aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* urng: add micro non-physical true RNG based on timing jitterPetr Štetiar2019-06-112-0/+65
| | | | | | | | | | | | | | | | | μrngd is OpenWrt's micro non-physical true random number generator based on timing jitter. Using the Jitter RNG core, the rngd provides an entropy source that feeds into the Linux /dev/random device if its entropy runs low. It updates the /dev/random entropy estimator such that the newly provided entropy unblocks /dev/random. The seeding of /dev/random also ensures that /dev/urandom benefits from entropy. Especially during boot time, when the entropy of Linux is low, the Jitter RNGd provides a source of sufficient entropy. Tested-by: Lucian Cristian <lucian.cristian@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* replace links towards lede-project.org with openwrt.orgAlexander Couzens2019-06-111-1/+1
| | | | | | | Modify VERSION_SUPPORT_URL VERSION_REPO Replace BUGS variable in toolchain/gcc/common.mk Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* config: add xfrm interface support scriptsAndré Valentin2019-06-102-0/+103
| | | | | | | | | | | | | | | | | | | | | | | | This package adds scripts for xfrm interfaces support. Example configuration via /etc/config/network: config interface 'xfrm0' option proto 'xfrm' option mtu '1300' option zone 'VPN' option tunlink 'wan' option ifid 30 config interface 'xfrm0_static' option proto 'static' option ifname '@xfrm0' option ip6addr 'fe80::1/64' option ipaddr '10.0.0.1/30' Now set in strongswan IPsec policy: if_id_in = 30 if_id_out = 30 Signed-off-by: André Valentin <avalentin@marcant.net>
* curl: update to 7.65.1Hans Dedecker2019-06-101-2/+2
| | | | | | For changes in 7.65.1; see https://curl.haxx.se/changes.html#7_65_1 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netsupport: add xfrmi interface supportAndré Valentin2019-06-091-0/+16
| | | | | | | | Add support for xfrm interfaces in kernel. XFRM interfaces are used by the IPsec stack for tunneling. XFRM interfaces are available since linux 4.19. Signed-off-by: André Valentin <avalentin@marcant.net>
* gpio-button-hotplug: gpio-keys: fix always missing first eventPetr Štetiar2019-06-091-9/+2
| | | | | | | | | | | | | Commit afc056d7dc83 ("gpio-button-hotplug: support interrupt properties") changed the gpio-keys interrupt handling logic in a way, that it always misses first event, which causes issues with rc.button scripts, so this patch restores the previous behaviour. Fixes: afc056d7dc83 ("gpio-button-hotplug: support interrupt properties") Reported-by: Kristian Evensen <kristian.evensen@gmail.com> Tested-by: Kuan-Yi Li <kyli.tw@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [drop state check]
* gpio-button-hotplug: fix wrong initial seen valuePetr Štetiar2019-06-091-0/+3
| | | | | | | | | | | | | | | Currently the generated event contains wrong seen value, when the button is pressed for the first time: rmmod gpio_button_hotplug; modprobe gpio_button_hotplug [ pressing the wps key immediately after modprobe ] gpio-keys: create event, name=wps, seen=1088, pressed=1 So this patch adds a check for this corner case and makes seen=0 if the button is pressed for the first time. Tested-by: Kuan-Yi Li <kyli.tw@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* gpio-button-hotplug: use pr_debug and pr_errPetr Štetiar2019-06-091-17/+6
| | | | | | | pr_debug can be used with dynamic debugging. Tested-by: Kuan-Yi Li <kyli.tw@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* dnsmasq: skip options that are not compiled inYousong Zhou2019-06-092-3/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is to make life easier for users with customized build of dnsmasq-full variant. Currently dnsmasq config generated by current service script will be rejected by dnsmasq build lacking DHCP feature - Options like --dhcp-leasefile have default values. Deleting them from uci config or setting them to empty value will make them take on default value in the end - Options like --dhcp-broadcast are output unconditionally Tackle this by - Check availablility of features from output of "dnsmasq --version" - Make a list of options guarded by HAVE_xx macros in src/options.c of dnsmasq source code - Ignore these options in xappend() Two things to note in this implementation - The option list is not exhaustive. Supposedly only those options that may cause dnsmasq to reject with "unsupported option (check that dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)" are taken into account here - This provides a way out but users' cooperation is still needed. E.g. option dnssec needs to be turned off, otherwise the service script will try to add --conf-file pointing to dnssec specific anchor file which dnsmasq lacking dnssec support will reject Resolves FS#2281 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* netifd: xfrm tunnel supportHans Dedecker2019-06-081-3/+3
| | | | | | 8c6358b netifd: add xfrm tunnel interface support Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* busybox: add ALTERNATIVES for brctlKonstantin Demin2019-06-081-1/+2
| | | | | | | | Busybox brctl applet conflicts with the version from bridge-utils. Fix this by using ALTERNATIVE support for brctl in busybox. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* iproute2: add tc action ctinfo supportKevin Darbyshire-Bryant2019-06-072-1/+595
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the userspace control portion of the backported kernelspace act_ctinfo. ctinfo is a tc action restoring data stored in conntrack marks to various fields. At present it has two independent modes of operation, restoration of DSCP into IPv4/v6 diffserv and restoration of conntrack marks into packet skb marks. It understands a number of parameters specific to this action in additional to the usual action syntax. Each operating mode is independent of the other so all options are optional, however not specifying at least one mode is a bit pointless. Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE] [CONTROL] [index <INDEX>] DSCP mode dscp enables copying of a DSCP stored in the conntrack mark into the ipv4/v6 diffserv field. The mask is a 32bit field and specifies where in the conntrack mark the DSCP value is located. It must be 6 contiguous bits long. eg. 0xfc000000 would restore the DSCP from the upper 6 bits of the conntrack mark. The DSCP copying may be optionally controlled by a statemask. The statemask is a 32bit field, usually with a single bit set and must not overlap the dscp mask. The DSCP restore operation will only take place if the corresponding bit/s in conntrack mark ANDed with the statemask yield a non zero result. eg. dscp 0xfc000000 0x01000000 would retrieve the DSCP from the top 6 bits, whilst using bit 25 as a flag to do so. Bit 26 is unused in this example. CPMARK mode cpmark enables copying of the conntrack mark to the packet skb mark. In this mode it is completely equivalent to the existing act_connmark action. Additional functionality is provided by the optional mask parameter, whereby the stored conntrack mark is logically ANDed with the cpmark mask before being stored into skb mark. This allows shared usage of the conntrack mark between applications. eg. cpmark 0x00ffffff would restore only the lower 24 bits of the conntrack mark, thus may be useful in the event that the upper 8 bits are used by the DSCP function. Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE] [CONTROL] [index <INDEX>] where : dscp MASK is the bitmask to restore DSCP STATEMASK is the bitmask to determine conditional restoring cpmark MASK mask applied to restored packet mark ZONE is the conntrack zone CONTROL := reclassify | pipe | drop | continue | ok | goto chain <CHAIN_INDEX> Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: backport act_ctinfoKevin Darbyshire-Bryant2019-06-061-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ctinfo is a new tc filter action module. It is designed to restore information contained in firewall conntrack marks to other packet fields and is typically used on packet ingress paths. At present it has two independent sub-functions or operating modes, DSCP restoration mode & skb mark restoration mode. The DSCP restore mode: This mode copies DSCP values that have been placed in the firewall conntrack mark back into the IPv4/v6 diffserv fields of relevant packets. The DSCP restoration is intended for use and has been found useful for restoring ingress classifications based on egress classifications across links that bleach or otherwise change DSCP, typically home ISP Internet links. Restoring DSCP on ingress on the WAN link allows qdiscs such as but by no means limited to CAKE to shape inbound packets according to policies that are easier to set & mark on egress. Ingress classification is traditionally a challenging task since iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT lookups, hence are unable to see internal IPv4 addresses as used on the typical home masquerading gateway. Thus marking the connection in some manner on egress for later restoration of classification on ingress is easier to implement. Parameters related to DSCP restore mode: dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the conntrack mark field contain the DSCP value to be restored. statemask - a 32 bit mask of (usually) 1 bit length, outside the area specified by dscpmask. This represents a conditional operation flag whereby the DSCP is only restored if the flag is set. This is useful to implement a 'one shot' iptables based classification where the 'complicated' iptables rules are only run once to classify the connection on initial (egress) packet and subsequent packets are all marked/restored with the same DSCP. A mask of zero disables the conditional behaviour ie. the conntrack mark DSCP bits are always restored to the ip diffserv field (assuming the conntrack entry is found & the skb is an ipv4/ipv6 type) e.g. dscpmask 0xfc000000 statemask 0x01000000 |----0xFC----conntrack mark----000000---| | Bits 31-26 | bit 25 | bit24 |~~~ Bit 0| | DSCP | unused | flag |unused | |-----------------------0x01---000000---| | | | | ---| Conditional flag v only restore if set |-ip diffserv-| | 6 bits | |-------------| The skb mark restore mode (cpmark): This mode copies the firewall conntrack mark to the skb's mark field. It is completely the functional equivalent of the existing act_connmark action with the additional feature of being able to apply a mask to the restored value. Parameters related to skb mark restore mode: mask - a 32 bit mask applied to the firewall conntrack mark to mask out bits unwanted for restoration. This can be useful where the conntrack mark is being used for different purposes by different applications. If not specified and by default the whole mark field is copied (i.e. default mask of 0xffffffff) e.g. mask 0x00ffffff to mask out the top 8 bits being used by the aforementioned DSCP restore mode. |----0x00----conntrack mark----ffffff---| | Bits 31-24 | | | DSCP & flag| some value here | |---------------------------------------| | | v |------------skb mark-------------------| | | | | zeroed | | |---------------------------------------| Overall parameters: zone - conntrack zone control - action related control (reclassify | pipe | drop | continue | ok | goto chain <CHAIN_INDEX>) Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com> Acked-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Make suitable adjustments for backporting to 4.14 & 4.19 and add to SCHED_MODULES_FILTER Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* layerscape: fix u-boot bootcmdBiwen Li2019-06-063-0/+84
| | | | | | | | | | | Current latest LSDK-19.03 u-boot had a bug that bootcmd environment was always been reset when u-boot started up. This was found on boards with spi NOR boot. Before the proper fix-up is applied, we have to use a workaround to hard code the bootcmd for OpenWrt booting for now. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: drop ppa packageYangbo Lu2019-06-061-84/+0
| | | | | | Drop ppa package since TF-A is used instead. Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: convert to use TF-A for firmwareBiwen Li2019-06-067-20/+20
| | | | | | | | | | This patch is to convert to use TF-A for firmware. - Use un-swapped rcw since swapping will be done in TF-A. - Use u-boot with TF-A defconfig. - Rework memory map for TF-A introduction. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: add ARM Trusted Firmware packageBiwen Li2019-06-061-0/+140
| | | | | | | Add TF-A packages for Layerscape to implement trusted firmware. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: add rcw packages for ls1043ardb/ls1046ardb SD bootBiwen Li2019-06-061-0/+12
| | | | | | | Add rcw packages for ls1043ardb/ls1046ardb SD boot. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: drop armv8_32b supportYangbo Lu2019-06-061-84/+0
| | | | | | | NXP LSDK has decided to drop armv8_32b support considering few users are using it. Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: update restool to LSDK 19.03Yangbo Lu2019-06-061-3/+3
| | | | | | Update restool to LSDK 19.03. Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: update u-boot to LSDK 19.03Biwen Li2019-06-061-3/+3
| | | | | | | Update u-boot to LSDK 19.03. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: update ppfe-firmware to LSDK 19.03Biwen Li2019-06-061-3/+3
| | | | | | | Update ppfe-firmware to LSDK 19.03. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: update ls-rcw to LSDK 19.03Biwen Li2019-06-061-3/+3
| | | | | | | Update ls-rcw to LSDK 19.03. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: update ls-mc to LSDK 19.03Biwen Li2019-06-061-5/+5
| | | | | | | Update to ls-mc to LSDK 19.03. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: update ls-dpl to LSDK 19.03Biwen Li2019-06-061-3/+3
| | | | | | | Update ls-dpl to LSDK 19.03. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* layerscape: update fman-ucode to LSDK 19.03Biwen Li2019-06-061-2/+2
| | | | | | | The source code was same from lsdk-1806 to lsdk-1903. Signed-off-by: Biwen Li <biwen.li@nxp.com> Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* kernel: add package for atusb wpan moduleSebastian Meiling2019-06-061-0/+11
| | | | | | | | This adds a new package for the kernel module of the ATUSB WPAN driver. Signed-off-by: Sebastian Meiling <s@mlng.net> [fixed SoB: and From: mismatch] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* Revert "kernel: backport act_ctinfo"Kevin Darbyshire-Bryant2019-06-061-9/+1
| | | | | | | | | | This reverts commit 7c50182e0cdce0366715082872a2afbcf208bbf8. Produces build error: Package kmod-sched is missing dependencies for the following libraries: nf_conntrack.ko Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* rpcd: fix init script reload actionJo-Philipp Wich2019-06-062-6/+3
| | | | | | | Drop the legacy start() and stop() procedures and define a proper reload signal action instead. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: backport act_ctinfoKevin Darbyshire-Bryant2019-06-061-1/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ctinfo is a new tc filter action module. It is designed to restore information contained in firewall conntrack marks to other packet fields and is typically used on packet ingress paths. At present it has two independent sub-functions or operating modes, DSCP restoration mode & skb mark restoration mode. The DSCP restore mode: This mode copies DSCP values that have been placed in the firewall conntrack mark back into the IPv4/v6 diffserv fields of relevant packets. The DSCP restoration is intended for use and has been found useful for restoring ingress classifications based on egress classifications across links that bleach or otherwise change DSCP, typically home ISP Internet links. Restoring DSCP on ingress on the WAN link allows qdiscs such as but by no means limited to CAKE to shape inbound packets according to policies that are easier to set & mark on egress. Ingress classification is traditionally a challenging task since iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT lookups, hence are unable to see internal IPv4 addresses as used on the typical home masquerading gateway. Thus marking the connection in some manner on egress for later restoration of classification on ingress is easier to implement. Parameters related to DSCP restore mode: dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the conntrack mark field contain the DSCP value to be restored. statemask - a 32 bit mask of (usually) 1 bit length, outside the area specified by dscpmask. This represents a conditional operation flag whereby the DSCP is only restored if the flag is set. This is useful to implement a 'one shot' iptables based classification where the 'complicated' iptables rules are only run once to classify the connection on initial (egress) packet and subsequent packets are all marked/restored with the same DSCP. A mask of zero disables the conditional behaviour ie. the conntrack mark DSCP bits are always restored to the ip diffserv field (assuming the conntrack entry is found & the skb is an ipv4/ipv6 type) e.g. dscpmask 0xfc000000 statemask 0x01000000 |----0xFC----conntrack mark----000000---| | Bits 31-26 | bit 25 | bit24 |~~~ Bit 0| | DSCP | unused | flag |unused | |-----------------------0x01---000000---| | | | | ---| Conditional flag v only restore if set |-ip diffserv-| | 6 bits | |-------------| The skb mark restore mode (cpmark): This mode copies the firewall conntrack mark to the skb's mark field. It is completely the functional equivalent of the existing act_connmark action with the additional feature of being able to apply a mask to the restored value. Parameters related to skb mark restore mode: mask - a 32 bit mask applied to the firewall conntrack mark to mask out bits unwanted for restoration. This can be useful where the conntrack mark is being used for different purposes by different applications. If not specified and by default the whole mark field is copied (i.e. default mask of 0xffffffff) e.g. mask 0x00ffffff to mask out the top 8 bits being used by the aforementioned DSCP restore mode. |----0x00----conntrack mark----ffffff---| | Bits 31-24 | | | DSCP & flag| some value here | |---------------------------------------| | | v |------------skb mark-------------------| | | | | zeroed | | |---------------------------------------| Overall parameters: zone - conntrack zone control - action related control (reclassify | pipe | drop | continue | ok | goto chain <CHAIN_INDEX>) Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com> Acked-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Make suitable adjustments for backporting to 4.14 & 4.19 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* rpcd: update to the latest git headPetr Štetiar2019-06-061-3/+3
| | | | | | | 89bfaa424606 Fix possible linker errors by using CMake find_library macro 569284a119f9 session: handle NULL return values of crypt() Signed-off-by: Petr Štetiar <ynezz@true.cz>
* libunwind: bump to version 1.3.1Yousong Zhou2019-06-052-16/+6
| | | | | | | | | | | | | | | Libunwind provides a sigreturn stub for x86 in version 1.2 [1]. However the arch still depends on setcontext() which is unavailable in musl-libc and which is supposed to be "deprecated everywhere" [2] [1] x86 sigreturn unimplemented for some libcs, https://github.com/libunwind/libunwind/issues/13 [2] setcontext deprecated on x86, https://github.com/libunwind/libunwind/issues/69 Refs: https://github.com/openwrt/packages/issues/8548#issuecomment-497791552 Reported-by: Rosen Penev <rosenp@gmail.com> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* wireguard: bump to 0.0.20190601Jason A. Donenfeld2019-06-011-2/+2
| | | | | | | | | | | | | | There was an issue with the backport compat layer in yesterday's snapshot, causing issues on certain (mostly Atom) Intel chips on kernels older than 4.2, due to the use of xgetbv without checking cpu flags for xsave support. This manifested itself simply at module load time. Indeed it's somewhat tricky to support 33 different kernel versions (3.10+), plus weird distro frankenkernels. If OpenWRT doesn't support < 4.2, you probably don't need to apply this. But it also can't hurt, and probably best to stay updated. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wireguard: bump to 0.0.20190531Jason A. Donenfeld2019-05-311-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * tools: add wincompat layer to wg(8) Consistent with a lot of the Windows work we've been doing this last cycle, wg(8) now supports the WireGuard for Windows app by talking through a named pipe. You can compile this as `PLATFORM=windows make -C src/tools` with mingw. Because programming things for Windows is pretty ugly, we've done this via a separate standalone wincompat layer, so that we don't pollute our pretty *nix utility. * compat: udp_tunnel: force cast sk_data_ready This is a hack to work around broken Android kernel wrapper scripts. * wg-quick: freebsd: workaround SIOCGIFSTATUS race in FreeBSD kernel FreeBSD had a number of kernel race conditions, some of which we can vaguely work around. These are in the process of being fixed upstream, but probably people won't update for a while. * wg-quick: make darwin and freebsd path search strict like linux Correctness. * socket: set ignore_df=1 on xmit This was intended from early on but didn't work on IPv6 without the ignore_df flag. It allows sending fragments over IPv6. * qemu: use newer iproute2 and kernel * qemu: build iproute2 with libmnl support * qemu: do not check for alignment with ubsan The QEMU build system has been improved to compile newer versions. Linking against libmnl gives us better error messages. As well, enabling the alignment check on x86 UBSAN isn't realistic. * wg-quick: look up existing routes properly * wg-quick: specify protocol to ip(8), because of inconsistencies The route inclusion check was wrong prior, and Linux 5.1 made it break entirely. This makes a better invocation of `ip route show match`. * netlink: use new strict length types in policy for 5.2 * kbuild: account for recent upstream changes * zinc: arm64: use cpu_get_elf_hwcap accessor for 5.2 The usual churn of changes required for the upcoming 5.2. * timers: add jitter on ack failure reinitiation Correctness tweak in the timer system. * blake2s,chacha: latency tweak * blake2s: shorten ssse3 loop In every odd-numbered round, instead of operating over the state x00 x01 x02 x03 x05 x06 x07 x04 x10 x11 x08 x09 x15 x12 x13 x14 we operate over the rotated state x03 x00 x01 x02 x04 x05 x06 x07 x09 x10 x11 x08 x14 x15 x12 x13 The advantage here is that this requires no changes to the 'x04 x05 x06 x07' row, which is in the critical path. This results in a noticeable latency improvement of roughly R cycles, for R diagonal rounds in the primitive. As well, the blake2s AVX implementation is now SSSE3 and considerably shorter. * tools: allow setting WG_ENDPOINT_RESOLUTION_RETRIES System integrators can now specify things like WG_ENDPOINT_RESOLUTION_RETRIES=infinity when building wg(8)-based init scripts and services, or 0, or any other integer. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* openssl: update to version 1.1.1cEneas U de Queiroz2019-05-312-34/+3
| | | | | | | | | | | Highlights of this version: - Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543) - Fix OPENSSL_config bug (patch removed) - Change the default RSA, DSA and DH size to 2048 bit instead of 1024. - Enable SHA3 pre-hashing for ECDSA and DSA Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [DMARC removal]
* gpio-button-hotplug: support interrupt propertiesChristian Lamparter2019-05-311-21/+93
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upstream Linux's input gpio-keys driver supports specifying a external interrupt for a gpio via the 'interrupts' properties as well as having support for software debounce. This patch ports these features to OpenWrt's event version. Only the "pure" interrupt-driven support is left behind, since this goes a bit against the "gpio" in the "gpio-keys" and I don't have a real device to test this with. This patch also silences the generated warnings showing up since 4.14 due to the 'constification' of the struct gpio_keys_button *buttons variable in the upstream struct gpio_keys_platform_data declaration. gpio-button-hotplug.c: In function 'gpio_keys_get_devtree_pdata': gpio-button-hotplug.c:392:10: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] button = &pdata->buttons[i++]; ^ gpio-button-hotplug.c: In function 'gpio_keys_button_probe': gpio-button-hotplug.c:537:12: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] bdata->b = &pdata->buttons[i]; ^ gpio-button-hotplug.c: In function 'gpio_keys_probe': gpio-button-hotplug.c:563:37: warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] struct gpio_keys_button *button = &pdata->buttons[i]; ^ Acked-by: Petr Štetiar <ynezz@true.cz> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ppp: add config options to tune discovery timeout and attemptsHans Dedecker2019-05-312-1/+8
| | | | | | | | | | | Upstream PPP project has added in commit 8e77984 options to tune discovery timeout and attempts in the rp-pppoe plugin. Expose these options in the uci datamodel for pppoe: padi_attempts: Number of discovery attempts padi_timeout: Initial timeout for discovery packets in seconds Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ppp: update to version 2.4.7.git-2019-05-25Hans Dedecker2019-05-311-3/+3
| | | | | | 8e77984 rp-pppoe plugin: Add options to tune discovery timeout and number of attempts Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* gre: introduce 'nohostroute' optionFabian Bläse2019-05-312-5/+11
| | | | | | | | | | | It is not always necessary to add a host route for the gre peer address. This introduces a new config option 'nohostroute' (similar to the option introduced for wireguard in d8e2e19) to allow to disable the creation of those routes explicitely. Signed-off-by: Fabian Bläse <fabian@blaese.de> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* uclient: bump to version 2019-05-30Yousong Zhou2019-05-301-3/+3
| | | | | | | | This version bump contains the following commit to fix FS#2222 3b3e368 uclient-http: set data_eof when content-length is 0 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* libunwind: requires glibc if arch in powerpcYousong Zhou2019-05-301-1/+1
| | | | | | | | | | | | | | libunwind for powerpc depends on getcontext() from libc which musl-libc does not provide because this API and its friends are supposed to be "obsolescent" [1,2] [1] Subject: Re: setcontext/getcontext/makecontext missing? https://www.openwall.com/lists/musl/2016/02/04/5 [2] http://pubs.opengroup.org/onlinepubs/009695399/functions/makecontext.html Refs: https://github.com/openwrt/packages/issues/8548#issuecomment-497200058 Reported-by: Rosen Penev <rosenp@gmail.com> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* at91:renaming subtraget legacy to sam9xSandeep Sheriker M2019-05-301-2/+2
| | | | | | renaming subtraget legacy to sam9x for adding new sam9 soc's Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
* at91: Merge SAMA5 subtargetsHauke Mehrtens2019-05-302-24/+24
| | | | | | | | | Instead of maintaining 3 very similar subtargets merge them into one. This does not use the Arm NEON extension any more, because the SAMA5D3 does not support NEON. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Tested-by: Sandeep Sheriker <sandeepsheriker.mallikarjun@microchip.com>
* gpio-button-hotplug: add KEY_POWER2 handlingAlan Swanson2019-05-301-0/+1
| | | | | | | | | | | | | | | | For devices such as BTHOMEHUBV5A with both reset and restart buttons, its easily accessible restart button has been assigned to KEY_POWER power script to poweroff preventing accidental (or malicious) factory resets by KEY_RESTART reset script. However an easily accessible button immediately powering off the device is also undesirable. As KEY_RESTART is already used for reset script (and there's no KEY_REBOOT in Linux input events), use KEY_POWER2 for rebooting via new reboot script with 5 second seen delay. Fixes: FS#1965 Signed-off-by: Alan Swanson <reiver@improbability.net> Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
* button-hotplug: add KEY_POWER2 handlingAlan Swanson2019-05-301-0/+1
| | | | | | | | | | | | | | | | For devices such as BTHOMEHUBV5A with both reset and restart buttons, its easily accessible restart button has been assigned to KEY_POWER power script to poweroff preventing accidental (or malicious) factory resets by KEY_RESTART reset script. However an easily accessible button immediately powering off the device is also undesirable. As KEY_RESTART is already used for reset script (and there's no KEY_REBOOT in Linux input events), use KEY_POWER2 for rebooting via new reboot script with 5 second seen delay. Fixes: FS#1965 Signed-off-by: Alan Swanson <reiver@improbability.net> Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
* base-files: add reboot only button handlerAlan Swanson2019-05-301-0/+12
| | | | | | | | | | | | For devices such as BTHOMEHUBV5A with both reset and restart buttons, its easily accessible restart button has been assigned to KEY_POWER power script to poweroff preventing accidental (or malicious) factory resets by KEY_RESTART reset script. However an easily accessible button immediately powering off the device is also undesirable. Fixes: FS#1965 Signed-off-by: Alan Swanson <reiver@improbability.net> Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
* procd: update to latest git HEADPetr Štetiar2019-05-301-3/+3
| | | | | | | ade00ca585a4 container: fix .dockerenv stat check 385b904b2f0a hotplug: improve error message during group ownership change Signed-off-by: Petr Štetiar <ynezz@true.cz>
* procd: update to latest git HEADPaul Spooren2019-05-291-3/+3
| | | | | | 7f0f6b2 procd: add docker support Signed-off-by: Paul Spooren <mail@aparcar.org>
* busybox: fix: ip addr flush hangs when run by non-root userMikael Magnusson2019-05-282-1/+215
| | | | | | | | | | | | | Add upstream patch from: https://git.busybox.net/busybox/commit/?id=028c5aa18b5273c029f0278232d922ee1a164de6 The patch fixes a problem with an infinite loop causing 100% CPU usage when running the following command /lib/preinit/10_indicate_preinit without the CAP_NET_ADMIN capability (such as in Docker): ip -4 address flush dev $pi_ifname Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patch]
* netifd: fix missing ip rules after network reload (FS#2296)Hans Dedecker2019-05-281-3/+3
| | | | | | beb810d iprule: fix missing ip rules after a reload (FS#2296) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>