openwrt/staging/981213.git
5 years agoipset: update to 6.38
Syrone Wong [Mon, 1 Oct 2018 02:56:04 +0000 (10:56 +0800)]
ipset: update to 6.38

dropped already upstream patch

Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
(backported from 68f109609b613b38bb3b2e6e82a9c04ae8bd011f)

5 years agozram-swap: bump pkg version
Emil Muratov [Tue, 25 Sep 2018 09:24:28 +0000 (12:24 +0300)]
zram-swap: bump pkg version

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from bbf46c9f8feea755ceb8e33ccf91733c1c2b2a34)

5 years agozram-swap: Add "max compression streams" configuration option
Emil Muratov [Wed, 1 Aug 2018 22:05:14 +0000 (01:05 +0300)]
zram-swap: Add "max compression streams" configuration option

Config option to limit maximum compression streams per zram dev for
multicore CPU's. This could be defined via 'zram_comp_streams' option in
the 'system' section of '/etc/config/system' file or via cli (for e.x.
with 'uci set system.@System[0].zram_comp_streams=2 && uci commit
system'). Default is number of logical CPU cores.

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from 70d3ffb47fcef901e4d86da4c9077ba8b8e2ba10)

5 years agozram-swap: fix number of created zram devices for multicore CPU's
Emil Muratov [Wed, 1 Aug 2018 21:50:00 +0000 (00:50 +0300)]
zram-swap: fix number of created zram devices for multicore CPU's

Use only one zram swap device of the specified $size instead of
[N x $size] devices for multicore CPUs Now zram module uses multiple
compression streams for each dev by default, so we do not need to create
several zram devs to utilize multicore CPUs.

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from 814cae7362c3bd57e8fd9305d5d0b48ff219d4d0)

5 years agozram-swap: fix zram dev reset for multicore cpu devices
Emil Muratov [Wed, 1 Aug 2018 21:18:45 +0000 (00:18 +0300)]
zram-swap: fix zram dev reset for multicore cpu devices

 * "zram stop" could reset up to $(num_of_cores) zram devices even if
   some of those were not mounted as swap dev's. This fix tries to
   enumerate mounted swap zram dev's before making a reset

 * remove hot-added zram devs on stop (except zram0)

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from 9edc1fe8abac6638cd05640279bc741a23b8d260)

5 years agozram-swap: compression algorithm configuration option
Emil Muratov [Wed, 1 Aug 2018 21:15:44 +0000 (00:15 +0300)]
zram-swap: compression algorithm configuration option

Compression algorithms for zram are provided by kernel crypto API, could
be any of [lzo|zl4|deflate|<some_more>] depending on kernel modules.
Compress algo for zram-swap could be defined via 'zram_comp_algo' option
in 'system' section of '/etc/config/system' file, or via cli (for e.x.
with 'uci set system.@System[0].zram_comp_algo=lz4 && uci commit
system'). check available algo's via 'cat /sys/block/zram0
/comp_algorithm'

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from b9e89adfb7881806d01e3bd259852e352f3b3ce8)

5 years agozram-swap: Shell cosmetic
Samuel Casa [Tue, 7 Aug 2018 09:16:34 +0000 (11:16 +0200)]
zram-swap: Shell cosmetic

Signed-off-by: Samuel Casa <samuel.casa@neratec.com>
(backported from 65e9561b3d0546bfe6bad1840d81c0aa07b0c68d)

5 years agozram-swap: remove trailing whitespaces in init script
Samuel Casa [Tue, 7 Aug 2018 08:49:22 +0000 (10:49 +0200)]
zram-swap: remove trailing whitespaces in init script

Signed-off-by: Samuel Casa <samuel.casa@neratec.com>
[slightly reword subject]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from b291517fdf5a698726fe94010055ec90d85f365a)

5 years agoodhcpd-ipv6only: fix dependency for IPV6
Rosy Song [Wed, 26 Sep 2018 11:44:25 +0000 (19:44 +0800)]
odhcpd-ipv6only: fix dependency for IPV6

Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 456df06071f54d3c799725227d1ac77afbe61891)

5 years agonetifd: update to latest git HEAD
Hans Dedecker [Mon, 19 Nov 2018 09:12:28 +0000 (10:12 +0100)]
netifd: update to latest git HEAD

4b83102 treewide: switch to C-code style comments
70506bf treewide: make some functions static
d9872db interface: fix removal of dynamic interfaces
2f7ef7d interface: rework code to get rid of interface_set_dynamic

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 8e409f476b358111113353c3d3adfcff113674b8)

5 years agonetifd: update to latest git HEAD
Hans Dedecker [Wed, 17 Oct 2018 09:14:15 +0000 (11:14 +0200)]
netifd: update to latest git HEAD

841b5d1 system-linux: enable by default ignore encaplimit for grev6 tunnels
125cbee system-linux: fix a typo in gre tunnel data parsing logic

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from db6f9d5598a353c94578bd76dbef92dd78f3ae63)

5 years agohostapd: expose device taxonomy signature via ubus
Felix Fietkau [Mon, 30 Apr 2018 11:48:54 +0000 (13:48 +0200)]
hostapd: expose device taxonomy signature via ubus

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from 7d8681ccb99730ca0b35a5c341b468a86cadbf35)

5 years agohostapd: add support for client taxonomy in the full config
Felix Fietkau [Mon, 30 Apr 2018 11:40:42 +0000 (13:40 +0200)]
hostapd: add support for client taxonomy in the full config

This can be used to fingerprint clients to try to identify the exact
model

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from 23c1827e341fce302ba2841ecabeeb3f95e21d68)

5 years agohostapd: fix MAC filter related log spam
Jo-Philipp Wich [Tue, 16 Oct 2018 10:11:20 +0000 (12:11 +0200)]
hostapd: fix MAC filter related log spam

Backport two upstream fixes to address overly verbose logging of MAC ACL
rejection messages.

Fixes: FS#1468
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from 3e633bb3709611d79965fab667e3239fd3bde151)

5 years agokernel: support gcc-optimized inlining on all architectures
Felix Fietkau [Thu, 25 Jan 2018 13:01:34 +0000 (14:01 +0100)]
kernel: support gcc-optimized inlining on all architectures

Optimized inlining was disabled by default when gcc 4 was still
relatively new. By now, all gcc versions handle this well and there
seems to be no real reason to keep it x86-only.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from 1e8882585c6f4a5e7f5e2b4f18cd550aafa6f81d)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agokernel: Add missing config option for NFSDv4
Hauke Mehrtens [Sat, 29 Sep 2018 21:18:33 +0000 (23:18 +0200)]
kernel: Add missing config option for NFSDv4

This configuration option is not set when building the
layerscape/armv8_64b target.

Fixes: 92aa21497b2 ("kernel: build support for NFSv4 in nfsd")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from 99e1a12fd0448bc045da7f3776e804df187ee7a2)

5 years agokernel: build support for NFSv4 in nfsd
W. Michael Petullo [Sun, 26 Aug 2018 06:31:31 +0000 (02:31 -0400)]
kernel: build support for NFSv4 in nfsd

Signed-off-by: W. Michael Petullo <mike@flyn.org>
(backported from 92aa21497b22bcf03862cf9da8e89ef007affebd)

5 years agokernel: add missing dependency to regmap to kmod-gpio-mcp23s08
Hauke Mehrtens [Sat, 25 Aug 2018 16:11:03 +0000 (18:11 +0200)]
kernel: add missing dependency to regmap to kmod-gpio-mcp23s08

This fixes a build problem recently introduced.

Fixes: a904003b9b5f ("kernel: fix kmod-gpio-mcp23s08 for linux 4.14")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from e882e63f1e1169030389b304489ab8a7d785df33)

5 years agobuild: Introduce building of artifacts
Petr Štetiar [Fri, 23 Nov 2018 09:53:37 +0000 (10:53 +0100)]
build: Introduce building of artifacts

We currently could (ab)use IMAGES for this task, but the downside is,
that the filenames has filesystem tied to the filename, which might be
confusing as the artifact itself don't has to be used with that specific
filesystem. Another downside is, that the artifacts built with IMAGES
target are build for every FILESYSTEMS filesystem.

Consider following use case:

 define Device/apalis
   ...
   FILESYSTEMS := ext4 squashfs
   IMAGES := spl-uboot.bin recovery.scr
   IMAGE/spl-uboot.bin := append-uboot-spl | pad-to 68k | append-uboot
   IMAGE/recovery.scr := recovery-scr
 endef

Where we would get target binaries with following filenames:

 openwrt-imx6-apalis-squashfs.recovery.scr
 openwrt-imx6-apalis-squashfs.spl-uboot.bin
 openwrt-imx6-apalis-ext4.recovery.scr
 openwrt-imx6-apalis-ext4.spl-uboot.bin

With proposed patch, we could now just do:

 define Device/apalis
   ...
   ARTIFACTS := spl-uboot.bin recovery.scr
   ARTIFACT/spl-uboot.bin := append-uboot-spl | pad-to 68k | append-uboot
   ARTIFACT/recovery.scr := recovery-scr
 endef

Which would produce target binaries with following filenames:

 openwrt-imx6-apalis-recovery.scr
 openwrt-imx6-apalis-spl-uboot.bin

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from 493c9a35516c27a8ec412d97e63c8cf6f41a57ea)

5 years agobuild: fix libressl build on x32 (amd64ilp32) host
Thorsten Glaser [Mon, 22 Oct 2018 19:00:57 +0000 (21:00 +0200)]
build: fix libressl build on x32 (amd64ilp32) host

disable use of assembly code since x32 gets misdetected as amd64

Signed-off-by: Thorsten Glaser <tg@mirbsd.org>
(backported from a395563f68fde6f52dbf10913f59f13b8c804cd5)

5 years agobuild: remove obsolete -rc kernel testing rewrites
Christian Lamparter [Mon, 15 Oct 2018 18:00:05 +0000 (20:00 +0200)]
build: remove obsolete -rc kernel testing rewrites

The -rcX "testing" kernels are no longer hosted on
cdn.kernel.org file servers directly in a "testing"
directory. Therefore the logic that tested for "-rc"
can be removed.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(backported from 92bcd08989dede0f60589023e2aea4a864de76c6)

5 years agobuild: insert blank line after KernelPackage template to allow chaining calls to it
Felix Fietkau [Mon, 1 Oct 2018 10:44:50 +0000 (12:44 +0200)]
build: insert blank line after KernelPackage template to allow chaining calls to it

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from b7855230a348fa711de70665c861f63c631c98e9)

5 years agobuild: fix kernel headers install for uml
Felix Fietkau [Sat, 29 Sep 2018 15:45:54 +0000 (17:45 +0200)]
build: fix kernel headers install for uml

The kernel headers makefile needs to override LINUX_KARCH

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from c3a0102195a2902f1964b667fb86031308c78f9d)

5 years agocns3xxx: fix writing to wrong PCI registers
Koen Vandeputte [Tue, 18 Dec 2018 11:40:30 +0000 (12:40 +0100)]
cns3xxx: fix writing to wrong PCI registers

Originally, cns3xxx used it's own functions for mapping, reading and writing registers.

Upstream commit 802b7c06adc7 ("ARM: cns3xxx: Convert PCI to use generic config accessors")
removed the internal PCI config write function in favor of the generic one:

cns3xxx_pci_write_config() --> pci_generic_config_write()

cns3xxx_pci_write_config() expected aligned addresses, being produced by cns3xxx_pci_map_bus()
while the generic one pci_generic_config_write() actually expects the real address
as both the function and hardware are capable of byte-aligned writes.

This currently leads to pci_generic_config_write() writing
to the wrong registers on some ocasions.

First issue seen due to this:

- driver ath9k gets loaded
- The driver wants to write value 0xA8 to register PCI_LATENCY_TIMER, located at 0x0D
- cns3xxx_pci_map_bus() aligns the address to 0x0C
- pci_generic_config_write() effectively writes 0xA8 into register 0x0C (CACHE_LINE_SIZE)

This seems to cause some slight instability when certain PCI devices are used.

Another issue example caused by this this is the PCI bus numbering,
where the primary bus is higher than the secondary, which is impossible.

Before:

00:00.0 PCI bridge: Cavium, Inc. Device 3400 (rev 01) (prog-if 00 [Normal decode])
    Flags: bus master, fast devsel, latency 0, IRQ 255
    Bus: primary=02, secondary=01, subordinate=ff, sec-latency=0

After fix:

00:00.0 PCI bridge: Cavium, Inc. Device 3400 (rev 01) (prog-if 00 [Normal decode])
    Flags: bus master, fast devsel, latency 0, IRQ 255
    Bus: primary=00, secondary=01, subordinate=02, sec-latency=0

And very likely some more ..

Fix all by omitting the alignment being done in the mapping function.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.14 to 4.14.89
Koen Vandeputte [Tue, 18 Dec 2018 13:12:50 +0000 (14:12 +0100)]
kernel: bump 4.14 to 4.14.89

Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.146
Koen Vandeputte [Tue, 18 Dec 2018 13:12:21 +0000 (14:12 +0100)]
kernel: bump 4.9 to 4.9.146

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: Activate VDSO on MIPS again
Hauke Mehrtens [Sat, 29 Sep 2018 13:56:20 +0000 (15:56 +0200)]
kernel: Activate VDSO on MIPS again

The cache coloring problem on MIPS CPUs was fixed with kernel 4.9.129 of
the kernel 4.9 branch. Activate VDSO support for MIPS again.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from 91a71804f89a238082904ae027fffb52114e3499)

5 years agowireguard: bump to 0.0.20180925
Kevin Darbyshire-Bryant [Thu, 27 Sep 2018 20:14:10 +0000 (21:14 +0100)]
wireguard: bump to 0.0.20180925

33523a5 version: bump snapshot
0759480 curve25519-hacl64: reduce stack usage under KASAN
b9ab0fc chacha20: add bounds checking to selftests
2e99d19 chacha20-mips32r2: reduce stack and branches in loop, refactor jumptable handling
d6ac367 qemu: bump musl
28d8b7e crypto: make constant naming scheme consistent
56c4ea9 hchacha20: keep in native endian in words
0c3c0bc chacha20-arm: remove unused preambles
3dcd246 chacha20-arm: updated scalar code from Andy
6b9d5ca poly1305-mips64: remove useless preprocessor error
3ff3990 crypto-arm: rework KERNEL_MODE_NEON handling again
dd2f91e crypto: flatten out makefile
67a3cfb curve25519-fiat32: work around m68k compiler stack frame bug
9aa2943 allowedips: work around kasan stack frame bug in selftest
317b318 chacha20-arm: use new scalar implementation
b715e3b crypto-arm: rework KERNEL_MODE_NEON handling
77b07d9 global: reduce stack frame size
ddc2bd6 chacha20: add chunked selftest and test sliding alignments and hchacha20
2eead02 chacha20-mips32r2: reduce jumptable entry size and stack usage
a0ac620 chacha20-mips32r2: use simpler calling convention
09247c0 chacha20-arm: go with Ard's version to optimize for Cortex-A7
a329e0a chacha20-mips32r2: remove reorder directives
3b22533 chacha20-mips32r2: fix typo to allow reorder again
d4ac6bb poly1305-mips32r2: remove all reorder directives
197a30c global: put SPDX identifier on its own line
305806d ratelimiter: disable selftest with KASAN
4e06236 crypto: do not waste space on selftest items
5e0fd08 netlink: reverse my christmas trees
a61ea8b crypto: explicitly dual license
b161aff poly1305: account for simd being toggled off midway
470a0c5 allowedips: change from BUG_ON to WARN_ON
aa9e090 chacha20: prefer crypto_xor_cpy to avoid memmove
1b0adf5 poly1305: no need to trick gcc 8.1
a849803 blake2s: simplify final function
073f3d1 poly1305: better module description

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from 37961f12baa756caf5d735fdafff46205d21a93d)

5 years agowireguard: bump to 0.0.20180918
Jason A. Donenfeld [Tue, 18 Sep 2018 14:57:05 +0000 (16:57 +0200)]
wireguard: bump to 0.0.20180918

* blake2s-x86_64: fix whitespace errors
* crypto: do not use compound literals in selftests
* crypto: make sure UML is properly disabled
* kconfig: make NEON depend on CPU_V7
* poly1305: rename finish to final
* chacha20: add constant for words in block
* curve25519-x86_64: remove useless define
* poly1305: precompute 5*r in init instead of blocks
* chacha20-arm: swap scalar and neon functions
* simd: add __must_check annotation
* poly1305: do not require simd context for arch
* chacha20-x86_64: cascade down implementations
* crypto: pass simd by reference
* chacha20-x86_64: don't activate simd for small blocks
* poly1305-x86_64: don't activate simd for small blocks
* crypto: do not use -include trick
* crypto: turn Zinc into individual modules
* chacha20poly1305: relax simd between sg chunks
* chacha20-x86_64: more limited cascade
* crypto: allow for disabling simd in zinc modules
* poly1305-x86_64: show full struct for state
* chacha20-x86_64: use correct cut off for avx512-vl
* curve25519-arm: only compile if symbols will be used
* chacha20poly1305: add __init to selftest helper functions
* chacha20: add independent self test

Tons of improvements all around the board to our cryptography library,
including some performance boosts with how we handle SIMD for small packets.

* send/receive: reduce number of sg entries

This quells a powerpc stack usage warning.

* global: remove non-essential inline annotations

We now allow the compiler to determine whether or not to inline certain
functions, while still manually choosing so for a few performance-critical
sections.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from f07a94da50b8a31928cb34c19695747e0df74beb)

5 years agowireguard: bump to 0.0.20180910
Jason A. Donenfeld [Tue, 11 Sep 2018 00:59:16 +0000 (18:59 -0600)]
wireguard: bump to 0.0.20180910

* curve25519: arm: do not modify sp directly
* compat: support neon.h on old kernels
* compat: arch-namespace certain includes
* compat: move simd.h from crypto to compat since it's going upstream

This fixes a decent amount of compat breakage and thumb2-mode breakage
introduced by our move to Zinc.

* crypto: use CRYPTOGAMS license

Rather than using code from OpenSSL, use code directly from AndyP.

* poly1305: rewrite self tests from scratch
* poly1305: switch to donna

This makes our C Poly1305 implementation a bit more intensely tested and also
faster, especially on 64-bit systems. It also sets the stage for moving to a
HACL* implementation when that's ready.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from a54f492d0cf1f9bff1dd449961441e789c724995)

5 years agowireguard: bump to 0.0.20180904
Jason A. Donenfeld [Tue, 4 Sep 2018 18:33:46 +0000 (12:33 -0600)]
wireguard: bump to 0.0.20180904

* Kconfig: use new-style help marker
* global: run through clang-format
* uapi: reformat
* global: satisfy check_patch.pl errors
* global: prefer sizeof(*pointer) when possible
* global: always find OOM unlikely

Tons of style cleanups.

* crypto: use unaligned helpers

We now avoid unaligned accesses for generic users of the crypto API.

* crypto: import zinc

More style cleanups and a rearrangement of the crypto routines to fit how this
is going to work upstream. This required some fairly big changes to our build
system, so there may be some build errors we'll have to address in subsequent
snapshots.

* compat: rng_is_initialized made it into 4.19

We therefore don't need it in the compat layer anymore.

* curve25519-hacl64: use formally verified C for comparisons

The previous code had been proved in Z3, but this new code from upstream
KreMLin is directly generated from the F*, which is preferable. The
assembly generated is identical.

* curve25519-x86_64: let the compiler decide when/how to load constants

Small performance boost.

* curve25519-arm: reformat
* curve25519-arm: cleanups from lkml
* curve25519-arm: add spaces after commas
* curve25519-arm: use ordinary prolog and epilogue
* curve25519-arm: do not waste 32 bytes of stack
* curve25519-arm: prefix immediates with #

This incorporates ASM nits from upstream review.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from 4ccbe7de6cb20766fd309bc3824c7591e33b0b96)

5 years agowireguard: bump to 0.0.20180809
Jason A. Donenfeld [Sun, 12 Aug 2018 08:29:52 +0000 (01:29 -0700)]
wireguard: bump to 0.0.20180809

* send: switch handshake stamp to an atomic

Rather than abusing the handshake lock, we're much better off just using
a boring atomic64 for this. It's simpler and performs better. Also, while
we're at it, we set the handshake stamp both before and after the
calculations, in case the calculations block for a really long time waiting
for the RNG to initialize.

* compat: better atomic acquire/release backport

This should fix compilation and correctness on several platforms.

* crypto: move simd context to specific type

This was a suggestion from Andy Lutomirski on LKML.

* chacha20poly1305: selftest: use arrays for test vectors

We no longer have lines so long that they're rejected by SMTP servers.

* qemu: add easy git harness

This makes it a bit easier to use our qemu harness for testing our mainline
integration tree.

* curve25519-x86_64: avoid use of r12

This causes problems with RAP and KERNEXEC for PaX, as r12 is a
reserved register.

* chacha20: use memmove in case buffers overlap

A small correctness fix that we never actually hit in WireGuard but is
important especially for moving this into a general purpose library.

* curve25519-hacl64: simplify u64_eq_mask
* curve25519-hacl64: correct u64_gte_mask

Two bitmath fixes from Samuel, which come complete with a z3 script proving
their correctness.

* timers: include header in right file

This fixes compilation in some environments.

* netlink: don't start over iteration on multipart non-first allowedips

Matt Layher found a bug where a netlink dump of peers would never terminate in
some circumstances, causing wg(8) to keep trying forever. We now have a fix as
well as a unit test to mitigate this, and we'll be looking to create a fuzzer
out of Matt's nice library.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from 42dc0e25947a77b02ea18fa0e5fa04382250d5db)

5 years agowireguard: bump to 0.0.20180802
Jason A. Donenfeld [Fri, 3 Aug 2018 20:13:13 +0000 (22:13 +0200)]
wireguard: bump to 0.0.20180802

Changelog taken from the version announcement

> == Changes ==
>
>   * chacha20poly1305: selftest: split up test vector constants
>
>   The test vectors are encoded as long strings -- really long strings -- and
>   apparently RFC821 doesn't like lines longer than 998.
>   https://cr.yp.to/smtp/message.html
>
>   * queueing: keep reference to peer after setting atomic state bit
>
>   This fixes a regression introduced when preparing the LKML submission.
>
>   * allowedips: prevent double read in kref
>   * allowedips: avoid window of disappeared peer
>   * hashtables: document immediate zeroing semantics
>   * peer: ensure resources are freed when creation fails
>   * queueing: document double-adding and reference conditions
>   * queueing: ensure strictly ordered loads and stores
>   * cookie: returned keypair might disappear if rcu lock not held
>   * noise: free peer references on failure
>   * peer: ensure destruction doesn't race
>
>   Various fixes, as well as lots of code comment documentation, for a
>   small variety of the less obvious aspects of object lifecycles,
>   focused on correctness.
>
>   * allowedips: free root inside of RCU callback
>   * allowedips: use different macro names so as to avoid confusion
>
>   These incorporate two suggestions from LKML.
>
> This snapshot contains commits from: Jason A. Donenfeld and Jann Horn.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(backported from 68e2ebe64a0f27eb25c0e56ef1125ce1318e2279)

5 years agoiptables: fix dependency for libip6tc on IPV6
Rosy Song [Thu, 9 Aug 2018 06:47:31 +0000 (14:47 +0800)]
iptables: fix dependency for libip6tc on IPV6

Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 2dc1f54b1205094e7c6036cae6275d2c326bad3e)

5 years agonetifd: do not validate relevant section when ipv6 is not supported
Rosy Song [Sun, 23 Sep 2018 02:05:04 +0000 (10:05 +0800)]
netifd: do not validate relevant section when ipv6 is not supported

Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from a6add47869972139cef9106aecfddbac0b3f64f4)

5 years agobase-files: add network_get_metric() to /lib/functions/network.sh
Florian Eckert [Mon, 24 Sep 2018 12:20:29 +0000 (14:20 +0200)]
base-files: add network_get_metric() to /lib/functions/network.sh

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(backported from 61a59949009993a6b1d634ecbce765b37c4c2560)

5 years agoncurses: use default host install
Andy Walsh [Wed, 1 Aug 2018 10:48:08 +0000 (12:48 +0200)]
ncurses: use default host install

* just use default host/install, so libs/headers get properly generated/installed

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(backported from e0196152ebe7b6d11b740a81d0c3bced5b1902c1)

5 years agogettext-full: host compile with -fpic
Andy Walsh [Tue, 7 Aug 2018 15:46:42 +0000 (17:46 +0200)]
gettext-full: host compile with -fpic

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(backported from 2bbc9376c6c081a8db491f047e32091da6ba0016)

5 years agodante: disable sched_getscheduler() - not implemented in musl
David Yang [Sat, 11 Aug 2018 07:51:02 +0000 (15:51 +0800)]
dante: disable sched_getscheduler() - not implemented in musl

musl doesn't come with an valid implementation of `sched_getscheduler()`;
it simply returns -ENOSYS for it. Without this option (and compile dante
with `sched_getscheduler()` enabled), you will get

    error: serverinit(): sched_getscheduler(2): failed to retrieve current
    cpuscheduling policy: Function not implemented

and dante won't start at all.

Ref: http://lists.alpinelinux.org/alpine-devel/3932.html
Ref: http://lists.alpinelinux.org/alpine-devel/3936.html
Signed-off-by: David Yang <mmyangfl@gmail.com>
[slightly reword commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from aaf46a8fe23eca959164c1681ab3a37c6e746b05)

5 years agokernel: re-enable MIPS VDSO
Kevin Darbyshire-Bryant [Fri, 21 Sep 2018 18:41:27 +0000 (19:41 +0100)]
kernel: re-enable MIPS VDSO

kernel upstream commit 9efcaa7c4afba5628f2650a76f69c798f47eeb18 to 4.14
itself a backport of 0f02cfbc3d9e413d450d8d0fd660077c23f67eff has
resolved the cache line issues that led to us disabling VDSO by default
on MIPS.

Remove our force disable patch:

pending-4.14/206-mips-disable-vdso.patch

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from 8ee7a80d190b291e828cace3cac8c485f3b8667d)

5 years agobase-files: fix postinstall uci-defaults removal
Tony Ambardar [Sat, 3 Mar 2018 03:32:24 +0000 (19:32 -0800)]
base-files: fix postinstall uci-defaults removal

Commit 7f694582 introduced a bug where default_postinst() often fails to
remove a uci-defaults script after application, leaving it to run again
after a reboot.
(Note: commit 7f694582 also introduced FS#1021, now fixed by 73c745f6)

The subtle problem arises from the shell logical chain:
[ -f "$i" ] && . "$i" && rm -f "$i"

Most uci-defaults scripts contain a terminal 'exit 0' statement which,
when sourced, results in the logic chain exiting before executing 'rm -f'.
This was observed while testing upgrades of 'luci-app-sqm'.

The solution is to wrap the shell sourcing in a subshell relative to the
command 'rm -f':
( [ -f "$i" ] && . "$i" ) && rm -f "$i"

Revert to using 'grep' to prefilter the list of entries from the control
file, which yields the full path of uci-defaults scripts. This allows
keeping the existence check, directory change and script sourcing inside
the subshell, with the script removal correctly outside.

This approach avoids adding a second subshell only around the "." (source)
command. The change also preserves the fix FS#1021, since the full path is
used to source the script, which is POSIX-portable irrespective of PATH
variable or reference to the CWD.

Run Tested on: LEDE 17.01.4 running ar71xx, while tracing installation of
package luci-app-sqm with its associated /etc/uci-defaults/luci-sqm file.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(backported from 4097ab6a975902b170dd7f7ac6c8025e5f32ef8d)

5 years agorules.mk: add ESED command
Konstantin Demin [Mon, 5 Mar 2018 09:46:44 +0000 (12:46 +0300)]
rules.mk: add ESED command

ESED is SED with extended regular expressions turned on.
Command line and usage are the same as for SED.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(backported from d3b43f49acb38cbe364da8735c9617427edd3d81)

5 years agolldpd: inhibit linking of libbsd on !GLIBC
Jo-Philipp Wich [Mon, 24 Sep 2018 06:36:10 +0000 (08:36 +0200)]
lldpd: inhibit linking of libbsd on !GLIBC

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from 4f277eb6402684ca79c9834e8eb30c0e93368e8b)

5 years agokernel: fix build of nftables
Hauke Mehrtens [Sat, 22 Sep 2018 21:59:10 +0000 (23:59 +0200)]
kernel: fix build of nftables

Backport an additional patch from 4.16 for nftables.
This fixes a build problem recently introduced.

Fixes: f57806b56e5 ("kernel: generic: Fix nftables inet table breakage")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from efffba34097ff75d12365fb863621d893f974623)

5 years agokernel: generic: Fix nftables inet table breakage
Brett Mastbergen [Wed, 12 Sep 2018 19:04:55 +0000 (15:04 -0400)]
kernel: generic: Fix nftables inet table breakage

Commit b7265c59ab7d ("kernel: backport a series of netfilter cleanup
patches to 4.14") added patch 302-netfilter-nf_tables_inet-don-t-use-
multihook-infrast.patch.  That patch switches the netfilter core in the
kernel to use the new native NFPROTO_INET support.  Unfortunately, the
new native NFPROTO_INET support does not exist in 4.14 and was not
backported along with this patchset.  As such, nftables inet tables never
see any traffic.

As an example the following nft counter rule should increment for every
packet coming into the box, but never will:

nft add table inet foo
nft add chain inet foo bar { type filter hook input priority 0\; }
nft add rule inet foo bar counter

This commit pulls in the required backport patches to add the new
native NFPROTO_INET support, and thus restore nftables inet table
functionality.

Tested on Turris Omnia (mvebu)

Fixes: b7265c59ab7d ("kernel: backport a series of netfilter cleanup ...")
Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
(backported from f57806b56e5f6ca7bb9fb66d5b175b5f98ece93c)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agomwlwifi: driver version to 10.3.8.0-20180920
Jonathan Lancett [Thu, 20 Sep 2018 18:16:01 +0000 (19:16 +0100)]
mwlwifi: driver version to 10.3.8.0-20180920

Signed-off-by: Jonathan Lancett <j.lancett@ntlworld.com>
[minor tweak to commit title]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from 95b3f8ec8d4d27525c8eb016b70290d380c55d0a)

5 years agomap: drop default encaplimit value
Hans Dedecker [Mon, 17 Sep 2018 15:53:34 +0000 (17:53 +0200)]
map: drop default encaplimit value

Setting encaplimit to a numerical value results into the value being
included as tunnel encapsulation limit in the destination option header
for tunneled packets.
Several users have reported interop issues as not all ISPs support the
destination option header containing the tunnel encapsulation limit
resulting into broken map connectivity.
Therefore drop the default encaplimit value for map tunnels so
no destination option header is included by default.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from d9691b66e2781a43cd4f508605dcfe88c4bbd042)

5 years agods-lite: drop default encaplimit value
Hans Dedecker [Mon, 17 Sep 2018 09:24:39 +0000 (11:24 +0200)]
ds-lite: drop default encaplimit value

Setting encaplimit to a numerical value results into the value being
included as tunnel encapsulation limit in the destination option header
for tunneled packets.
Several users have reported interop issues as not all ISPs support the
destination option header containing the tunnel encapsulation limit
resulting into broken ds-lite connectivity.
Therefore drop the default encaplimit value for ds-lite tunnels so
no destination option header is included by default.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 1241707b4091aa9dd46ad75252689e83f6aac5b2)

5 years agoodhcpd: enable ipv6 server mode only when it is supported
Rosy Song [Wed, 12 Sep 2018 01:21:19 +0000 (09:21 +0800)]
odhcpd: enable ipv6 server mode only when it is supported

Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 918ec4d549cc80b590e50003d0c489c27f864749)

5 years agotools/expat: fix docbook2man error on some systems
Marko Ratkaj [Mon, 10 Sep 2018 09:04:36 +0000 (11:04 +0200)]
tools/expat: fix docbook2man error on some systems

On some systems (Gentoo) configure stage fails because of docbook2man
working with SGML rather than with XML. We don't need xmlwf man pages so
we disable this.

Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
(backported from 6e80dd58bb6c8c146ed8fd7ed538e96db4e8cc13)

5 years agobase-files: /etc/services: add missing 'rpcbind' alias
Andy Walsh [Mon, 27 Aug 2018 12:19:55 +0000 (14:19 +0200)]
base-files: /etc/services: add missing 'rpcbind' alias

* add missing 'rpcbind' alias to /etc/services

Allows rpcbind to open its 111 port and be reachable via lan, this is the default behaviour.

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(backported from 4549ab46a85735aa957e05c91dc023228aaa2697)

5 years agousbutils: Update usb.ids to 0.315
Rosen Penev [Mon, 10 Sep 2018 01:55:43 +0000 (18:55 -0700)]
usbutils: Update usb.ids to 0.315

Referencing the version instead of revision should fix uscan.

Tested on Turria Omnia.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from a9aa25c8b6f2e694d5bc0b14fe84eac6fffeb23a)

5 years agohostapd: Fix compile with OpenSSL 1.1.0 + no deprecated APIs
Rosen Penev [Sun, 2 Sep 2018 02:06:54 +0000 (19:06 -0700)]
hostapd: Fix compile with OpenSSL 1.1.0 + no deprecated APIs

Patch was accepted upsteam:

https://w1.fi/cgit/hostap/commit/?id=373c796948599a509bad71695b5b72eef003f661

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from f78e07ad2a0926739310f8a6fd74a7b162123c98)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agoscripts/ipkg-build: quash error messages when conffiles.resolved is empty
Yousong Zhou [Thu, 6 Sep 2018 08:00:24 +0000 (08:00 +0000)]
scripts/ipkg-build: quash error messages when conffiles.resolved is empty

When Package/xx/conffiles only contains directories that are empty at
package time, conffiles.resolved will be missing and the following
error messages will appear in the build log.

/home/yousong/git-repo/openwrt/openwrt/scripts/ipkg-build -c -o 0 -g 0 /home/yousong/git-repo/openwrt/openwrt/build_dir/target-mips_24kc_musl/linux-malta_be/openvswitch-2.10.0/ipkg-mips_24kc/openvswitch-common /home/yousong/git-repo/openwrt/openwrt/bin/packages/mips_24kc/packages
mv: cannot stat 'CONTROL/conffiles.resolved': No such file or directory
chmod: cannot access 'CONTROL/conffiles': No such file or directory

It will not break the ipkg-build process.  The change is merely cosmetic
to not cause confusion when reading logs

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(backported from 9e58c20ec9d48ee41a4a306b0cd6d3aece285efd)

5 years agoscripts/metadata.pm: avoid adding dup names in provides list
Yousong Zhou [Wed, 5 Sep 2018 15:29:25 +0000 (15:29 +0000)]
scripts/metadata.pm: avoid adding dup names in provides list

The need arises from building Open vSwitch kernel datapath modules, e.g.

 - kmod-openvswitch from Linux upstream
 - kmod-openvswitch-intree from openvswitch source code

where both provides virtual package "kmod-openvswitch" for userspace
packages to select and depend on

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(backported from 204081670b914795a494929777f09807b15f70f4)

5 years agostrace: fix build on aarch64
Stijn Tintel [Thu, 28 Jun 2018 10:00:10 +0000 (13:00 +0300)]
strace: fix build on aarch64

As of version 4.21, strace enforces mpers by default. The current
implementation of aarch64 compat in strace assumes it's identical to
ARMv7 EABI and therefore tries to enable m32 personality support. As
there is no -m32 support on aarch64, this causes the build to fail.

Restore previous strace behavior to fix build on aarch64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Karl Palsson <karlp@tweak.net.au>
(backported from 067e2f5f1d0102ffb96d3248e42a29e7352cc29c)

5 years agoodhcpd: bump to git HEAD (detect broken hostnames)
Hans Dedecker [Wed, 5 Sep 2018 08:59:23 +0000 (10:59 +0200)]
odhcpd: bump to git HEAD (detect broken hostnames)

881f66b odhcpd: detect broken hostnames
3e17fd9 config: fix odhcpd_attrs array size

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from ecc3165cbc6e2f51a685962cac6074f63097fa05)

5 years agohostapd: fix build of wpa-supplicant-p2p
Alexander Couzens [Mon, 3 Sep 2018 19:42:02 +0000 (21:42 +0200)]
hostapd: fix build of wpa-supplicant-p2p

VARIANT:= got removed by accident.

Fixes: 3838b16943c6 ("hostapd: fix conflicts hell")
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(backported from 967d6460c02810c9f4ec6f8c6894057995a03bf9)

5 years agobuild: add support for enabling the rootfs/boot partition size option via target...
Felix Fietkau [Sun, 26 Aug 2018 17:36:33 +0000 (19:36 +0200)]
build: add support for enabling the rootfs/boot partition size option via target feature

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from 00f030a9c67c551e675364d73234a4cba273b420)

5 years agoppp: remove hardcoded lcp-echo-failure, lcp-echo-interval values
Jo-Philipp Wich [Thu, 30 Aug 2018 13:08:20 +0000 (15:08 +0200)]
ppp: remove hardcoded lcp-echo-failure, lcp-echo-interval values

OpenWrt used to ship hardcoded defaults for lcp-echo-failure and
lcp-echo-interval in the non-uci /etc/ppp/options file.

These values break uci support for *disabling* LCP echos through
the use of "option keepalive 0" as either omitting the keepalive
option or setting it to 0 will result in no lcp-echo-* flags
getting passed to the pppd cmdline, causing the pppd process to
revert to the defaults in /etc/ppp/options.

Address this issue by letting the uci "keepalive" option default
to the former hardcoded values "5, 1" and by removing the fixed
lcp-echo-failure and lcp-echo-interval settings from the
/etc/ppp/options files.

Ref: https://github.com/openwrt/luci/issues/2112
Ref: https://dev.archive.openwrt.org/ticket/2373.html
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=854
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=1259
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from 555c592304023a0d24216a6d8ed9d525602ae218)

5 years agobase-files: provide more tolerant xterm detection
Paul Wassi [Thu, 23 Aug 2018 07:24:43 +0000 (09:24 +0200)]
base-files: provide more tolerant xterm detection

Set the window title not only in "xterm", but also in
e.g. "xterm-256color", "xterm-color", etc.
The case statement is taken from Debian / Ubuntu.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
(backported from 1bd6b91e0f9f53f13b5a9fa2939674012fe7193f)

5 years agobrcm47xx: Enable USB power on WNDR3400v3
Tuomas Tynkkynen [Sun, 19 Aug 2018 19:11:50 +0000 (22:11 +0300)]
brcm47xx: Enable USB power on WNDR3400v3

WNDR3400v3 needs GPIO 21 pulled high to enable power to USB ports. Add a
kernel patch to do that.

Signed-off-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
(backported from 5dd745588edea19846b2bc3a2e6938f139374ea9)

5 years agokernel: add kmod-tcp-bbr
Keith Wong [Thu, 12 Apr 2018 03:21:08 +0000 (11:21 +0800)]
kernel: add kmod-tcp-bbr

This adds support for BBR (Bottleneck Bandwidth and RTT) TCP
congestion control. Applications (e.g. webservers, VPN client/server)
which initiate connections from router side can benefit from this.

This provide an easier way for users to use BBR by selecting /
installing kmod-tcp-bbr instead of altering kernel config and
compiling firmware by themselves.

Signed-off-by: Keith Wong <keithwky@gmail.com>
(backported from 79c233daa4caee1a8af0c7a91e1d4aee96d410e9)

5 years agolibbsd: Update to 0.8.7
Daniel Engberg [Wed, 2 May 2018 08:23:45 +0000 (10:23 +0200)]
libbsd: Update to 0.8.7

Update libbsd to 0.8.7
Remove glibc dependency
Clean up InstallDev and install entries
Use /usr path for consistency
Cherry pick patches from upstream to fix musl compilation

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(backported from e341f45913beac28e5574d470ed79e4b6f9ee255)

5 years agokernel: fix kmod-gpio-mcp23s08 for linux 4.14
Martin Schiller [Fri, 24 Aug 2018 09:35:35 +0000 (11:35 +0200)]
kernel: fix kmod-gpio-mcp23s08 for linux 4.14

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(backported from a904003b9b5fe2744ee5d5d8718c54d001f1c93e)

5 years agox86/64: enable X86_INTEL_LPSS to select PINCTRL
Martin Schiller [Fri, 24 Aug 2018 09:31:13 +0000 (11:31 +0200)]
x86/64: enable X86_INTEL_LPSS to select PINCTRL

This makes it possible to use the MCP23S08 i/o expander
on x86_64 platforms with linux 4.14.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(backported from 17f30bfcf7329c1770dc996b0d29934942bb2899)

5 years agox86: geode: Add missing config options
Hauke Mehrtens [Sun, 26 Aug 2018 10:20:24 +0000 (12:20 +0200)]
x86: geode: Add missing config options

This adds a configuration options which is needed now.
Without this patch the geode build will fail.

Fixes: 4eda2fddf2 ("x86/geode: enable X86_INTEL_LPSS to select PINCTRL")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from 0f2787b9ff6976cf4999ed2dbb7debdb53bac2e3)

5 years agox86/geode: enable X86_INTEL_LPSS to select PINCTRL
Martin Schiller [Fri, 24 Aug 2018 09:29:37 +0000 (11:29 +0200)]
x86/geode: enable X86_INTEL_LPSS to select PINCTRL

This makes it possible to use the MCP23S08 i/o expander
on geode platforms with linux 4.14.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(backported from 4eda2fddf2995c8ade2b1e0faddc8ce1f1e0ec5f)

5 years agox86: add UHCI and XHCI USB host drivers to 4.14
Alex Maclean [Thu, 23 Aug 2018 13:30:36 +0000 (14:30 +0100)]
x86: add UHCI and XHCI USB host drivers to 4.14

Without UHCI a non-trivial number of machines will have no keyboard
without BIOS assistance.

Add XHCI as well in case there are chipsets which don't support legacy
interfaces, and support PCI OHCI controllers also.

Signed-off-by: Alex Maclean <monkeh@monkeh.net>
(backported from 894a95fa2df9467afe559c899af741a0c9040953)

5 years agobuild: Unset CDPATH to avoid problems
Thomas Langer [Mon, 20 Aug 2018 10:13:29 +0000 (12:13 +0200)]
build: Unset CDPATH to avoid problems

In some places the output of commands, which include "cd" are used.
In case of CDPATH the new path is printed, which might not be expected.
Disable the variable to avoid these problem.

When CDPATH was set by the user to some value like "export CDPATH=."
the git checkout done by the build system did not work anymore, the
git cloning aborted with such an error message for example:
....
Packing checkout...
tar: /disk/fs1/tmp2/mehrtens/pon-ugw/ugw-haps/openwrt/tmp/dl/ppa-drv-1.0\n@1534240258: Cannot stat: No such file or directory
tar: Date sample file not found
Try 'tar --help' or 'tar --usage' for more information.
.....

To avoid this, this patch makes the build system unset CDPATH inside
the build system, so the build system will still work even when the
user set this variable in his local environment.

Signed-off-by: Thomas Langer <thomas.langer@intel.com>
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 41faf52b0ffe902381e75a35e886f635321347b5)

5 years agodropbear: backport upstream fix for CVE-2018-15599
Hans Dedecker [Fri, 24 Aug 2018 13:02:24 +0000 (15:02 +0200)]
dropbear: backport upstream fix for CVE-2018-15599

CVE description :
The recv_msg_userauth_request function in svr-auth.c in Dropbear through
2018.76 is prone to a user enumeration vulnerability because username
validity affects how fields in SSH_MSG_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 2211ee0037764e1c6b1576fe7a0975722cd4acdc)

5 years agosamba36: Enable umdnsd support
Rosen Penev [Fri, 17 Aug 2018 02:32:59 +0000 (19:32 -0700)]
samba36: Enable umdnsd support

Allows discovery without having to use NetBIOS. Useful for mobile devices.

Could eventually throw nbmd away. But that requires Windows 10...

Tested on Fedora 28 with avahi-discover.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from 499773f8efe3357a2076c75c503ebcb42e41dbe6)

5 years agobase-files: create /etc/ethers by default
Luiz Angelo Daros de Luca [Sun, 19 Aug 2018 01:53:07 +0000 (22:53 -0300)]
base-files: create /etc/ethers by default

/etc/ethers is missing on /rom but always created when dnsmasq
runs. It is better to have it in place and avoid an extra change
in flash after firstboot.

It will generate an extra /etc/ethers-opkg when it has changed.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from d810d44e5a88e7ed5a72f8cd39fc57639aa6dbd0)

5 years agomwlwifi: Update to 10.3.8.0-20180810
Daniel Engberg [Fri, 17 Aug 2018 08:00:02 +0000 (10:00 +0200)]
mwlwifi: Update to 10.3.8.0-20180810

Update mwlwifi to 10.3.8.0-20180810

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(backported from e1a1add5178b6a943c6272776ba3af06b3f953a8)

5 years agofirewall: bump to git HEAD
Stijn Tintel [Mon, 13 Aug 2018 19:05:46 +0000 (22:05 +0300)]
firewall: bump to git HEAD

12a7cf9 Add support for DSCP matches and target
06fa692 defaults: use a generic check_kmod() function
1c4d5bc defaults: fix check_kmod() function

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(backported from 03e5dcbf10b1f67a463735efd8db3386f91473fd)

5 years agobase-files: add function to get mac as text from flash
Mathias Kresin [Sat, 11 Aug 2018 08:10:21 +0000 (10:10 +0200)]
base-files: add function to get mac as text from flash

Add a function to get a mac stored as text from flash. The octets of
the mac address need to be separated by any separator supported by
macaddr_canonicalize().

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from dfee452713e6b3c10aafc6174f8087a920b54402)

5 years agobase-files: use consistent coding style
Mathias Kresin [Sat, 11 Aug 2018 08:48:08 +0000 (10:48 +0200)]
base-files: use consistent coding style

Add the opening bracket right after the function name, to do it the
same way for all functions in this file.

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from ec28d2797c1bff4a3a97e54fee648cc56185839a)

5 years agobase-files: make wifi report unknown command
Thibaut VARÈNE [Thu, 9 Aug 2018 18:33:45 +0000 (20:33 +0200)]
base-files: make wifi report unknown command

Avoid having /sbin/wifi silently ignore unknown keywords and execute
"up"; instead display the help message and exit with an error.

Spell out the "up" keyword (which has users), add it to usage output,
and preserve the implicit assumption that runing /sbin/wifi without
argument performs "up".

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(backported from 78b5764fd8a3c133f0caf170238242b32a97105b)

5 years agoodhcp6c: apply IPv6/ND configuration earlier
Hans Dedecker [Thu, 9 Aug 2018 15:56:19 +0000 (17:56 +0200)]
odhcp6c: apply IPv6/ND configuration earlier

Apply IPv6/ND configuration before proto_send_update so that all config info
is available when netifd is handling the notify_proto ubus call.
In particular this fixes an issue when netifd is updating the downstream IPv6 mtu
as netifd was still using the not yet updated upstream IPv6 mtu to set the
downstream IPv6 mtu

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 2e02fdb3637c7a0320d230a3232d61e874c1e4d1)

5 years agoustream-ssl: update to latest git HEAD
Eneas U de Queiroz [Mon, 6 Aug 2018 18:19:20 +0000 (18:19 +0000)]
ustream-ssl: update to latest git HEAD

23a3f28 openssl, wolfssl: match mbedTLS ciphersuite list
450ada0 ustream-ssl: Revised security on mbedtls
34b0b80 ustream-ssl: add openssl-1.1.0 compatibility

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(backported from 33fd1d0d91fe6f0bb639a6fad0f681ba651f8254)

5 years agoimagebuilder: manifest function show stderr
Paul Spooren [Sun, 5 Aug 2018 03:17:29 +0000 (12:17 +0900)]
imagebuilder: manifest function show stderr

This really simplifies debugging, if a package is not found or a feed is
not reachable, a proper stderr is printed. Currently it would only say
`_call_manifest` failed.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(backported from ad5c2897ec054b80549e526ef639dd75548d4747)

5 years agoscripts: time.pl: avoid hard Time::HiRes dependency
Jo-Philipp Wich [Sun, 5 Aug 2018 10:24:01 +0000 (12:24 +0200)]
scripts: time.pl: avoid hard Time::HiRes dependency

Use Time::HiRes when available and fallback to raw syscall interface
when not. If that fails too, simply report 0, 0 as real time.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from a692e4e3de60e1a10906511fb8ef2d14937d4a19)

5 years agobuild: remove GNU time dependency
Jo-Philipp Wich [Sat, 4 Aug 2018 22:06:27 +0000 (00:06 +0200)]
build: remove GNU time dependency

Replace the GNU time program invocation with a simple Perl script reporting
the timing values. Since we require Perl anyway for the build system, we can
as well use that instead of requiring a random GNU utility rarely installed
by default.

Fixes: ff6e62b288 ("build: log time taken by each packages/steps")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from d3ddf6631e491a831617a5ae8b3d7924e47a275a)

5 years agoiwinfo: update to latest Git HEAD
Jo-Philipp Wich [Tue, 31 Jul 2018 18:39:13 +0000 (20:39 +0200)]
iwinfo: update to latest Git HEAD

a514139 build: compile with -ffunction-sections, -fdata-sections and LTO
3c30b17 wl: only invoke nvram executable if it exists
65b8333 Revert "build: compile with -ffunction-sections, -fdata-sections and LTO"

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from fdd6c556ab42d040efcc92a53149e3f8ec357f69)

5 years agowolfssl: disable broken shipped Job server macro
Jo-Philipp Wich [Thu, 23 Aug 2018 18:03:29 +0000 (20:03 +0200)]
wolfssl: disable broken shipped Job server macro

The AX_AM_JOBSERVER macro shipped with m4/ax_am_jobserver.m4 is broken on
plain POSIX shells due to the use of `let`.

Shells lacking `let` will fail to run the generated m4sh code and end up
invoking "make" with "-jyes" as argument, fialing the build.

Since there is no reason in the first place for some random package to
muck with the make job server settings and since we do not want it to
randomly override "-j" either, simply remove references to this defunct
macro to let the build succeed on platforms which not happen to use bash
as default shell.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from a27de701b0250b06302350d25dc514e1b488dc59)

5 years agowolfssl: remove myself as maintainer
Alexandru Ardelean [Mon, 30 Jul 2018 14:03:18 +0000 (17:03 +0300)]
wolfssl: remove myself as maintainer

I no longer have the time, nor the desire to maintain this package.
Remove myself as maintainer.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(backported from 20346a63f69bbb919ffdf29bc2e77496d01719e3)

5 years agoopenvpn-easy-rsa: update to 3.0.4
Luiz Angelo Daros de Luca [Tue, 27 Mar 2018 05:42:06 +0000 (02:42 -0300)]
openvpn-easy-rsa: update to 3.0.4

Upstream renamed openssl-1.0.cnf to openssl-easyrsa.cnf.
However, pkg kept using openssl-1.0.cnf.

Upstream easyrsa searchs for vars, openssl-*, x509-types in the
same directory as easyrsa script. This was patched to revert
back to static /etc/easy-rsa/ directory (as does OpenSUSE).
EASYRSA_PKI still depends on $PWD.

Move easyrsa from /usr/sbin to /usr/bin as root is not needed.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(backported from f1bef0596fd2a983386c778a94486782bd272e27)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agokernel: package x86-optimized crypto-misc modules
Daniel Gimpelevich [Sun, 21 Jan 2018 21:00:12 +0000 (13:00 -0800)]
kernel: package x86-optimized crypto-misc modules

Some of the modules in the crypto-misc package have alternate
implementations optimized for different x86 instruction set extensions,
but only one of these was built for this package until now: twofish-i586.ko

Tested with insmod, on both x86 and x86_64. The modules now have an
autoload, which they previous didn't, loading the dependencies in the
correct order.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
(backported from c762817c9211f439c5da6ea30b6ed828c9861c4f)

5 years agobase-files: do not add relevant sections & options except when ipv6 is support in...
Rosy Song [Sat, 4 Aug 2018 11:01:18 +0000 (19:01 +0800)]
base-files: do not add relevant sections & options except when ipv6 is support in kernel

Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 2b637e5ab8ae24ff4176930f259dce195983d7ea)

5 years agobase-files: sysupgrade: abort if config backup fails
Andreas Ziegler [Fri, 3 Aug 2018 23:56:39 +0000 (01:56 +0200)]
base-files: sysupgrade: abort if config backup fails

Sysupgrade shouldn't proceed, if the backup of the configuration
fails because tar (or gzip) exit with a non-zero code.

Signed-off-by: Andreas Ziegler <dev@andreas-ziegler.de>
(backported from 72489ebeb65fd1e1d77e8d9fbe105827a98dbf03)

5 years agobase-files: fix HOME_URL replace
Chen Minqiang [Thu, 2 Aug 2018 01:10:15 +0000 (09:10 +0800)]
base-files: fix HOME_URL replace

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
(backported from 33bce21bb0f3def5a2516384a8ae16f88b9b193e)

5 years agoinclude: add netdev family support for nftables
Rosy Song [Wed, 18 Jul 2018 07:42:56 +0000 (15:42 +0800)]
include: add netdev family support for nftables

Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from b4d4e4ceb56825033dd4c8e401e9250ae5042a99)

5 years agoncurses: install lib on host build
Andy Walsh [Thu, 26 Jul 2018 08:34:33 +0000 (10:34 +0200)]
ncurses: install lib on host build

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(backported from 1639ebcb061abb3664e0b80f62f0019e37fda68e)

5 years agoigmpproxy: drop SSDP packets
Dmitry Tunin [Sat, 28 Jul 2018 14:48:42 +0000 (17:48 +0300)]
igmpproxy: drop SSDP packets

It is insecure to let this type of packets inside
They can e.g. open ports on some other routers with UPnP, etc

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
(backported from c128371124ce4d197a5fbc00e42b58e9d82c571e)

5 years agoinclude/verbose.mk: Add sc to failure message
Daniel Engberg [Tue, 24 Jul 2018 09:09:17 +0000 (11:09 +0200)]
include/verbose.mk: Add sc to failure message

Add sc to build error message

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(backported from 0aaa65075508035bdf6c8fc8fa9a79b94dc5eadc)

5 years agoigmpproxy: add a silent logging option
Dmitry Tunin [Sat, 28 Jul 2018 14:06:28 +0000 (17:06 +0300)]
igmpproxy: add a silent logging option

[0-3](none, minimal[default], more, maximum)

It is not 100% backward compatible, because now 0 disables logging

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
(backported from 7a6b2badfa56cfd833d64f113398198f71fd896e)

5 years agobcm53xx: exit if writing kernel during sysupgrade fails
Rafał Miłecki [Mon, 18 Jun 2018 11:46:04 +0000 (13:46 +0200)]
bcm53xx: exit if writing kernel during sysupgrade fails

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(backported from 93cc44c433fed754bd76f8016a1660a6b932361e)

5 years agobrcm2708: Update brcm2708-gpu-fw package
Christo Nedev [Fri, 1 Jun 2018 14:23:21 +0000 (14:23 +0000)]
brcm2708: Update brcm2708-gpu-fw package

Problem - rapsberry pi 3 b/b+ does not boot with bcm2710 images!

How Raspberry Pi boots Actualy?

When Raspberry is switched on GPU is activated.
1. GPU execute First stage bootloader from ROM.
First stage bootloader mount the FAT boot partition on the SD card
and execute second stage bootloader (bootcode.bin).
2. Second stage bootloader (bootcode.bin) activate SDRAM.
Load the GPU firmware (start.elf).
3. GPU firmware (start.elf)
  a) display Rainbow splash.
  b) read firmware configuration file config.txt and
     split the RAM using fixup.dat.
  c) loads a cmdline.txt
  d) enables the CPU.
  e) loads the kernel image configurable via config.txt

In your target/linux/brcm2708/image/config.txt
 493 ## kernel (string)
 494 ##     Alternative name to use when loading kernel.
 495 ##
 496 #kernel=""
it is not configured!

But in your target/linux/brcm2708/image/Makefile
  75   KERNEL_IMG := kernel8.img
  76   DEVICE_TITLE := Raspberry Pi 3B/3B+
you have kernel8.img

GPU Firmware search order by default for a PI 3 is:
kernel8.img if found boot in 64 bit mode
kernel8-32.img if found boot in 32 bit mode
kernel7.img if found boot in 32 bit mode
kernel.img if found boot in 32 bit mode

But a PI 2 will start the search from kernel7.img and
a PI 1 only looks for kernel.img.

Оbviously the kernel has been found.
But something goes wrong and the device is restarted.

In your package/kernel/brcm2708-gpu-fw/Makefile
  11 PKG_NAME:=brcm2708-gpu-fw
  12 PKG_VERSION:=2017-08-08
  13 PKG_RELEASE:=e7ba7ab135f5a68b2c00a919ea9ac8d5528a5d5b
boot loader is 10 monts old.

In conclusion, the best way to solve the problem is
to update the boot loader!

Fixup_cd.dat and start_cd.elf files are not necessary.
These are used when GPU memory is set to 16 MB, which disables
some GPU features.
I did not remove them just in case!

cheers

Signed-off-by: Christo Nedev <christo.nedev@gmail.com>
(backported from c335649629e641209a3539209defffeea090ad8f)

5 years agokernel: don't auto attach ubi on read error
Mathias Kresin [Sun, 8 Jul 2018 21:18:15 +0000 (23:18 +0200)]
kernel: don't auto attach ubi on read error

With a10a204aab26cc ("kernel: make ubi auto-attach check for a tar file
magic") the check for the magic was added without considering a failing
mtd_read(). If the read fails, no check is done and the mount code is
called straight away.

Failing with an error message for such cases seems to me the cleaner way,
as it would allow to spot hidden/workaround issues.

Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from 3716b5e4e6374883c80e61021923733b14cdb011)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agokernel: handle bad blocks in ubi auto attach code
Mathias Kresin [Sat, 7 Jul 2018 23:47:28 +0000 (01:47 +0200)]
kernel: handle bad blocks in ubi auto attach code

The first block(s) of the ubi mtd device might be bad. We need to take
care on our own to skip the bad block(s) and read the next one(s).

Don't treat recoverable read errors as fatal and check for the UBI magic
if the data of a block could be recovered using ECC or similar.

Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from 0ac91d82ed4d077150db902eb12d383c2be44fb2)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>