aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* sunxi: build image/uboot for the NanoPi NEO2Jasper Scholte2018-09-222-0/+19
| | | | | | | | The NanoPi NEO2 is a small Allwinner H5 based board available with different DRAM configurations. This board is very similar to the NanoPi NEO PLUS2 Signed-off-by: Jasper Scholte <NightNL@outlook.com>
* kernel: generic: Fix nftables inet table breakageBrett Mastbergen2018-09-2231-42/+1230
| | | | | | | | | | | | | | | | | | | | | | | | | | Commit b7265c59ab7d ("kernel: backport a series of netfilter cleanup patches to 4.14") added patch 302-netfilter-nf_tables_inet-don-t-use- multihook-infrast.patch. That patch switches the netfilter core in the kernel to use the new native NFPROTO_INET support. Unfortunately, the new native NFPROTO_INET support does not exist in 4.14 and was not backported along with this patchset. As such, nftables inet tables never see any traffic. As an example the following nft counter rule should increment for every packet coming into the box, but never will: nft add table inet foo nft add chain inet foo bar { type filter hook input priority 0\; } nft add rule inet foo bar counter This commit pulls in the required backport patches to add the new native NFPROTO_INET support, and thus restore nftables inet table functionality. Tested on Turris Omnia (mvebu) Fixes: b7265c59ab7d ("kernel: backport a series of netfilter cleanup ...") Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
* kernel: add Si7020 relative humidity/temperature sensor driverHartmut Knaack2018-09-221-0/+18
| | | | | | | Add support for the Silicon Labs Si7020 family of relative humidity and temperature sensors using the I2C bus. Signed-off-by: Hartmut Knaack <knaack.h@gmx.de>
* kernel: add TSL4531 ambient light sensor driverHartmut Knaack2018-09-221-0/+18
| | | | | | | Add support for the TAOS TSL4531x family of ambient light sensors using the I2C bus. Signed-off-by: Hartmut Knaack <knaack.h@gmx.de>
* ath79: Fix GL-AR300M USB triggerRobert Marko2018-09-221-1/+1
| | | | | | Correct a typo preventing USB trigger to work on AR300M. Signed-off-by: Robert Marko <robimarko@gmail.com>
* ar71xx: flag FritzBox 4020 buttons as active lowDavid Bauer2018-09-221-2/+2
| | | | | | | | | Buttons of AVM FritzBox 4020 are incorrectly flagged as active high. This was an oversight as RFKill button was working as expected even with incorrectly flagged GPIO. Signed-off-by: David Bauer <mail@david-bauer.net>
* ath79: flag FritzBox 4020 buttons as active lowDavid Bauer2018-09-221-2/+2
| | | | | | | | | Buttons of AVM FritzBox 4020 are incorrectly flagged as active high. This was an oversight as RFKill button was working as expected even with incorrectly flagged GPIO. Signed-off-by: David Bauer <mail@david-bauer.net>
* mbedtls: update to 2.13.0Magnus Kroken2018-09-221-2/+2
| | | | | | | | * Fixed a security issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing. * Several bugfixes. * Improvements for better support for DTLS on low-bandwidth, high latency networks with high packet loss. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* ath9k: add back support for using tx99 with active monitor interfacesFelix Fietkau2018-09-221-0/+96
| | | | | | Fixes controlling bitrate Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: fix tx queue allocation for active monitor interfacesFelix Fietkau2018-09-221-0/+26
| | | | | | Fixes a crash with drivers like ath9k Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mt76: fix tx power issue for mt76x2Felix Fietkau2018-09-221-3/+3
| | | | | | 6e1898d mt76x2: fix tx power configuration for VHT mcs 9 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: re-enable MIPS VDSOKevin Darbyshire-Bryant2018-09-221-23/+0
| | | | | | | | | | | | | | kernel upstream commit 9efcaa7c4afba5628f2650a76f69c798f47eeb18 to 4.14 itself a backport of 0f02cfbc3d9e413d450d8d0fd660077c23f67eff has resolved the cache line issues that led to us disabling VDSO by default on MIPS. Remove our force disable patch: pending-4.14/206-mips-disable-vdso.patch Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* elfutils: bump to 0.174Luiz Angelo Daros de Luca2018-09-212-533/+7
| | | | | | - Simplified musl patch with error.h concentrated into system.h Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* toolchain/musl: update to version 1.1.20Christian Lamparter2018-09-216-88/+32
| | | | | | | | | | | | | | | | | | | | | | | This release introduces the ability to replace/interpose the allocator (malloc) subject to certain restrictions, adds an experimental m68k port, and makes notable improvements to stdio (application-provided buffers), getaddrinfo (AI_ADDRCONFIG, support for IPv4-only kernel configurations), the dynamic linker (safety against dlopen of libraries using initial-exec TLS model, reclaiming unused memory on FDPIC archs, better dladdr results), and handling of default thread stack size (pthread_setattr_default_np now works more reliably). Many bugs have been fixed, including potentially dangerous regressions in iconv (only for new conversions to legacy encodings) and visibly incorrect behavior in printf on non-x86 archs (%a format with precision specifier), in getopt_long_only when short options are a prefix for a long option, in complex arc-trig/hyperbolic functions, in strftime and mktime (timezone-specific issues), and numerous less-obvious places. Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [altered commit msg a bit keeping it tight] Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.71Koen Vandeputte2018-09-2116-50/+50
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.128Koen Vandeputte2018-09-212-6/+6
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* dnsmasq: Change behavior when RD bit unset in queries.Kevin Darbyshire-Bryant2018-09-212-1/+55
| | | | | | | | | | | Backport upstream commit Change anti cache-snooping behaviour with queries with the recursion-desired bit unset. Instead to returning SERVFAIL, we now always forward, and never answer from the cache. This allows "dig +trace" command to work. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* mwlwifi: driver version to 10.3.8.0-20180920Jonathan Lancett2018-09-201-3/+3
| | | | | | Signed-off-by: Jonathan Lancett <j.lancett@ntlworld.com> [minor tweak to commit title] Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* ath9k: fix unloading the moduleFelix Fietkau2018-09-202-15/+10
| | | | | | | | | Registering a GPIO chip with the ath9k device as parent prevents unload, because the gpiochip core increases the module use count. Unfortunately, the only way to avoid this at the moment seems to be to register the GPIO chip without a parent device Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mdadm: Install /etc/config file as 600Rosen Penev2018-09-191-4/+5
| | | | | | | | | | | /etc/config/mdadm is only used by the init script which is ran as root. There is no need for it to be readable by anything else. Added PKG_CPE_ID for proper CVE tracking. Small reorganization for consistency between Makefiles. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* fstools: Install mount.hotplug and 10-fstab.defaults as 600Rosen Penev2018-09-191-4/+4
| | | | | | Both of these are used by programs that run as root and nothing else. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* usbmode: Update modeswitch data to 20170806Rosen Penev2018-09-191-5/+5
| | | | | | | Changed hotplug file to 600 as it is only read by procd, which runs as root. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* trelay: Install hotplug and config files as 600Rosen Penev2018-09-191-3/+3
| | | | | | | The hotplug file is ran by procd, which runs as root. The config file is used by the init script, which also runs as root. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* dropbear: Install /etc/config as 600Rosen Penev2018-09-191-3/+3
| | | | | | | | /etc/config/dropbear is used by the init script which only runs as root. Small whitespace change. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* lldpd: Install /etc/config file as 600Rosen Penev2018-09-191-6/+4
| | | | | | | | | | /etc/config/lldpd is only used by the init script, which only runs as root Adjusted homepage and download URLs to use HTTPS. -std=c99 is useful for GCC versions less than 6. Current OpenWrt uses 7. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* netifd: update to latest git HEADHans Dedecker2018-09-191-3/+3
| | | | | | 23941d7 system-linux: enable by default ignore encaplimit for ip6 tunnels Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* map: drop default encaplimit valueHans Dedecker2018-09-192-2/+2
| | | | | | | | | | | | | Setting encaplimit to a numerical value results into the value being included as tunnel encapsulation limit in the destination option header for tunneled packets. Several users have reported interop issues as not all ISPs support the destination option header containing the tunnel encapsulation limit resulting into broken map connectivity. Therefore drop the default encaplimit value for map tunnels so no destination option header is included by default. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ds-lite: drop default encaplimit valueHans Dedecker2018-09-192-2/+2
| | | | | | | | | | | | | Setting encaplimit to a numerical value results into the value being included as tunnel encapsulation limit in the destination option header for tunneled packets. Several users have reported interop issues as not all ISPs support the destination option header containing the tunnel encapsulation limit resulting into broken ds-lite connectivity. Therefore drop the default encaplimit value for ds-lite tunnels so no destination option header is included by default. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wireguard: bump to 0.0.20180918Jason A. Donenfeld2018-09-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * blake2s-x86_64: fix whitespace errors * crypto: do not use compound literals in selftests * crypto: make sure UML is properly disabled * kconfig: make NEON depend on CPU_V7 * poly1305: rename finish to final * chacha20: add constant for words in block * curve25519-x86_64: remove useless define * poly1305: precompute 5*r in init instead of blocks * chacha20-arm: swap scalar and neon functions * simd: add __must_check annotation * poly1305: do not require simd context for arch * chacha20-x86_64: cascade down implementations * crypto: pass simd by reference * chacha20-x86_64: don't activate simd for small blocks * poly1305-x86_64: don't activate simd for small blocks * crypto: do not use -include trick * crypto: turn Zinc into individual modules * chacha20poly1305: relax simd between sg chunks * chacha20-x86_64: more limited cascade * crypto: allow for disabling simd in zinc modules * poly1305-x86_64: show full struct for state * chacha20-x86_64: use correct cut off for avx512-vl * curve25519-arm: only compile if symbols will be used * chacha20poly1305: add __init to selftest helper functions * chacha20: add independent self test Tons of improvements all around the board to our cryptography library, including some performance boosts with how we handle SIMD for small packets. * send/receive: reduce number of sg entries This quells a powerpc stack usage warning. * global: remove non-essential inline annotations We now allow the compiler to determine whether or not to inline certain functions, while still manually choosing so for a few performance-critical sections. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* dnsmasq: Handle memory allocation failure in make_non_terminals()Kevin Darbyshire-Bryant2018-09-192-1/+46
| | | | | | | | Backport upstream commit: ea6cc33 Handle memory allocation failure in make_non_terminals() Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* ucert: work around short readMike McCormack2018-09-181-3/+3
| | | | | | | | | usign occasionally writes 16 characters then exits without writing a LF, leaving ucert hanging waiting for more input. Accept 16 characters or more rather than 17 to work around the short read. Signed-off-by: Mike McCormack <mike@atratus.org> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* kernel: bump 4.14 to 4.14.70Koen Vandeputte2018-09-1712-57/+116
| | | | | | | | | | | | | | | Refreshed all patches. Added new patch: - 192-Revert-ubifs-xattr-Don-t-operate-on-deleted-inodes.patch This fixes a bug introduced in upstream 4.14.68 which caused targets using ubifs to produce file-system errors on boot, rendering them useless. Compile-tested on: cns3xxx, imx6, x86_64 Runtime-tested on: cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.127Koen Vandeputte2018-09-177-17/+17
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 3.18 to 3.18.122Koen Vandeputte2018-09-171-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: adm5120 Runtime-tested on: none Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* uqmi: pass-through ipXtable to child interfacesDaniel Golle2018-09-152-2/+5
| | | | | | | | Allow setting specific routing tables via the ip4table and ip6table options also when ${ifname}_4 and ${ifname}_6 child interfaces are being created. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* tools/e2fsprogs: fix build with clangFelix Fietkau2018-09-151-0/+3
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iproute2: q_cake: Also print nonat, nowash and no-ack-filter keywordsKevin Darbyshire-Bryant2018-09-152-3/+7
| | | | | | | | Pull in latest upstream tweaks: Similar to the previous patch for no-split-gso, the negative keywords for 'nat', 'wash' and 'ack-filter' were not printed either. Add those as well. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* busybox: update to 1.29.3Hannu Nyman2018-09-151-2/+2
| | | | | | | | Update busybox to 1.29.3, minor bugfix release https://git.busybox.net/busybox/log/?h=1_29_3 Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* toolchain/glibc: update to latest 2.26 commitHans Dedecker2018-09-131-2/+2
| | | | | | | c5c90b480e Fix segfault in maybe_script_execute. 174709d879 pthread_cond_broadcast: Fix waiters-after-spinning case [BZ #23538] Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: enable ipv6 server mode only when it is supportedRosy Song2018-09-122-2/+2
| | | | Signed-off-by: Rosy Song <rosysong@rosinson.com>
* iproute2: q_cake: Add printing of no-split-gso optionKevin Darbyshire-Bryant2018-09-122-2/+4
| | | | | | | | When the GSO splitting was turned into dual split-gso/no-split-gso options, the printing of the latter was left out. Add that, so output is consistent with the options passed Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* mac80211: brcmfmac: backport CYW89342 support & fixes from 4.20Rafał Miłecki2018-09-124-0/+208
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* kmod-sched-cake: fix 6in4/gso performance issueKevin Darbyshire-Bryant2018-09-121-3/+3
| | | | | | | | Bump to latest upstream cake: Add workaround for wrong skb->mac_len values after splitting GSO Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* netifd: update to latest HEADFlorian Fainelli2018-09-111-3/+3
| | | | | | 0059335c5b60 CMakeList: Check that compiler supports -Wimplicit-fallthrough Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* tools/expat: fix docbook2man error on some systemsMarko Ratkaj2018-09-111-0/+3
| | | | | | | | On some systems (Gentoo) configure stage fails because of docbook2man working with SGML rather than with XML. We don't need xmlwf man pages so we disable this. Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
* wireguard: bump to 0.0.20180910Jason A. Donenfeld2018-09-111-2/+2
| | | | | | | | | | | | | | | | | | | | | | | * curve25519: arm: do not modify sp directly * compat: support neon.h on old kernels * compat: arch-namespace certain includes * compat: move simd.h from crypto to compat since it's going upstream This fixes a decent amount of compat breakage and thumb2-mode breakage introduced by our move to Zinc. * crypto: use CRYPTOGAMS license Rather than using code from OpenSSL, use code directly from AndyP. * poly1305: rewrite self tests from scratch * poly1305: switch to donna This makes our C Poly1305 implementation a bit more intensely tested and also faster, especially on 64-bit systems. It also sets the stage for moving to a HACL* implementation when that's ready. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* kernel: add missing symbolJohn Crispin2018-09-101-0/+1
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* base-files: /etc/services: add missing 'rpcbind' aliasAndy Walsh2018-09-101-2/+2
| | | | | | | | * add missing 'rpcbind' alias to /etc/services Allows rpcbind to open its 111 port and be reachable via lan, this is the default behaviour. Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* ramips: Fix early memory calculation for certain MIPS platformsTobias Wolf2018-09-101-0/+45
| | | | | | | | | Kernel upstream commit 67a3ba25aa95 ("MIPS: Fix incorrect mem=X@Y handling") introduced a new issue for rt288x where "PHYS_OFFSET" is 0x0 but the calculated "ramstart" is not. As the prerequisite of custom memory map has been removed, this results in the full memory range of 0x0 - 0x8000000 to be marked as reserved for this platform. This patch adds the originally intended prerequisite again. Signed-off-by: Tobias Wolf <dev-NTEO@vplace.de>
* ar71xx: Skip more hashed blocks for OM2P(-HS) 64k variantSven Eckelmann2018-09-101-1/+1
| | | | | | | | | | | | | | | | | | The OM2P(-HS)v4 got a variant which uses a slightly different flash. The standard versions used a flash with 256KB blocks which is no longer available. The replacement flash uses a flash with 64K blocks. The padding for the image rootfs is already for 64K and 256K and thus can be flashed on the device without any problems. Unfortunately, the bootloader will check $rootfs_size (rounded down to the nearest 64k block) minus 1x 64k. But it is now possible that the new JFFS2 rootfs_data starts even earlier and modifies the checked region. The check will then fail and the backup image (when available) will be booted. Just setting it to the same number of skipped blocks as other 64K models avoids this problem. Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>