needed-entries' to make. But it passed to sub make to
HOSTCC=gcc as micro SUBMAKE expand to HOSTCC=gcc
-Wl,--copy-dt-needed-entries. This patch fix this issue.

make -C build menuconfig HOSTCC='gcc -Wl,--copy-dt-needed-entries' V='1'
make: Entering directory `/work/openwrt/openwrt/build'
/opt/rh/devtoolset-3/root/usr/libexec/gcc/x86_64-redhat-linux/4.9.2/ld:
lxdialog/checklist.o: undefined reference to symbol 'acs_map'
//lib64/libtinfo.so.5: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
make[1]: *** [mconf] Error 1
make -s -C scripts/config all CC=gcc -Wl,--copy-dt-needed-entries: build
failed. Please re-run make with -j1 V=s to see what's going on
make: *** [scripts/config/mconf] Error 1
make: Leaving directory `/work/openwrt/openwrt/build'

Signed-off-by: 李国 <uxgood.org@gmail.com>
(backported from 671999157d6cd0b629304f86beec7d71fc998b09)

5 years agokernel: replace bridge port isolate hack with upstream patch backport on 4.14
Felix Fietkau [Wed, 4 Jul 2018 18:14:08 +0000 (20:14 +0200)]
kernel: replace bridge port isolate hack with upstream patch backport on 4.14

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from 21ee8ce9b52f8ae4a6babf4032f71e2d4d56392b)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agokernel: adjust bridge port isolate patch to match upstream attribute naming
Felix Fietkau [Wed, 4 Jul 2018 17:49:32 +0000 (19:49 +0200)]
kernel: adjust bridge port isolate patch to match upstream attribute naming

Newer kernels have a patch that implements compatible functionality
directly. Adjust the attribute of our own patch in preparation for
dropping it later

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from 41a1c1af4bbf18cb5f3a4dfd1fb988317da9aa2d)

5 years agotools/ccache: update to 3.4.2
Hannu Nyman [Fri, 6 Jul 2018 13:45:06 +0000 (16:45 +0300)]
tools/ccache: update to 3.4.2

update version and refresh patch

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(backported from 7ec931b7f01e8e9dc6463069237097950761996a)

5 years agotools/cmake: update to 3.11.4
Hannu Nyman [Fri, 6 Jul 2018 13:46:33 +0000 (16:46 +0300)]
tools/cmake: update to 3.11.4

Update cmake and refresh patches.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(backported from 55fa8068c4eb1f6213ca115655067e635da3e637)

5 years agofixup-makefile.pl: fixup when PKG_SOURCE is defined elsewhere
Yousong Zhou [Tue, 3 Jul 2018 07:37:49 +0000 (15:37 +0800)]
fixup-makefile.pl: fixup when PKG_SOURCE is defined elsewhere

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(backported from eb6759cc786b9a5fe1425364fc54212a425ff0be)

5 years agobuild: ASLR hardening use $(FPIC)
Kevin Darbyshire-Bryant [Sat, 9 Jun 2018 08:11:24 +0000 (09:11 +0100)]
build: ASLR hardening use $(FPIC)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from 89b59994eb44b5cd2fac594144c20c63fd05ef25)

5 years agotoolchain: gdb: enable TUI
Kevin Darbyshire-Bryant [Mon, 4 Sep 2017 19:20:12 +0000 (20:20 +0100)]
toolchain: gdb: enable TUI

The GDB Text User Interface (TUI) is a terminal interface
which uses the curses library to show the source file,
the assembly output, the program registers and GDB
commands in separate text windows.

In other words it's a friendlier interface for idiots like me!

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from 900d86766b2a2122ea435d98aa50dc72d5dadf93)

5 years agoebtables: update to latest git 2018-06-27
Hans Dedecker [Mon, 2 Jul 2018 15:31:03 +0000 (17:31 +0200)]
ebtables: update to latest git 2018-06-27

48cff25 build: drop install -o/-g root
53d7e7a extensions: ebt_string: take action if snprintf discards data

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from afac2a2dd67502ef8bd9799f328fa2e3b39292b1)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agoramips: fix wizfi630a swapped lan/wan port
Lev [Tue, 26 Jun 2018 22:50:11 +0000 (00:50 +0200)]
ramips: fix wizfi630a swapped lan/wan port

The order of the Ethernet ports were mixed up.
This commit fixes the order to be aligned with the physical layout.

Signed-off-by: Lev <leventelist@gmail.com>
(backported from 3d6f57f3c6dabfe3911ffb1f1a2afbe3ff41c3fd)

5 years agousbutils: Switch to Fedora usbutils
Rosen Penev [Sat, 30 Jun 2018 19:25:12 +0000 (12:25 -0700)]
usbutils: Switch to Fedora usbutils

The Gentoo GitHub mirror went down. One benefit of Fedora's usb.ids file
is that it's versioned.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from f23271f3b4f54d1e5ddf7b85786f9a30f38409ad)

5 years agosamba36: Disable external libtdb and libtevent
Rosen Penev [Sun, 1 Jul 2018 00:02:52 +0000 (17:02 -0700)]
samba36: Disable external libtdb and libtevent

This was causing issues recently as samba36 is not API compatible with the
libtdb in the packages repo. It shouldn't be using it anyway. Nor tevent.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from 1f2612a4ddbb83af0c6daf3719ab74c3b7db6590)

5 years agoswconfig: swlib_map_settings(): change return type to void
Alexander Couzens [Fri, 29 Jun 2018 03:36:06 +0000 (05:36 +0200)]
swconfig: swlib_map_settings(): change return type to void

The return value of the function isn't used anywhere.
Fixes missing return value, CID 1329717.

Found-by: Coverity
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(backported from b06c447c5f66fd13078327bda3d885d48e2c0e42)

5 years agoswconfig: fix un-initialized return value
Alexander Couzens [Fri, 29 Jun 2018 03:27:16 +0000 (05:27 +0200)]
swconfig: fix un-initialized return value

Fix CID 1330844

Found-by: Coverity
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(backported from e37ad4e5ca2e70387656da81704ee4d4589c6d70)

5 years agobuild: include package directory in sha256sums when running on buildbot
Jo-Philipp Wich [Wed, 27 Jun 2018 16:51:25 +0000 (18:51 +0200)]
build: include package directory in sha256sums when running on buildbot

In order to be able to better compare files to sync in the future, include
all BIN_DIR subdirectories in the checksum calculation.

To not break existing applications, restrict the recursive checksumming to
CONFIG_BUILDBOT for now.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from 681e825f8fbf59a32c3b09810b2a3fef29880c63)

5 years agobase-files: add menuconfig option for HOME_URL
Mathias Kresin [Thu, 2 Nov 2017 07:21:57 +0000 (08:21 +0100)]
base-files: add menuconfig option for HOME_URL

Add a menuconfig option to set the HOME_URL exposed in
/usr/lib/os-release independent from the
LEDE_DEVICE_MANUFACTURER_URL.

Fixes: FS#1123
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from 52a9edb1bfaf51c250a33303beacba95dd1dbc05)

5 years agonetfilter: add bpf match support
Alin Nastac [Mon, 25 Jun 2018 08:22:21 +0000 (10:22 +0200)]
netfilter: add bpf match support

Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter.

Match using Linux Socket Filter. Expects a BPF program in decimal
format. This is the format generated by the nfbpf_compile utility.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
(backported from ab07ae2f27dd920cb7ba186d9f7ad2ccb1c980c4)

5 years agodropbear: let opkg manage symlinks of ssh, scp
Yousong Zhou [Mon, 25 Jun 2018 05:16:09 +0000 (13:16 +0800)]
dropbear: let opkg manage symlinks of ssh, scp

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(backported from c4aadbdaf69bad3fbb3ef54601a3629ba24a6e9b)

5 years agobusybox: udhcpc: replace udhcpc_no_msg_dontroute patch by upstream fix
Hans Dedecker [Thu, 21 Jun 2018 20:26:18 +0000 (22:26 +0200)]
busybox: udhcpc: replace udhcpc_no_msg_dontroute patch by upstream fix

Replace 204-udhcpc_no_msg_dontroute patch by the upstream busybox fix
which removes the code which requires the server ID to be on local
network

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from c6e50075f245b076b57f3f87b5401764a2e11b92)

5 years agobusybox: update to 1.28.4
Magnus Kroken [Sun, 17 Jun 2018 14:16:39 +0000 (16:16 +0200)]
busybox: update to 1.28.4

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(backported from ccc728a0e2a7c9717d3d1bcc59f0462e9dbed01e)

5 years agonftables: bump to version 0.9.0
Rosy Song [Tue, 12 Jun 2018 07:49:50 +0000 (15:49 +0800)]
nftables: bump to version 0.9.0

Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 1ee98fdef3d6d71c1b0b3b120a9e24ac4b93c94f)

5 years agolibnftnl: bump to version 1.1.1
Rosy Song [Tue, 12 Jun 2018 07:49:32 +0000 (15:49 +0800)]
libnftnl: bump to version 1.1.1

Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 9d6a0352e7af9aef95f4d983e39516b76e7fc8ba)

5 years agobase-files: exit if mtd write command fails during sysupgrade
Rafał Miłecki [Mon, 11 Jun 2018 10:52:42 +0000 (12:52 +0200)]
base-files: exit if mtd write command fails during sysupgrade

It avoids confusing situations like:
> Could not get image magic
> Image check failed.
> Upgrade completed
> Rebooting system...

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(backported from 5b2e20807d2b38de1cc4185d15bb4320b8bd743a)

5 years agoramips: mt7621: fix mtu setting with kernel 4.14
Mathias Kresin [Sun, 18 Feb 2018 21:48:44 +0000 (22:48 +0100)]
ramips: mt7621: fix mtu setting with kernel 4.14

Since kernel 4.10 commit 61e84623ace3 ("net: centralize net_device
min/max MTU checking"), the range of mtu is [min_mtu, max_mtu], which
is [68, 1500] by default.

It's necessary to set a max_mtu if a mtu > 1500 is supported.

Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from 5da2c68d001ee44b15a58639ed03a0ebb6f68020)

5 years agokernel: avoid flow offload for connections with xfrm on the dst entry (should fix...
Felix Fietkau [Sun, 8 Apr 2018 17:19:58 +0000 (19:19 +0200)]
kernel: avoid flow offload for connections with xfrm on the dst entry (should fix IPSec)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from b560c1748a4edf0d02046e5a988cc0caf1f4f987)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agohostapd: make cli treat UNKNOWN COMMAND as failing
Denton Gentry [Wed, 30 May 2018 15:05:42 +0000 (15:05 +0000)]
hostapd: make cli treat UNKNOWN COMMAND as failing

Avoid infinite loop at 100% CPU when running hostapd_cli
if CONFIG_CTRL_IFACE_MIB is not defined.

  _newselect(4, [3], NULL, NULL, ...)
  recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16
  sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24

Signed-off-by: Denton Gentry <denny@geekhold.com>
(backported from a84962ea35e4e97f1c4a42f2eac0242cc2cbd879)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agoramips: fix reboot with W25Q256 with 4-address-mode enabled
Daniel Golle [Wed, 6 Jun 2018 23:51:58 +0000 (01:51 +0200)]
ramips: fix reboot with W25Q256 with 4-address-mode enabled

Some board vendors actually changed the loader to expect the chip
to come up in 4-address-mode and flipped the ADP bit in the flash
chip's configuration register which makes it come up in 4-address-mode.
Hence it doesn't make sense to avoid switching to 4-address-mode on
those boards but the opposite as otherwise reboot hangs eg. on the
WrtNode2 boards. Fix this by checking the ADP register and only using
SPI_NOR_4B_READ_OP on chips which have ADP==0 (come up in 3-byte mode).

See also datasheet section 7.1.11 Power Up Address Mode (ADP)

Fixes: 22d982ea0 ("ramips: add support for switching between 3-byte and 4-byte addressing on w25q256 flash")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 8796680277f4b231386fbc6e8a1ccae91d9fcbe8)

5 years agoebtables: update to latest git 2018-06-06
Hans Dedecker [Wed, 6 Jun 2018 20:30:57 +0000 (22:30 +0200)]
ebtables: update to latest git 2018-06-06

5699354 extensions: fix build failure on fc28
e6359ee build: update ebtables.h from kernel and drop local unused copy

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 1bbe813db0bb8dc65b8ed7740cf7f35a81b8ba0e)

5 years agoscripts: Replace obsolete POSIX tmpnam in slugimage.pl with File::Temp function
Ted Hess [Tue, 5 Jun 2018 14:05:35 +0000 (10:05 -0400)]
scripts: Replace obsolete POSIX tmpnam in slugimage.pl with File::Temp function

Signed-off-by: Ted Hess <thess@kitschensync.net>
(backported from 7590c3c58f5e9d580c86da10473d1d29a2f081c9)

5 years agonetifd: drop conflicting 'device' interface property
Ivan Shapovalov [Sun, 13 May 2018 21:05:43 +0000 (00:05 +0300)]
netifd: drop conflicting 'device' interface property

Do not set device runtime property on interfaces in the hotplug handler
and in fixup_interfaces(). This property conflicts with device option
in several proto handlers (mainly QMI and other WWAN/3G protos) and does
not seem to be used anywhere.

Signed-off-by: Ivan Shapovalov <intelfx@intelfx.name>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(backported from 91b5b2e20d531584918c62a6c6cd046f0580f50a)

5 years agonettle: bump to 3.4
Kevin Darbyshire-Bryant [Wed, 30 May 2018 08:46:34 +0000 (08:46 +0000)]
nettle: bump to 3.4

3.4 is mainly a bug fix/maintenance release.

3KB increase in ipk lib size on mips.

Compile tested for: ar71xx, ramips
Run tested on: ar71xx Archer C7 v2, ramips mir3g

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from 1ee5051f202f600d854bcf939ba4ee37f057ace2)

5 years agoca-certificates: ca-bundle: add symlink for openssl default setting
Yousong Zhou [Thu, 5 Jul 2018 10:51:54 +0000 (18:51 +0800)]
ca-certificates: ca-bundle: add symlink for openssl default setting

OpenSSL defaults X509_CERT_FILE to /etc/ssl/cert.pem.  This change is
needed for wget-ssl and possibly others to work seamlessly with fresh
ca-bundle installation

Fixes openwrt/packages#6152

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(backported from 191078e83d127f5ed9a38366d2edaac49f9333c5)

5 years agocurl: Add ca-bundle dependency
Rosen Penev [Sun, 27 May 2018 22:13:48 +0000 (15:13 -0700)]
curl: Add ca-bundle dependency

While building, curl complains that the path specified is missing.
Also, without ca-bundle, something like 'curl https://www.google.com'
does not work due to a certificate verify error.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from 7a20c7a05d52f9bb3c82742098457bfbed869a8a)

5 years agocurl: Use ca-bundle for all TLS libraries.
Rosen Penev [Sun, 27 May 2018 22:13:47 +0000 (15:13 -0700)]
curl: Use ca-bundle for all TLS libraries.

It simplifies the Makefile a bit. In addition, using ca-bundle
saves some space as well.

It also fixes an issue with at least transmission, which has a dependency
on ca-bundle, but currently libcurl with OpenSSL or GnuTLS cause it not
to work.

This has been tested on mt7621 with OpenSSL and GnuTLS just by running
'curl https://www.google.com' and seeing if there's a verify error.
The rest are already using ca-bundle and therefore work fine.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from f97946c49680a5fe713d0e2caaf072789f70e68d)

5 years agoath10k-firmware: Fix QCA6174 support
Rosen Penev [Fri, 25 May 2018 03:47:46 +0000 (20:47 -0700)]
ath10k-firmware: Fix QCA6174 support

Currently when installing the firmware, a bunch of files and directories
that the ath10k driver does not look for are created.

The package now installs firmware for both hw 2.1 and 3.0 devices.
2.1 is abandonware but may be useful to keep.

3.0 firmware was tested on a Killer 1535 to be relatively stable with
802.11w disabled. 802.11w causes multiple firmware crashes but that's true
of other ath10k firmwares as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported and squashed from
 27eab4fa578d696ab55b6264a1b35fad6488b664,
 d0fbe1956b3b9f07b6dcb54a8ed43a4904581e1d,
 e191c7ee797c8b3458eb9791212a56b16febeeb4)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agohostapd: properly build hostapd-only SSL variants
Daniel Golle [Thu, 31 May 2018 13:18:12 +0000 (15:18 +0200)]
hostapd: properly build hostapd-only SSL variants

Make sure hostapd-openssl is actually build against OpenSSL, same
for wolfSSL.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 987900f2de76e6d292e55aa068c39b03f79c8812)

5 years agohostapd: update packaging and patches
Daniel Golle [Wed, 30 May 2018 22:10:49 +0000 (00:10 +0200)]
hostapd: update packaging and patches

Clean up conflicts/provides/depends hell and add PROVIDES for
eapol-test variants while at it.
Update mesh-DFS patchset from Peter Oh to v5 (with local fixes) which
allows to drop two revert-patches for upstream commits which previously
were necessary to un-break mesh-DFS support.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 78f1974bc565d7544589a49ad8efd92c4ddec5b3)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agohostapd: convert ssl provider build options to variants
Daniel Golle [Fri, 25 May 2018 13:59:41 +0000 (15:59 +0200)]
hostapd: convert ssl provider build options to variants

Instead of selecting the SSL provider at compile time, build package
variants for each option so users can select the binary package without
having to build it themselves.
Most likely not all variants have actually ever been user by anyone.
We should reduce the selection to the reasonable and most used
combinations at some point in future. For now, build them all.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from c8fdd0e9c843dd483f6677dc41f7df17313aa3cd)

5 years agohostapd: update to git HEAD of 2018-05-21, allow build against wolfssl
Daniel Golle [Sat, 28 Apr 2018 19:12:19 +0000 (21:12 +0200)]
hostapd: update to git HEAD of 2018-05-21, allow build against wolfssl

Support for building wpa_supplicant/hostapd against wolfssl has been
added upstream recently, add build option to allow users using it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 69f544937f8498e856690f9809a016f0d7f5f68b)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agoustream-ssl: fix build against wolfSSL
Daniel Golle [Thu, 24 May 2018 16:51:44 +0000 (18:51 +0200)]
ustream-ssl: fix build against wolfSSL

commit 39a6ce205d (ustream-ssl: Enable ECDHE with OpenSSL.) broke
build against wolfSSL because wolfSSL doesn't (yet) support
SSL_CTX_set_ecdh_auto() of the OpenSSL API.

Fix this in ustream-ssl:

 189cd38b41 don't use SSL_CTX_set_ecdh_auto with wolfSSL

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 4f442f5f383837efcfb345033169178f74f63440)

5 years agowolfssl: change defaults to cover wpa_supplicant needs
Daniel Golle [Wed, 30 May 2018 22:34:15 +0000 (00:34 +0200)]
wolfssl: change defaults to cover wpa_supplicant needs

Implicetely selecting the required options via Kconfig snippet from
hostapd worked fine in local builds when using menuconfig but confused
the buildbots which (in phase1) may build wpad-mini and hence already
come with CONFIG_WPA_WOLFSSL being defined as unset which then won't
trigger changing the defaults of wolfssl.

Work around by explicitely reflecting wpa_supplicant's needs in
wolfssl's default settings to make buildbots happy.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from dad39249fb91d6f320256ac12944863f09bb2dc9)

5 years agowolfssl: add PKG_CONFIG_DEPENDS symbols
Daniel Golle [Fri, 25 May 2018 18:35:46 +0000 (20:35 +0200)]
wolfssl: add PKG_CONFIG_DEPENDS symbols

This change will trigger rebuild on buildbots in case of changed config
symbols, like in the case of hostapd selecting some wolfssl symbols
lately.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 5857088c5eb3a5a2409e3c57dbfa2487e08bbf4a)

5 years agowolfssl: update to version 3.14.4
Daniel Golle [Wed, 23 May 2018 21:26:41 +0000 (23:26 +0200)]
wolfssl: update to version 3.14.4

Use download from github archive corresponding to v3.14.4 tag because
the project's website apparently only offers 3.14.0-stable release
downloads.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 4f67c1522d92bc4512c3ecf58c38ff9886530b48)

5 years agopackage sysfsutils: add support for sysfs settings at boot
Rodolfo Giometti [Wed, 28 Jun 2017 08:49:01 +0000 (10:49 +0200)]
package sysfsutils: add support for sysfs settings at boot

This patch is based on sysfsutils package's behaviour on Debian OS.

Signed-off-by: Rodolfo Giometti <giometti@linux.it>
(backported from 2437e0f67050cad79cc1778b18cefd8d3cd86d07)

5 years agokernel: merge kmod-fbcon with kmod-fb
Tomasz Maciej Nowak [Fri, 30 Mar 2018 22:12:03 +0000 (00:12 +0200)]
kernel: merge kmod-fbcon with kmod-fb

As of commit in kernel:
6104c37094 fbcon: Make fbcon a built-time depency for fbdev
framebuffer console is build in into framebuffer module and there's no
standalone fbcon module. Therefore drop the kmod-fbcon and enable
console in kmod-fb. The only targets which use these modules are imx6
and geode, both are on kernel 4.14 so no fallback for other kernels is
introduced.
Being at that this commit also fixes autoload of fbdev for x86.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(backported from 9c0ddafd4663948fe5c6f3f4a7a7601fdbb36737)

5 years agoath10k-firmware: Fix mirror hash sum
Hauke Mehrtens [Sat, 19 May 2018 13:20:46 +0000 (15:20 +0200)]
ath10k-firmware: Fix mirror hash sum

This now matches what was generated locally on my PC and the file on the
mirror server.

Fixes: 349fe46103359 ("ath10k-firmware: Update QCA988X firmware to the latest version")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from 56a03e434386ccd1359d5c995a5a3c0fcc44f6af)

5 years agoath10k-firmware: Update QCA988X firmware to the latest version
Timo Sigurdsson [Wed, 16 May 2018 22:33:56 +0000 (00:33 +0200)]
ath10k-firmware: Update QCA988X firmware to the latest version

This patch updates the QCA988X firmware to the latest revision
  firmware-5.bin_10.2.4-1.0-00037
found in the ath10k-firmware and linux-firmware repositories.

Tested on TP-Link Archer C7 v2 (ar71xx).

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
(backported from 349fe46103359682692e6b175d22f8c05ff75f74)

5 years agonftables: bump to 0.8.5 version
Rosy Song [Tue, 15 May 2018 03:42:29 +0000 (11:42 +0800)]
nftables: bump to 0.8.5 version

Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 39e87e0ffc4eabf27d25459a369be425e9ef0474)

5 years agolibnftnl: bump to 1.1.0
Rosy Song [Tue, 15 May 2018 02:41:19 +0000 (10:41 +0800)]
libnftnl: bump to 1.1.0

Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from c7e9d72f056a190fe14b1ebc3f07e726121e2965)

5 years agoebtables: update to latest git 2018-05-15
Hans Dedecker [Tue, 15 May 2018 12:00:37 +0000 (14:00 +0200)]
ebtables: update to latest git 2018-05-15

66a9701 ebtables: Fix build errors and warnings
9fff3d5 include: Fix musl libc compatibility
b1cdae8 extensions: Add string filter to ebtables

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from ac70ac3532fefa78c944d8a26c8df0ca5d88d04e)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agoar71xx: add support for UniFi-AC-Mesh-Pro
Christoph Krapp [Thu, 8 Nov 2018 11:09:02 +0000 (11:09 +0000)]
ar71xx: add support for UniFi-AC-Mesh-Pro

This adds the build option for UniFi AC Mesh Pro as well as
model detection for it.
The device is a hardware clone of the AC Pro.

- SoC: QCA9563-AL3A (775Mhz)
- RAM: 128MiB
- Flash: 16MiB - dual firmware partitions!
- LAN: 2x 1000M - POE+
- Wireless:
        2.4G: QCA9563
          5G: UniFi Chip, QCA988X compatible

Signed-off-by: Christoph Krapp <achterin@googlemail.com>
(cherry picked from commit 987b961537b7002eda21df97dd8bfebe8882bc6d)

5 years agokernel: bump 4.14 to 4.14.88
Koen Vandeputte [Thu, 13 Dec 2018 10:46:02 +0000 (11:46 +0100)]
kernel: bump 4.14 to 4.14.88

Refreshed all patches.

Altered patches:
- 180-usb-xhci-add-support-for-performing-fake-doorbell.patch

Fixes CVE:
- CVE-2018-14625

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.145
Koen Vandeputte [Thu, 13 Dec 2018 10:43:25 +0000 (11:43 +0100)]
kernel: bump 4.9 to 4.9.145

Refreshed all patches.

Fixes CVE:
- CVE-2018-14625

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.14 to 4.14.87
Koen Vandeputte [Tue, 11 Dec 2018 12:31:35 +0000 (13:31 +0100)]
kernel: bump 4.14 to 4.14.87

Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.144
Koen Vandeputte [Tue, 11 Dec 2018 11:24:02 +0000 (12:24 +0100)]
kernel: bump 4.9 to 4.9.144

Refreshed all patches.

Compile-tested: ar71xx
Runtime-tested: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.14 to 4.14.86
Koen Vandeputte [Thu, 6 Dec 2018 12:34:21 +0000 (13:34 +0100)]
kernel: bump 4.14 to 4.14.86

Refreshed all patches.

Altered patches:
- 180-usb-xhci-add-support-for-performing-fake-doorbell.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.143
Koen Vandeputte [Wed, 28 Nov 2018 11:36:15 +0000 (12:36 +0100)]
kernel: bump 4.9 to 4.9.143

Refreshed all patches.

Altered patches:
- 950-0063-Improve-__copy_to_user-and-__copy_from_user-performa.patch
- 950-0149-Update-vfpmodule.c.patch
- 201-extra_optimization.patch

New symbol:
- CONFIG_HARDEN_BRANCH_PREDICTOR

Compile-tested on: ar71xx, ar7, arc770, at91, brcm2708, brcm63xx, ixp4xx, lantiq, layerscape, mpc85xx, orion, rb532, uml
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoopenvpn: re-add option comp_lzo
Martin Schiller [Wed, 12 Dec 2018 12:43:20 +0000 (13:43 +0100)]
openvpn: re-add option comp_lzo

This option is deprecated but needs to be kept for backward compatibility. [0]

[0] https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#a--comp-lzo

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(cherry picked from commit 3850b41f01925a7eddc24033ed155503c1ad2112)

5 years agorpcd: update to latest Git head
Jo-Philipp Wich [Thu, 22 Nov 2018 13:42:14 +0000 (14:42 +0100)]
rpcd: update to latest Git head

3aa81d0 file: access exec timeout via daemon ops structure
7235f34 plugin: store pointer to exec timeout value in the ops structure
ccd7c0a treewide: rename exec_timeout to rpc_exec_timeout
c79ef22 main: fix logic bug when not specifying a timeout option
2cc4b99 file: use global exec timeout instead of own hardcoded limit
ecd1660 exec: increase maximum execution time to 120s

Also expose the socket and timeout options in /etc/config/rpcd for
easier use.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commits 41055551151e12abf8efe710efa4dc025a7b7b6a,
 952b11766cd83898cf8f9626b75141eac6d4ad1a and
 e533fb17061027dca2cc60a9555fc2edb9e832eb)

5 years agoramips: fix leds on GL.iNet GL-MT300N-V2
Martin Weinelt [Fri, 2 Nov 2018 19:52:01 +0000 (20:52 +0100)]
ramips: fix leds on GL.iNet GL-MT300N-V2

The WAN LED now shows the link state. It's color is green,
not blue.

Signed-off-by: Martin Weinelt <hexa@darmstadt.ccc.de>
(cherry picked from commit 0411813c6f0520dea23a1c4f58f5956c504bf129)

5 years agoipq40xx: fix openmesh sysupgrade with tar content out of order
Marek Lindner [Sun, 2 Dec 2018 14:02:04 +0000 (22:02 +0800)]
ipq40xx: fix openmesh sysupgrade with tar content out of order

The tar extraction depends on the order in which the files
are added to the tar file. Since the order is not guaranteed
and depends on the host system, the combined mtd write fails
with sysupgrade images built on some systems.
Fix by changing to tar file order independent mtd write.

Fixes: 86e18f6706e1 ("ipq806x: add support for OpenMesh A42")
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
5 years agorules.mk: fix syntax error
Jo-Philipp Wich [Thu, 29 Nov 2018 11:32:34 +0000 (12:32 +0100)]
rules.mk: fix syntax error

Fix broken assignment operator added in a previous commit.

Fixes db73ec9f51 ("rules.mk: add INSTALL_SUID macro")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 1416b63dcbadbb5c11c2591b4513f5276b6dc744)

5 years agorules.mk: add INSTALL_SUID macro
Jo-Philipp Wich [Thu, 29 Nov 2018 10:59:20 +0000 (11:59 +0100)]
rules.mk: add INSTALL_SUID macro

This is useful for packages that want to stage SUID executables.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit b0261ee5e9bcbc743960727b5aad1829250d1add)

5 years agobase-files: fix prerm return value, align with postinst code
Tony Ambardar [Sat, 3 Mar 2018 04:04:36 +0000 (20:04 -0800)]
base-files: fix prerm return value, align with postinst code

The return value of a package prerm script is discarded and not returned
correctly by default_prerm(). This allows other operations like service
shutdown to "leak" their return value, prompting workarounds like commit
48cfc826 which do not address the root cause.

Preserve a package prerm script return value for use by default_prerm(),
sharing the corresponding code from default_postinst() for consistency.
Also use consistent code for handling of /etc/init.d/ scripts.

Run Tested on: LEDE 17.01.4 running ar71xx.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 8806da86f5da3b1b1e4d24259d168e2219c01a26)

5 years agosdk: find kernel modules when KDIR is a symlink
Karl Vogel [Thu, 29 Nov 2018 08:07:21 +0000 (09:07 +0100)]
sdk: find kernel modules when KDIR is a symlink

The find statement would not return any results if the KDIR_BASE pointed to a
symlink. Ran into this issue due to a custom Kernel/Prepare that was installing
a symlink to the kernel directory.

The extra slash at the end fixes this scenario and does no harm for targets that
have a proper KDIR.

Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
(cherry picked from commit ae980458abf8299d614f4b34add32e18d054378d)

5 years agouhttpd: update to latest Git head
Jo-Philipp Wich [Wed, 28 Nov 2018 11:42:24 +0000 (12:42 +0100)]
uhttpd: update to latest Git head

cdfc902 cgi: escape url in 403 error output
0bba1ce uhttpd: fix building without TLS and Lua support
2ed3341 help: document -A option
fa5fd45 file: fix CPP syntax error
77b774b build: avoid redefining _DEFAULT_SOURCE

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 56378bc12da1aa4f9434bd1119ec770096d92cac)