aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* base-files: config_get: prevent filename globbingGünther Kelleter2019-01-302-2/+2
| | | | | | | | | | When config_get is called as "config_get section option" the option is unexpectedly globbed by the shell which differs from the way options are read to a variable with "config_get variable section option". Add another layer of double quotes to fix it. Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de> (backported from commit c3389ab135400fba0cb710d9c6c63df2f563d9d9)
* dnsmasq: backport missing braces fixJo-Philipp Wich2019-01-302-3/+6
| | | | | | | | Fold upstream fix d2d4990 ("Fix missing braces in 8eac67c0a15b673c8d27002c248651b308093e4") into the already existing static lease fix patch. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openssl: bump to 1.0.2qSven Roederer2019-01-301-2/+2
| | | | | | | | | | This fixes the following security problems: * CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication * CVE-2018-0734: Timing vulnerability in DSA signature generation * Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de> (cherry picked from commit 989060478ae270885727d91c25b9b52b0f33743c)
* dnsmasq: backport upstream static lease fixJo-Philipp Wich2019-01-302-1/+55
| | | | | | | Backport and rebase upstream fix 18eac67 ("Fix entries in /etc/hosts disabling static leases.") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* wireguard: bump to 0.0.20190123Jason A. Donenfeld2019-01-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * tools: curve25519: handle unaligned loads/stores safely This should fix sporadic crashes with `wg pubkey` on certain architectures. * netlink: auth socket changes against namespace of socket In WireGuard, the underlying UDP socket lives in the namespace where the interface was created and doesn't move if the interface is moved. This allows one to create the interface in some privileged place that has Internet access, and then move it into a container namespace that only has the WireGuard interface for egress. Consider the following situation: 1. Interface created in namespace A. Socket therefore lives in namespace A. 2. Interface moved to namespace B. Socket remains in namespace A. 3. Namespace B now has access to the interface and changes the listen port and/or fwmark of socket. Change is reflected in namespace A. This behavior is arguably _fine_ and perhaps even expected or acceptable. But there's also an argument to be made that B should have A's cred to do so. So, this patch adds a simple ns_capable check. * ratelimiter: build tests with !IPV6 Should reenable building in debug mode for systems without IPv6. * noise: replace getnstimeofday64 with ktime_get_real_ts64 * ratelimiter: totalram_pages is now a function * qemu: enable FP on MIPS Linux 5.0 support. * keygen-html: bring back pure javascript implementation Benoît Viguier has proofs that values will stay well within 2^53. We also have an improved carry function that's much simpler. Probably more constant time than emscripten's 64-bit integers. * contrib: introduce simple highlighter library This is the highlighter library being used in: - https://twitter.com/EdgeSecurity/status/1085294681003454465 - https://twitter.com/EdgeSecurity/status/1081953278248796165 It's included here as a contrib example, so that others can paste it into their own GUI clients for having the same strictly validating highlighting. * netlink: use __kernel_timespec for handshake time This readies us for Y2038. See https://lwn.net/Articles/776435/ for more info. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (cherry picked from commit bbcd0634f8c9769a336386f8df471231d24a27cc)
* wireguard: Update to snapshot 0.0.20181218Daniel Engberg2019-01-301-2/+2
| | | | | | | Update WireGuard to 0.0.20181218 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (cherry picked from commit 9a37c95431b5401c309b7731920daa964842bdee)
* mbedtls: update to 2.14.1 for 18.06Stijn Segers2019-01-304-29/+56
| | | | | | | | | | | | | | | | | | | | | | | Updates mbedtls to 2.14.1. This builds on the previous master commit 7849f74117ce83e4cfcd1448a22cc05dbf9b3486. Fixes in 2.13.0: * Fixed a security issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing. * Several bugfixes. * Improvements for better support for DTLS on low-bandwidth, high latency networks with high packet loss. Fixes in 2.14.1: * CVE-2018-19608: Local timing attack on RSA decryption Includes master commit 9e7c4702a1f4e49113d10bc736f50e8a06bdb8ba 'mbedtls: fix compilation on ARM < 6'. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> [Update to 2.14.1] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> [Adapted and squashed for 18.06.1+] Signed-off-by: Stijn Segers <foss@volatilesystems.org> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* uhttpd: disable concurrent requests by defaultJo-Philipp Wich2019-01-302-2/+2
| | | | | | | | | In order to avoid straining CPU and memory resources on lower end devices, avoid running multiple CGI requests in parallel. Ref: https://forum.openwrt.org/t/high-load-fix-on-openwrt-luci/29006 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit c6aa9ff38870a30dbe6da17e4edad6039fe10ddf)
* uboot-fritz4040: fix crash caused by interaction with gcc 7.1+Christian Lamparter2019-01-261-0/+137
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | David Bauer reported a u-boot crash (data abort) at a odd place (byteswap) when he ran ping/tftp on his 7530. |(FRITZ7530) # ping 192.168.1.70 |eth0 PHY0 up Speed :1000 Full duplex |eth0 PHY1 Down Speed :10 Half duplex |eth0 PHY2 Down Speed :10 Half duplex |eth0 PHY3 Down Speed :10 Half duplex |eth0 PHY4 Down Speed :10 Half duplex |Using eth0 device |data abort |pc : [<84234774>] lr : [<842351a4>] |sp : 8412fdb0 ip : 0000009b fp : 00000000 |r10: 00000000 r9 : 00000001 r8 : 8412ff68 |r7 : 00000000 r6 : 0000002a r5 : 84244e90 r4 : 8425e28e |r3 : 84244e90 r2 : 14000045 r1 : 8412fdb0 r0 : 8425e28e |Flags: nZCv IRQs off FIQs off Mode SVC_32 |Resetting CPU ... | |resetting ... This issue is caused by switch from gcc 5.5 to 7.1+ as explained in the upstream patch: |From a768e513b07b5999a8e7d7740ac8d9da04ee7e51 Mon Sep 17 00:00:00 2001 |From: Denis Pynkin <denis.pynkin@collabora.com> |Date: Fri, 21 Jul 2017 19:28:42 +0300 |Subject: [PATCH] net: Use packed structures for networking | |PXE boot is broken with GCC 7.1 due option '-fstore-merging' enabled |by default for '-O2': | |BOOTP broadcast 1 |data abort |pc : [<8ff8bb30>] lr : [<00004f1f>] |reloc pc : [<17832b30>] lr : [<878abf1f>] |sp : 8f558bc0 ip : 00000000 fp : 8ffef5a4 |r10: 8ffed248 r9 : 8f558ee0 r8 : 8ffef594 |r7 : 0000000e r6 : 8ffed700 r5 : 00000000 r4 : 8ffed74e |r3 : 00060101 r2 : 8ffed230 r1 : 8ffed706 r0 : 00000ddd |Flags: nzcv IRQs off FIQs off Mode S | |Core reason is usage of structures for network headers without packed |attribute. This patch just backports the upstream change to the uboot-fritz4040 package. Reported-by: David Bauer <mail@david-bauer.net> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* mt76: update to the latest versionFelix Fietkau2019-01-251-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | d273ddd mt7603: fix number of frames limit in .release_buffered_frames 63bf183 mt76: add channel switch announcement support e45db12 mt7603: fix tx status info 9d11596 mt7603: discard bogus tx status data 4bcb2f9 mt7603: fix txd q_idx field value 4206db7 mt76: set IEEE80211_HW_NEEDS_UNIQUE_STA_ADDR flag c4e4982 mt7603: set IEEE80211_HW_TX_STATUS_NO_AMPDU_LEN 702f557 mt7603: use maximum tx count for buffered multicast packets 158529d mt7603: fix PSE reset retry sequence fc31457 mt7603: implement support for SMPS 3e9a7d5 Revert "mt7603: fix txd q_idx field value" 815fd03 mt7603: fix CCA timing values b35cc8e mt7603: set timing on channel change before starting MAC 79b337c mt7603: move CF-End rate update to mt7603_mac_set_timing 3df341d mt7603: avoid redundant MAC timing updates 1c751f3 mt76: avoid scheduling tx queues for powersave stations 2efa389 mt7603: limit station power save queue length to 64 63a79ff mt76: do not report out-of-range rx nss fe30bd3 mt7603: issue PSE reset on tx hang ce8cc5d mt7603: issue PSE client reset on init e342cc5 mt7603: fix buffered multicast count register aa470d8 mt7603: fix buffered multicast queue flush b4ee01f mt76: fix tx status timeout processing 7d00d58 mt76x02: fix per-chain signal strength reporting 64abb35 mt76: fix corrupted software generated tx CCMP PN 0b939dc mt76: fix resetting software IV flag on key delete Signed-off-by: Felix Fietkau <nbd@nbd.name>
* opkg: update to latest Git headJo-Philipp Wich2019-01-221-4/+4
| | | | | | | | | | | | | | This update fixes some cosmetical issues and a number of segmentation faults when parsing lists having Conflicts or Replaces tags. d217daf libopkg: fix replacelist parsing and writing 9dd9a07 libopkg: fix segmentation fault when traversing conflicts 34571ba libopkg: consider provided packages in pkg_vec_mark_if_matches() 18740e6 opkg_download: print error when fork() fails e3d7330 libopkg: don't print unresolved dependencies twice Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 1bd18f2b5cbf1c9c384e9725eff7804decf88c90)
* opkg: drop argument from check_signature in opkg.confJonas Gorski2019-01-221-2/+2
| | | | | | | | | | | check_signature is a bool option and doesn't take any arguments. The presence of the 1 falsely suggests setting it to 0 disables the check, while the option actually needs to be removed or commented out to be disabled. So remove the argument to make it more clear. Fixes: beca028bd6bb ("build: add integration for managing opkg package feed keys") Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> (cherry picked from commit d3bf5ff9bc7b55b2a3dab93853b33a0cd2c4ca47)
* odhcpd: fix onlink IA check (FS#2060)Hans Dedecker2019-01-161-4/+4
| | | | | | | ae16950 dhcpv6-ia: fix compiler warning c70d5cf dhcpv6-ia: fix onlink IA check (FS#2060) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* kmod-sched-cake: bump to latest cakeKevin Darbyshire-Bryant2019-01-161-3/+3
| | | | | | | | | | | 331ac70 Correctly update parent qlen when splitting GSO packets 581967c Makefile: Hook into Kbuild/Kconfig infrastructure The parent qlen change is potentially relevant for us, the makefile is a no-op. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 55e0a7131a4b6e98d7cd623727f8ac5c4702b60d)
* mt76: update to the latest versionFelix Fietkau2019-01-141-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 6745830 mt76: fix race condition in station removal 7e5c819 mt76: add mt76_sta_remove helper 75aa36e mt7603: use wcid/wcid_mask from struct mt76_dev fd85ff9 mt7603: use mt76_sta_remove helper 0848d2d mt7603: simplify mt7603_mcu_msg_send, remove skb_ret handling 83a80ca mt76: request tx status for powersave released EOSP packet df5c797 mt76: fix uninitialized mutex access setting rts threshold 0bfa98e mt76: introduce mt76x02_config_mac_addr_list routine 4248446 mt76x0: pci: enable VHT rates in IBSS mode f75efd8 mt76x2u: phy: add TX_SHAPING calibration c1d67b4 mt76x2u: phy: run phy_channel_calibrate after channel switch 9fe0fe8 mt76x2u: main: use mt76x02_bss_info_changed utility routine 3fc95d7 mt76x2u: init: remove mt76x2u_init_beacon_offsets routine 88f6883 mt76: remove wait argument from mt76x02_mcu_calibrate 009ab91 mt76: clean up more unused EXPORT_SYMBOLs 963768d mt76x02: fix regression in tx station race condition fix d7788cc mt76: mt76x02: make group_wcid the first member in struct mt76x02_vif e65ad4c mt7603: make group_wcid the first member in struct mt7603_vif 7b1373e mt76: mt76x02: remove mt76x02_txq_init a97127b mt76: replace sta_add/remove ops with common sta_state function 13f1e82 mt7603: clear wtbl entry for removed stations 90e2c1b mt7603: add mt7603_wtbl_set_skip_tx, change mt7603_wtbl_set_ps users 41931e4 mt7603: toggle skip_tx on station add/remove d0fdf01 mt7603: avoid unnecessary wtbl writes for ps-filter 96b3b3d mt76x2u: main: fix typo setting sta_state mac80211 callback 471d397 mt7603: fix priority for buffered multicast packets 3873e82 mt7603: fix MT_BMAP_0/MT_GROUP_THD_0 register initializion for mt7628 749d5c3 mt7603: fix reserved page handling for mt7628 d22799b mt7603: reduce reserved pages for beacons 42c5281 mt7603: fix maximum frame size in scheduler init fa7335b mt76: fix potential NULL pointer dereference in mt76_stop_tx_queues 84aa12a mt76: fix potential null pointer deref in mt76_sta_add 7c4c33c mt7603: skip efuse tx power data for mt7628 ca2c875 mt7603: add support for accessing remapped registers via ops b44d793 mt7603: clear PSE redirections before MCU init 82363ab mt7603: move tx status to rx queue 0 c09e8a4 mt7603: fix buffering of tx packets for powersave clients 4734108 mt7603: use mt7603_wtbl_clear on station removal 9428e34 mt7603: fix watchdog reset sequence b3f82a3 mt7603: report PSE reset failures via debugfs a301dec mt7603: add back PSE client reset code 94cebfc mt7603: fix handling lost interrupt events during watchdog reset b38fe7d mt7603: only issue PSE reset on PSE stuck da666a7 mt7603: issue PSE reset if firmware debug register indicates stuck queues 5fb60a7 mt7603: fix aggregation size handling 31cd20e mt7603: issue PSE reset on stuck beacon 4063ae1 mt7603: check for PSE hang / stuck beacon first 00e03b9 mt7603: fix MT_WF_PHY_CR_RXTD_BASE definition c3efb5d mt7603: add support for detecting MT7688 and single stream devices 2a136cb mt7603: fix TKIP key setup cd456ca mt7603: disable broken support for WEP hardware encryption 3ecb7f8 mt7603: fix hardware queue assignment 6ac9653 mt7603: fix CAB queue limits d22feb0 mt7603: move cab queue enabling to pre-tbtt tasklet 44bb372 mt7603: fix CAB queue flush mask 5a5b396 mt76: throttle transmission of buffered multicast packets 8084323 mt7603: implement code for adjusting energy detect CCA thresholds 8929a6e mt7603: increase MCU timeout f2ba65f mt7603: update firmware to 20161027164355 0ad998b mt7603: increase aggregation limits (based on vendor driver changes) da00af0 mt7603: clear bit 18 in MT_SEC_SCR to fix ICV error 417ab77 mt7603: improve recovery from PSE reset failure fea7ad8 mt76: move mt76x02_phy_get_min_avg_rssi to mt76 core 9d009be mt7603: add dynamic sensitivity tuning based on false CCA events 2c8e9ac mt7603: initialize channel maximum power from eeprom data b2cc29b mt76: move mt76x02_get_txpower to mt76 core 6203d46 mt7603: add support for setting transmit power 294e095 mt7603: reset DMA scheduler on MT7628 8178f0d mt7603: apply efuse data only when it exists e67e551 mt76: dma: remove napi from mt76_dma_rx_fill signature 0490bd2 mt76: usb: do not build the skb if reported len does not fit in buf_size eb076ae mt76: Add missing include of linux/module.h 1d2819e mt76: fix typo in mt76x02_check_mac_err routine 9c9fae3 mt76: mac: run mt76x02_mac_work routine atomically 6be90b6 mt76: usb: avoid queue/status spinlocks while passing tx status to mac80211 40dad32 mt76x0: pci: fix ACS support d94e9c4 mt76x02: do not set protection on set_rts_threshold callback 0d83d73 mt76x02: fixup MT_PROT_RATE_* defines 628f8d7 mt76x02: set protection according to ht operation element f7d8c17 mt76x0: configure MT_VHT_HT_FBK_CFG1 10f57cf mt76x2: add static qualifier to mt76x2_init_hardware 37b2ad3 mt76: dfs: run mt76x02_dfs_set_domain atomically 51b6daf mt76x2: init: set default value for MT_TX_LINK_CFG 9661da4 mt76: add energy detect CCA support to mt76x{0,2}e drivers 876d0e9 mt76: mac: minor optimizations in mt76x02_mac_tx_rate_val c78e317 mt76: dma: do not build skb if reported len does not fit in buf_size 3598046 mt76: mmio: introduce mt76x02_check_tx_hang watchdog 58988a3 mt76: fix signedness of rx status signal field bce700d mt7603: fix signal strength reporting on single-stream devices 148219d mt7603: fix checkpatch issues 2a092e2 mt7603: fix per-rate retry accounting 962152b mt7603: fix WMM TXOP limit configuration 24ec040 mt7603: fix BSSID configuration in AP mode 48fb011 mt7603: fix CF-End transmit rate when 11b stations are connected 9daa5ff mt76: make const array 'data' static, shrinks object size 7d4a95c mt76: dma: avoid indirect call in mt76_dma_tx_queue_skb f84b008 mt76: fix tx status reporting for non-probing frames 8167074 Revert "mt7603: update firmware to 20161027164355" 2ad54b2 mt76: move wcid rssi ewma init to mt76 core d77c861 mt76: fix rssi ewma tracking eca96cd mt76: use proper name for __MT76x02_H macro d1bc504 mt76: fix building without CONFIG_LEDS_CLASS a946b78 mt76: add led support to mt76x0e driver Signed-off-by: Felix Fietkau <nbd@nbd.name>
* fstools: update to the latest master branchRafał Miłecki2019-01-101-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a big block(d) cleanup with new feature of generating "mount" hotplug.d events. It's an important update for those who were using mountd in the pre-18.06 releases. Due to the mountd being replaced with blockd a support for "mountd" hotplug.d events has been lost. It broke all kind of shell scripts that were e.g. managing services depending on an external USB drive availability. This basically (re-)adds support for calling /etc/hotplug.d/mount/ scripts with ACTION ("add" or "remove") and DEVICE set. af93f4b block(d): improve hotplug.d "mount" events for the autofs 3bb3352 blockd: unmount device explicitly when it disappears 28753b3 block: remove target directory after unmounting c8c7ca5 block: cleanup handling "start" action of the "autofs" command f1bb762 block: make blockd_notify() return an int instead of void 71c2bde block: generate hotplug.d mount events 30f5096 block: validate amount of arguments for the "autofs" command dc6a462 blockd: don't reparse blob msg in the vlist callbacks f6a9686 blockd: don't unmount device when removing it from the list 1913fea block: don't duplicate unmounting code in the mount_action() 6b445fa block: make umount_device() function more generic a778468 block: don't duplicate mounting code in the mount_device() 5dc631d block: simplify code picking mount target directory 2971779 block: move blockd_notify() call out of the conditional blocks b86bd6e block: fix formatting & indent in the mount_device() e12c0d6 fstools: use EXIT_FAILURE when indicating error on exit 091aa3d fstools: guard usage of WEXITSTATUS Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 5c4277ec376541b10f1acbea734aa29900eb5722)
* fstools: update to git HEADHans Dedecker2019-01-101-3/+3
| | | | | | | 29e53af fstools: add ntfs support Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 59db98d0f216b2de1472bcde0d87ae871625052c)
* fstools: filter unknown action in mount.hotplug scriptRosy Song2019-01-102-2/+2
| | | | | Signed-off-by: Rosy Song <rosysong@rosinson.com> (cherry picked from commit 0fa1dd71ccf5456e1a55dd492e9a42d9b71185ba)
* fstools: Install mount.hotplug and 10-fstab.defaults as 600Rosen Penev2019-01-101-3/+3
| | | | | | | | | Both of these are used by programs that run as root and nothing else. Signed-off-by: Rosen Penev <rosenp@gmail.com> [rmilecki: dropped PKG_SOURCE_URL regression from the original patch] Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 4ad87744fa83e2f75fd4f6e9a46f106aaf7ee2dc)
* base-files: install missing /etc/iproute2/ematch_mapTony Ambardar2019-01-081-0/+8
| | | | | | | | | This file is needed to properly use the tc ematch modules present in kmod-sched-core and kmod-sched. It is a read-only index file of ematch methods used only by tc. Signed-off-by: Tony Ambardar <itugrok@yahoo.com> [cherry picked from commit 10a2ccb7fceef3a6dea4ece14e6141a807292d5f]
* mac80211: brcmfmac: backport firmware loading changes & fix memory bugsRafał Miłecki2019-01-088-15/+620
| | | | | | | | | | | | | | | | This pick most of brcmfmac changes backported into the master in commits 5932eb690f24 ("mac80211: brcmfmac: backport firmware loading cleanup") 3eab6b8275b2 ("mac80211: brcmfmac: backport NVRAM loading improvements") 529c95cc15dc ("mac80211: brcmfmac: fix use-after-free & possible NULL pointer dereference") It's more than would be normally backported into a stable branch but it seems required. Firmware loading cleanups are needed to allow fix memory bugs in a reliable way. Memory fixes are really important to avoid corrupting memory and risking a NULL pointer dereference. Hopefully this stuff has received enough testing in the master. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* odhcpd: noop to fix PKG_SOURCE_DATEHans Dedecker2019-01-051-1/+1
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: filter routes based on prefix_filterHans Dedecker2019-01-041-4/+4
| | | | | | 96694ab router: filter route information option Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: backport prefix filter/NETEV_ADDR6LIST_CHANGE event fixesHans Dedecker2018-12-311-4/+4
| | | | | | | | d404c7e netlink: fix triggering of NETEV_ADDR6LIST_CHANGE event ae6cf80 config: correctly break string for prefix filter Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 493c1d17663dbfdaf23304994e71280400493fc2)
* ath10k: update QCA4019 firmwareMassimo Tum2018-12-271-1/+1
| | | | | | | Update firmware for QCA4019 also for 18.06 branch. https://github.com/openwrt/openwrt/pull/1138 Signed-off-by: Massimo Tum <masnia@tiscali.it>
* brcm2708-gpu-fw: update to git HEADStijn Tintel2018-12-271-7/+7
| | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 42ca32ad2ffc2fcd22878173eba011962d369c50)
* dropbear: fix dropbear startup issueHans Dedecker2018-12-212-2/+10
| | | | | | | | | | | | | | | Interface triggers are installed by the dropbear init script in case an interface is configured for a given dropbear uci section. As dropbear is started after network the interface trigger event can be missed during a small window; this is especially the case if lan is specified as interface. Fix this by starting dropbear before network so no interface trigger is missed. As dropbear is started earlier than netifd add a boot function to avoid the usage of network.sh functions as call to such functions will fail at boottime. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Acked-by: Jo-Philipp Wich <jo@mein.io>
* wireguard: bump to 0.0.20181119Jason A. Donenfeld2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | * chacha20,poly1305: fix up for win64 * poly1305: only export neon symbols when in use * poly1305: cleanup leftover debugging changes * crypto: resolve target prefix on buggy kernels * chacha20,poly1305: don't do compiler testing in generator and remove xor helper * crypto: better path resolution and more specific generated .S * poly1305: make frame pointers for auxiliary calls * chacha20,poly1305: do not use xlate This should fix up the various build errors, warnings, and insertion errors introduced by the previous snapshot, where we added some significant refactoring. In short, we're trying to port to using Andy Polyakov's original perlasm files, and this means quite a lot of work to re-do that had stableized in our old .S. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (backported from 48d8d46d331cd866ad5717cc5b090223a1856a4a)
* wireguard: bump to 0.0.20181115Jason A. Donenfeld2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Zinc no longer ships generated assembly code. Rather, we now bundle in the original perlasm generator for it. The primary purpose of this snapshot is to get testing of this. * Clarify the peer removal logic and make lifetimes more precise. * Use READ_ONCE for is_valid and is_dead. * No need to use atomic when the recounter is mutex protected. * Fix up macros and annotations in allowedips. * Increment drop counter when staged packets are dropped. * Use static constants instead of enums for 64-bit values in selftest. * Mark large constants as ULL in poly1305-donna64. * Fix sparse warnings in allowedips debugging code. * Do not use wg_peer_get_maybe_zero in timer callbacks, since we now can carefully control the lifetime of these functions and ensure they never execute after dropping the last reference. * Cleanup hashing in ratelimiter. * Do not guard timer removals, since del_timer is always okay. * We now check for PM_AUTOSLEEP, which makes the clear*on-suspend decision a bit more general. * Set csum_level to ~0, since the poly1305 authenticator certainly means that no data was modified in transit. * Use CHECKSUM_PARTIAL check for skb_checksum_help instead of skb_checksum_setup check. * wg.8: specify that wg(8) shows runtime info too * wg.8: AllowedIPs isn't actually required * keygen-html: add missing glue macro * wg-quick: android: do not choke on empty allowed-ips Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (backported from bf52c968e863768494e79731550c62610dd3cf78)
* wireguard: bump to 0.0.20181018Jason A. Donenfeld2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | ba2ab5d version: bump snapshot 5f59c76 tools: wg-quick: wait for interface to disappear on freebsd ac7e7a3 tools: don't fail if a netlink interface dump is inconsistent 8432585 main: get rid of unloaded debug message 139e57c tools: compile on gnu99 d65817c tools: use libc's endianness macro if no compiler macro f985de2 global: give if statements brackets and other cleanups b3a5d8a main: change module description 296d505 device: use textual error labels always 8bde328 allowedips: swap endianness early on a650d49 timers: avoid using control statements in macro db4dd93 allowedips: remove control statement from macro by rewriting 780a597 global: more nits 06b1236 global: rename struct wireguard_ to struct wg_ 205dd46 netlink: do not stuff index into nla type 2c6b57b qemu: kill after 20 minutes 6f2953d compat: look in Kbuild and Makefile since they differ based on arch a93d7e4 create-patch: blacklist instead of whitelist 8d53657 global: prefix functions used in callbacks with wg_ 123f85c compat: don't output for grep errors Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (backported from 4653818dabe6d2f6e99b483ec256e4374dbb2c77)
* wireguard: bump to 0.0.20181007Kevin Darbyshire-Bryant2018-12-181-2/+2
| | | | | | | | | | | | | | | | 64750c1 version: bump snapshot f11a2b8 global: style nits 4b34b6a crypto: clean up remaining .h->.c 06d9fc8 allowedips: document additional nobs c32b5f9 makefile: do more generic wildcard so as to avoid rename issues 20f48d8 crypto: use BIT(i) & bitmap instead of (bitmap >> i) & 1 b6e09f6 crypto: disable broken implementations in selftests fd50f77 compat: clang cannot handle __builtin_constant_p bddaca7 compat: make asm/simd.h conditional on its existence b4ba33e compat: account for ancient ARM assembler Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (backported from 3925298f3ca9bcd854571367d98bb6ca07f4e66e)
* wireguard: bump to 0.0.20181006Jason A. Donenfeld2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Account for big-endian 2^26 conversion in Poly1305. * Account for big-endian NEON in Curve25519. * Fix macros in big-endian AArch64 code so that this will actually run there at all. * Prefer if (IS_ENABLED(...)) over ifdef mazes when possible. * Call simd_relax() within any preempt-disabling glue code every once in a while so as not to increase latency if folks pass in super long buffers. * Prefer compiler-defined architecture macros in assembly code, which puts us in closer alignment with upstream CRYPTOGAMS code, and is cleaner. * Non-static symbols are prefixed with wg_ to avoid polluting the global namespace. * Return a bool from simd_relax() indicating whether or not we were rescheduled. * Reflect the proper simd conditions on arm. * Do not reorder lines in Kbuild files for the simd asm-generic addition, since we don't want to cause merge conflicts. * WARN() if the selftests fail in Zinc, since if this is an initcall, it won't block module loading, so we want to be loud. * Document some interdependencies beside include statements. * Add missing static statement to fpu init functions. * Use union in chacha to access state words as a flat matrix, instead of casting a struct to a u8 and hoping all goes well. Then, by passing around that array as a struct for as long as possible, we can update counter[0] instead of state[12] in the generic blocks, which makes it clearer what's happening. * Remove __aligned(32) for chacha20_ctx since we no longer use vmovdqa on x86, and the other implementations do not require that kind of alignment either. * Submit patch to ARM tree for adjusting RiscPC's cflags to be -march=armv3 so that we can build code that uses umull. * Allow CONFIG_ARM[64] to imply [!]CONFIG_64BIT, and use zinc arch config variables consistently throughout. * Document rationale for the 2^26->2^64/32 conversion in code comments. * Convert all of remaining BUG_ON to WARN_ON. * Replace `bxeq lr` with `reteq lr` in ARM assembler to be compatible with old ISAs via the macro in <asm/assembler.h>. * Do not allow WireGuard to be a built-in if IPv6 is a module. * Writeback the base register and reorder multiplications in the NEON x25519 implementation. * Try all combinations of different implementations in selftests, so that potential bugs are more immediately unearthed. * Self tests and SIMD glue code work with #include, which lets the compiler optimize these. Previously these files were .h, because they were included, but a simple grep of the kernel tree shows 259 other files that carry out this same pattern. Only they prefer to instead name the files with a .c instead of a .h, so we now follow the convention. * Support many more platforms in QEMU, especially big endian ones. * Kernels < 3.17 don't have read_cpuid_part, so fix building there. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (backported from b6658564505e1f9a582ac63bd06cdf4b423818be)
* ethtool: update to 4.19Hans Dedecker2018-12-181-2/+2
| | | | | | | | | | 8a1ad80 Release version 4.19. ecdf295 ethtool: Fix uninitialized variable use at qsfp dump 98c148e ethtool: better syntax for combinations of FEC modes d4b9f3f ethtool: support combinations of FEC modes Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (backported from 5617e138bdaff94587d700def3d74e81c5b2db19)
* ethtool: Update to 4.18Robert Marko2018-12-181-2/+2
| | | | | | | | | | | | Tested on 8devices Jalapeno(ipq40xx) Introduces following changes: Feature: Add support for WAKE_FILTER (WoL using filters) Feature: Add support for action value -2 (wake-up filter) Fix: document WoL filters option also in help message Feature: ixgbe dump strings for security registers Signed-off-by: Robert Marko <robimarko@gmail.com> (backported from a9d73531921ef4755e2cbd6e9e7e36c59b00655c)
* ethtool: Update to 4.17Robert Marko2018-12-181-2/+2
| | | | | | | | | | | | | | | | | Tested on 8devices Jalapeno(ipq40xx) Introduces following changes * Fix: In ethtool.8, remove superfluous and incorrect \ * Fix: fix uninitialized return value * Fix: fix RING_VF assignment * Fix: remove unused global variable * Fix: several fixes in do_gregs() * Fix: correctly free hkey when get_stringset() fails * Fix: remove unreachable code * Fix: fix stack clash in do_get_phy_tunable and do_set_phy_tunable * Feature: Add register dump support for MICROCHIP LAN78xx Signed-off-by: Robert Marko <robimarko@gmail.com> (backported from 4bb2532ec1d4f30ad44037331130daffa687eb3d)
* ethtool: Update to 4.16Rosen Penev2018-12-181-2/+2
| | | | | | | Tested on Turris Omnia (mvebu). Signed-off-by: Rosen Penev <rosenp@gmail.com> (backported from 2737cea0bb117013875ee33916bb4b9deae9ea47)
* mbedtls: Cosmetic cleanupsDaniel Engberg2018-12-181-1/+1
| | | | | | | | | | | | | | This is more of a cosmetic change and a reminder that the CMake script hardcodes -O2. Source: https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.7/CMakeLists.txt#L73 https://github.com/ARMmbed/mbedtls/blob/master/CMakeLists.txt#L97 Remove the release type option as it's already provided by the toolchain. Source: https://github.com/openwrt/openwrt/blob/master/include/cmake.mk#L50 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (backported from 5297a759aee34952299d1d42f677f31781026c67)
* strace: Update to 4.22Rosen Penev2018-12-181-3/+3
| | | | | | | | | | SourceForge is deprecated according to upstream, so switch to main site for downloads. Tested on Turris Omnia (mvebu). Signed-off-by: Rosen Penev <rosenp@gmail.com> (backported from d12d81f8d41d8169c1299375ff15c232231d972c)
* fstools: Add the new options available in the menuconfigPierre Lebleu2018-12-181-0/+16
| | | | | | | | | Mounting using the zlib compression and mounting with full access accounting are now available in the menuconfig. Signed-off-by: Pierre Lebleu <pme.lebleu@gmail.com> (backported from e6b8ce4c081b0bdfbbd20477ecef18b285481b07)
* fstools: update to latest git HEADHans Dedecker2018-12-181-3/+3
| | | | | | | | dd02dad fstools: allow the mounting with full access time accounting 242248c fstools: allow to compress the filesystem Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (backported from 5df2597c59879029059d09c426dbf10e06c80306)
* mwlwifi: update to version 10.3.8.0-20181114Kabuli Chana2018-12-181-3/+3
| | | | | | | compile / test target mvebu / mamba Signed-off-by: Kabuli Chana <newtownBuild@gmail.com> (backported from 392eea392cdae42d4e388e9f1a89bb6fb4e849b6)
* base-files: sysupgrade: Allow downloading of firmware images using HTTPSPetr Štetiar2018-12-181-1/+2
| | | | | | | Currently it's only possible to download images over HTTP. Signed-off-by: Petr Štetiar <ynezz@true.cz> (backported from 7c104a83589c3e3fbfdfda2ef68b8695f57dde75)
* Revert "iptables: fix dependency for libip6tc on IPV6"Petr Štetiar2018-12-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch reverts commit 2dc1f54b1205094e7c6036cae6275d2c326bad3e as it breaks the build for me on x86-64 if I've IPV6 support disabled. Same config builds fine on `openwrt-18.06` branch at 55d078b2. $ grep IPV6 .config # CONFIG_KERNEL_IPV6 is not set # CONFIG_IPV6 is not set Build errors out on: Package libiptc is missing dependencies for the following libraries: libip6tc.so.0 Looking at iptables-1.6.2/libiptc/Makefile.am: libiptc_la_LIBADD = libip4tc.la libip6tc.la and to iptables-1.6.2/libiptc/libiptc.pc.in: Requires: libip4tc libip6tc It seems that libiptc needs v4/v6 libs, so v6 isn't optional. Cc: Rosy Song <rosysong@rosinson.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> (backported from 1b4b942bcef8638a040788ab9ae94c66e38fd960)
* mwlwifi: update to version 10.3.8.0-20181029Kabuli Chana2018-12-181-3/+3
| | | | | | | compile / test target mvebu / mamba Signed-off-by: Kabuli Chana <newtownBuild@gmail.com> (backported from 390158bd2b0bab61e3c454a006fa68a4ad98dfdc)
* mwlwifi: driver version to 10.3.8.0-20181022Jonathan Lancett2018-12-181-3/+3
| | | | | | | | | | | | | Upgrade 88W8997 firmware to 8.4.0.52. Removed unnecessary firmware settings. Added vendor events. Fixed crash problem when module is removed. Modified the code to protect tx queues. Signed-off-by: Jonathan Lancett <j.lancett@ntlworld.com> [tidy commit message] Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (backported from 9ac73502405b4d4f110e4901df7d05b7f7bcd781)
* mwlwifi: driver version to 10.3.8.0-20181008Yufei Miao2018-12-181-3/+3
| | | | | Signed-off-by: Yufei Miao <myf@myf.cloud> (backported from 260be8a5790416a8e8e42eb59d5b24a656e4bedb)
* wolfssl: update to version 3.15.3-stableDaniel Golle2018-12-181-3/+3
| | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> (backported from ed0d5a1e609e0b39eff9f06e3522396581d0b06e)
* ugps: update to latest git HEADAlexander Couzens2018-12-181-3/+3
| | | | | | | | | | 07528d43f9bc nmea.c: set _BSD_SOURCE to have timegm() & stime() on musl b88037b6bf6a check timegm return code ccabdf6c235f nmea.c: Add null byte to nmea fields cdc1478a8133 remove deprication warning Signed-off-by: Alexander Couzens <lynxis@fe80.eu> (backported from 81d7f82441f0754d398309a722323d792a24d76a)
* uqmi: update PKG_RELEASE versionFlorian Eckert2018-12-181-1/+1
| | | | | | | update PKG_RELEASE Signed-off-by: Florian Eckert <fe@dev.tdt.de> (backported from 4cabda8b7ddb0efea23e2aa044ea8bf18e03d199)
* uqmi: stop proto handler if verify pin count is not 3Florian Eckert2018-12-181-0/+7
| | | | | | | | | Check pin count value from pin status and stop verification the pin if the value is less then 3. This should prevent the proto-handler to lock the SIM. If SIM is locked then the PUK is needed. Signed-off-by: Florian Eckert <fe@dev.tdt.de> (backported from 0c9d06b5b243334123eafaf2e26a15ec2757767e)