aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* procd: update to latest git HEADJohn Crispin2018-10-111-3/+3
| | | | | | 94944ab procd: Add cpu string to board detection Signed-off-by: John Crispin <john@phrozen.org>
* package/: fix $(PROJECT_GIT) usageJohn Crispin2018-10-114-4/+4
| | | | Signed-off-by: John Crispin <john@phrozen.org>
* procd: Install hotplug files as 600Rosen Penev2018-10-111-3/+3
| | | | | | procd runs as root, so it only makes sense that its files are restricted. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* linux-atm: Install hotplug file as 600Rosen Penev2018-10-111-2/+2
| | | | | | The hotplug files is only used by procd, which runs as root. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* comgt: Install hotplug and netifd files as 600Rosen Penev2018-10-111-3/+3
| | | | | | procd and netifd both run as root. These files are not used elsewhere. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* samba36: Install several config files as 600Rosen Penev2018-10-111-4/+4
| | | | | | | Hotplug is managed by procd, which runs as root. The other files are used by root as well. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* soloscli: Install hotplug file as 600Rosen Penev2018-10-111-2/+2
| | | | | | Hotplug is managed by procd, which runs as root. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* firewall: Install config files as 600Rosen Penev2018-10-111-6/+6
| | | | | | None of the files in firewall are used by non-root. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* mpc85xx: remove kernel 4.9 supportMagnus Kroken2018-10-115-516/+0
| | | | Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mpc85xx: switch to kernel 4.14Magnus Kroken2018-10-111-1/+1
| | | | Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mpc85xx: add kernel 4.14 supportMagnus Kroken2018-10-115-0/+521
| | | | | | | | | Based on patches previously submitted by Achim Gottinger: http://lists.infradead.org/pipermail/openwrt-devel/2018-June/012719.html Tested on TP-Link TL-WDR4900 v1. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* netfilter: add missing dependency for kernel 4.14Koen Vandeputte2018-10-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since kernel 4.14.75 commit ("netfilter: xt_cluster: add dependency on conntrack module") a dependency is required on kmod-nf-conntrack. It seems this was already present for kmod-ipt-clusterip but not yet for kmod-ipt-cluster Add it fixing a build error when including kmod-ipt-cluster: Package kmod-ipt-cluster is missing dependencies for the following libraries: nf_conntrack.ko modules/netfilter.mk:665: recipe for target '/mnt/ramdisk/koen/firmware/builds/openwrt/bin/targets/cns3xxx/generic/packages/kmod-ipt-cluster_4.14.75-1_arm_mpcore_vfp.ipk' failed make[3]: *** [/mnt/ramdisk/koen/firmware/builds/openwrt/bin/targets/cns3xxx/generic/packages/kmod-ipt-cluster_4.14.75-1_arm_mpcore_vfp.ipk] Error 1 make[3]: Leaving directory '/mnt/ramdisk/koen/firmware/builds/openwrt/package/kernel/linux' Command exited with non-zero status 2 time: package/kernel/linux/compile#1.80#0.05#2.07 package/Makefile:107: recipe for target 'package/kernel/linux/compile' failed make[2]: *** [package/kernel/linux/compile] Error 2 make[2]: Leaving directory '/mnt/ramdisk/koen/firmware/builds/openwrt' package/Makefile:103: recipe for target '/mnt/ramdisk/koen/firmware/builds/openwrt/staging_dir/target-arm_mpcore+vfp_musl_eabi/stamp/.package_compile' failed make[1]: *** [/mnt/ramdisk/koen/firmware/builds/openwrt/staging_dir/target-arm_mpcore+vfp_musl_eabi/stamp/.package_compile] Error 2 make[1]: Leaving directory '/mnt/ramdisk/koen/firmware/builds/openwrt' /mnt/ramdisk/koen/firmware/builds/openwrt/include/toplevel.mk:216: recipe for target 'world' failed make: *** [world] Error 2 Fixes: f983956a8b72 ("kernel: bump 4.14 to 4.14.75") Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.14.75&id=b969656b46626a674232c0eadf92a394b89df07c
* ar71xx: remove linux 4.9 supportKoen Vandeputte2018-10-1092-8105/+0
| | | | Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ar71xx: switch to kernel 4.14Koen Vandeputte2018-10-101-1/+1
| | | | Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.75Koen Vandeputte2018-10-1023-101/+101
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.132Koen Vandeputte2018-10-102-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: enable memory compactionFelix Fietkau2018-10-0915-12/+6
| | | | | | | | | | | Compaction is the only memory management component to form high order (larger physically contiguous) memory blocks reliably. The page allocator relies on compaction heavily and the lack of the feature can lead to unexpected OOM killer invocations for high order memory requests. You shouldn't disable this option unless there really is a strong reason for it. Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
* mt76: fix typo in kmod-mt76x0u package descriptionFelix Fietkau2018-10-091-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: support gcc-optimized inlining on all architecturesFelix Fietkau2018-10-095-1/+142
| | | | | | | | Optimized inlining was disabled by default when gcc 4 was still relatively new. By now, all gcc versions handle this well and there seems to be no real reason to keep it x86-only. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: add dhcp-ignore-names support - CERT VU#598349Kevin Darbyshire-Bryant2018-10-093-1/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | dnsmasq v2.80test8 adds the ability to ignore dhcp client's requests for specific hostnames. Clients claiming certain hostnames and thus claiming DNS namespace represent a potential security risk. e.g. a malicious host could claim 'wpad' for itself and redirect other web client requests to it for nefarious purpose. See CERT VU#598349 for more details. Some Samsung TVs are claiming the hostname 'localhost', it is believed not (yet) for nefarious purposes. /usr/share/dnsmasq/dhcpbogushostname.conf contains a list of hostnames in correct syntax to be excluded. e.g. dhcp-name-match=set:dhcp_bogus_hostname,localhost Inclusion of this file is controlled by uci option dhcpbogushostname which is enabled by default. To be absolutely clear, DHCP leases to these requesting hosts are still permitted, but they do NOT get to claim ownership of the hostname itself and hence put into DNS for other hosts to be confused/manipulate by. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* wireguard: bump to 0.0.20181007Kevin Darbyshire-Bryant2018-10-091-2/+2
| | | | | | | | | | | | | | | 64750c1 version: bump snapshot f11a2b8 global: style nits 4b34b6a crypto: clean up remaining .h->.c 06d9fc8 allowedips: document additional nobs c32b5f9 makefile: do more generic wildcard so as to avoid rename issues 20f48d8 crypto: use BIT(i) & bitmap instead of (bitmap >> i) & 1 b6e09f6 crypto: disable broken implementations in selftests fd50f77 compat: clang cannot handle __builtin_constant_p bddaca7 compat: make asm/simd.h conditional on its existence b4ba33e compat: account for ancient ARM assembler Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* e2fsprogs: fix glibc compile issue (FS#1749,FS#1796)Hans Dedecker2018-10-081-0/+2
| | | | | | | | | | | Fixes the following build error: .../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_post’ .../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_wait' .../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_init’ .../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_destroy’ Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Revert "kernel: add a RPS balancer"Stijn Tintel2018-10-081-93/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 7af1fb9faafbc842fc727c49108f5fc4edc08601. With the RPS balancer patch, both my APU2s are crashing, sometimes just after a few minutes of uptime. [ 6241.170132] BUG: unable to handle kernel paging request at ffffffffa20a75a8 [ 6241.177248] IP: get_rps_cpu+0x41c/0x440 [ 6241.181140] PGD 2012067 P4D 2012067 PUD 2013063 PMD 0 [ 6241.186370] Oops: 0000 [#1] SMP NOPTI [ 6241.190080] Modules linked in: pppoe ppp_async pptp pppox ppp_mppe ppp_generic nf_nat_pptp nf_flow_table_ipv6 nf_flow_table_ipv4 nf_flow_table_inet nf_conntrack_pptp lzo iptable_nat ipt_REJECT ipt_MASQUERADE ftdi_sio xt_time xt_tcpudp xt_tcpmss xt_string xt_statistic xt_state xt_recent xt_quota xt_policy xt_pkttype xt_owner xt_nat xt_multiport xt_mark xt_mac xt_limit xt_length xt_hl xt_helper xt_esp xt_ecn xt_dscp xt_conntrack xt_connmark xt_connlimit xt_connbytes xt_comment xt_bpf xt_addrtype xt_TCPMSS xt_REDIRECT xt_NFQUEUE xt_LOG xt_HL xt_FLOWOFFLOAD xt_DSCP xt_CT xt_CLASSIFY wireguard usbserial ts_fsm ts_bm spidev slhc rfcomm nft_set_rbtree nft_set_hash nft_reject_ipv6 nft_reject_ipv4 nft_reject_inet nft_reject nft_redir_ipv4 nft_redir nft_quota nft_numgen nft_nat nft_meta nft_masq_ipv4 nft_masq [ 6241.261735] nft_log nft_limit nft_flow_offload nft_exthdr nft_ct nft_counter nft_chain_route_ipv6 nft_chain_route_ipv4 nft_chain_nat_ipv4 nfnetlink_queue nf_tables_ipv6 nf_tables_ipv4 nf_tables_inet nf_tables nf_reject_ipv4 nf_nat_tftp nf_nat_snmp_basic nf_nat_sip nf_nat_redirect nf_nat_proto_gre nf_nat_masquerade_ipv6 nf_nat_masquerade_ipv4 nf_nat_irc nf_conntrack_ipv6 nf_nat_ipv6 nf_conntrack_ipv4 nf_nat_ipv4 nf_nat_h323 nf_nat_ftp nf_nat_amanda nf_nat nf_log_ipv4 nf_flow_table_hw nf_flow_table nf_defrag_ipv6 nf_defrag_ipv4 nf_conntrack_tftp nf_conntrack_snmp nf_conntrack_sip nf_conntrack_rtcache nf_conntrack_proto_gre nf_conntrack_netlink nf_conntrack_irc nf_conntrack_h323 nf_conntrack_ftp nf_conntrack_broadcast ts_kmp nf_conntrack_amanda macvlan lzo_decompress lzo_compress libcrc32c kvm irqbypass [ 6241.333427] iptable_raw iptable_mangle iptable_filter ipt_ah ipt_ECN ip_tables hidp hci_uart crc_ccitt cdc_acm btusb btintel br_netfilter bnep bluetooth sch_cake tcp_bbr sch_teql em_nbyte sch_codel sch_prio sch_pie act_ipt em_meta sch_gred sch_dsmark cls_basic em_cmp em_text act_police sch_sfq sch_fq sch_multiq sch_red act_connmark nf_conntrack act_skbedit act_mirred em_u32 cls_u32 cls_tcindex cls_flow cls_route cls_fw sch_tbf sch_htb sch_hfsc sch_ingress configs evdev i2c_piix4 kfifo_buf industrialio i2c_dev xt_set ip_set_list_set ip_set_hash_netiface ip_set_hash_netport ip_set_hash_netnet ip_set_hash_net ip_set_hash_netportnet ip_set_hash_mac ip_set_hash_ipportnet ip_set_hash_ipportip ip_set_hash_ipport ip_set_hash_ipmark ip_set_hash_ip ip_set_bitmap_port ip_set_bitmap_ipmac ip_set_bitmap_ip ip_set [ 6241.405252] nfnetlink ip6t_REJECT nf_reject_ipv6 nf_log_ipv6 nf_log_common ip6table_mangle ip6table_filter ip6_tables x_tables ip_gre gre igb i2c_algo_bit ifb ip6_vti ip_vti sit l2tp_netlink l2tp_core ipcomp6 xfrm6_tunnel xfrm6_mode_tunnel xfrm6_mode_transport xfrm6_mode_beet esp6 ah6 ipcomp xfrm4_tunnel xfrm4_mode_tunnel xfrm4_mode_transport xfrm4_mode_beet esp4 ah4 ip6_tunnel tunnel6 tunnel4 ip_tunnel veth snd_compress snd_pcm_oss snd_mixer_oss snd_pcm snd_timer snd_rawmidi snd_seq_device snd_hwdep snd soundcore mpls_gso mpls_iptunnel mpls_router af_key xfrm_user xfrm_ipcomp xfrm_algo br2684 atm regmap_mmio vxlan udp_tunnel ip6_udp_tunnel ecdh_generic sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 seqiv jitterentropy_rng drbg md5 kpp ccp_crypto rsa_generic mpi asn1_decoder akcipher ccp sha256_generic [ 6241.477726] sha1_generic hmac ghash_generic gcm echainiv des_generic deflate zlib_deflate ctr cmac ccm cbc authenc crypto_acompress sdhci_pltfm pf_ring sp5100_tco leds_apu2 gpio_nct5104d button_hotplug ptp pps_core [ 6241.497122] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 4.14.73 #0 [ 6241.503198] Hardware name: PC Engines apu2/apu2, BIOS v4.8.0.2 20180705 [ 6241.509858] task: ffff88012a0d8000 task.stack: ffffc90000070000 [ 6241.515841] RIP: 0010:get_rps_cpu+0x41c/0x440 [ 6241.520246] RSP: 0018:ffff88012ed83db0 EFLAGS: 00010286 [ 6241.525511] RAX: 00000000ffffffff RBX: 0000000000011ae8 RCX: 0000000000000001 [ 6241.532737] RDX: 00000000ffffffff RSI: ffff88012a0d8788 RDI: 0000000000000282 [ 6241.539956] RBP: ffff88012ed83e00 R08: 0000000000000001 R09: 0000000000000000 [ 6241.547183] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82dae2e0 [ 6241.554403] R13: ffff880124de4480 R14: 0000000000000000 R15: ffff880128120000 [ 6241.561625] FS: 0000000000000000(0000) GS:ffff88012ed80000(0000) knlGS:0000000000000000 [ 6241.569820] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6241.575651] CR2: ffffffffa20a75a8 CR3: 00000001251da000 CR4: 00000000000406e0 [ 6241.582830] Call Trace: [ 6241.585322] <IRQ> [ 6241.587372] ? lock_acquire+0x59/0x80 [ 6241.591102] netif_receive_skb_internal+0x1e4/0x2d0 [ 6241.596037] napi_gro_receive+0x48/0x90 [ 6241.599948] igb_alloc_rx_buffers+0xc97/0x1b60 [igb] [ 6241.604981] ? note_gp_changes+0x76/0xc0 [ 6241.608963] net_rx_action+0x10c/0x280 [ 6241.612752] __do_softirq+0xf0/0x22d [ 6241.616375] irq_exit+0x5e/0xa0 [ 6241.619573] do_IRQ+0xee/0x110 [ 6241.622682] common_interrupt+0x8b/0x8b [ 6241.626556] </IRQ> [ 6241.628699] RIP: 0010:native_safe_halt+0x6/0x10 [ 6241.633260] RSP: 0018:ffffc90000073e10 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff3d [ 6241.640910] RAX: ffff88012a0d8000 RBX: ffff88012a190c00 RCX: 0000000000000000 [ 6241.648110] RDX: ffff88012a0d8000 RSI: 0000000000000001 RDI: ffff88012a0d8000 [ 6241.655354] RBP: ffffc90000073e10 R08: 0000000000000006 R09: 0000000000000000 [ 6241.662554] R10: 0000000000000000 R11: 0000000000000000 R12: ffff88012a190c64 [ 6241.669791] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000001 [ 6241.676986] acpi_safe_halt.part.9+0xe/0x20 [ 6241.681226] acpi_idle_do_entry+0x2c/0x40 [ 6241.685325] acpi_idle_enter+0x1ee/0x2b0 [ 6241.689298] ? sched_clock+0x9/0x10 [ 6241.692839] cpuidle_enter_state+0x1f2/0x230 [ 6241.697162] cpuidle_enter+0x12/0x20 [ 6241.700803] call_cpuidle+0x38/0x40 [ 6241.704335] do_idle+0xed/0x160 [ 6241.707557] cpu_startup_entry+0x6e/0x70 [ 6241.711557] start_secondary+0x1b4/0x1d0 [ 6241.715536] secondary_startup_64+0xa5/0xb0 [ 6241.719777] Code: d4 48 8d 04 9b 48 8b 35 53 a7 ac 00 48 8d 1c 43 48 83 c6 64 48 c1 e3 03 48 8d bb e8 e2 da 82 e8 cb a9 ba ff 41 8b 14 1c 48 89 d0 <48> 0f a3 15 dc dc b6 00 0f 83 46 fc ff ff 48 83 c4 28 5b 41 5c [ 6241.739100] RIP: get_rps_cpu+0x41c/0x440 RSP: ffff88012ed83db0 [ 6241.744993] CR2: ffffffffa20a75a8 [ 6241.748373] ---[ end trace 77367d9f9830d5bc ]--- Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* sunxi: add support for Orange Pi ZeroJulian Haupt2018-10-072-0/+17
| | | | Signed-off-by: Julian Haupt <julian.haupt@hauptmedia.de>
* image: ignore usign build errorsHauke Mehrtens2018-10-071-1/+1
| | | | | | | | | | | | | | The tl-wa850re-v2 images from the ar71xx/tiny target are getting too big with the default packages. The size check is done before the meta data is added so there is no file to add meta data to or to sign. Originally errors in Build/append-metadata were getting ignored, but if the signing fails the error is not ignored. This adds a check if the file to be signed is there and only does the signing if it is there. This way it does not fail if the package creation was already aborted earlier. Fixes: 848b455d2e94 ("image: use ucert to append signature") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* fstools: filter unknown action in mount.hotplug scriptRosy Song2018-10-072-2/+2
| | | | Signed-off-by: Rosy Song <rosysong@rosinson.com>
* busybox: fix IPv6 dependencyHans Dedecker2018-10-072-2/+3
| | | | | | | | | Commit 9f0cb135dd made BUSYBOX_CONFIG_FEATURE_IPV6 dependant on IPV6 but did not make its default value BUSYBOX_DEFAULT_FEATURE_IPV6 dependant on IPV6. BUSYBOX_DEFAULT_FEATURE_IPV6 will have as default value y if IPV6 is enabled otherwise n. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: bump to v2.80test8Kevin Darbyshire-Bryant2018-10-071-2/+2
| | | | | | | | | | | e1791f3 Fix logging of DNSSEC queries in TCP mode. Destination server address was misleading. 0fdf3c1 Fix dhcp-match-name to match hostname, not complete FQDN. ee1df06 Tweak strategy for confirming SLAAC addresses. 1e87eba Clarify manpage for --auth-sec-servers 0893347 Make interface spec optional in --auth-server. 7cbf497 Example config file fix for CERT Vulnerability VU#598349. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* nghttp2: bump to 1.34.0Hans Dedecker2018-10-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 2b085815 (tag: v1.34.0) Update manual pages 986fa302 Bump up version number to 1.34.0, LT revision to 31:1:17 7c8cb3a0 nghttpx: Improve CONNECT response status handling 334c439c Fix bug that regular CONNECT does not work 6700626c Rule out content-length in the successful response to CONNECT 15162add Update manual pages 93270777 Merge pull request #1235 from nghttp2/backend-conn-timeout aeb92bbb nghttpx: Add read/write-timeout parameters to backend option fc7489e0 nghttpx: Fix mruby parameter validation 87ac872f nghttpx: Update doc c278adde nghttpx: Log error when mruby file cannot be opened f94d7209 Merge pull request #1234 from nghttp2/nghttpx-rfc8441 9b9baa6b Update doc 02566ee3 nghttpx: Update doc 3002f31b src: Add debug output for SETTINGS_ENABLE_CONNECT_PROTOCOL d2a594a7 nghttpx: Implement RFC 8441 Bootstrapping WebSocket with HTTP/2 651e1477 Allow client sending :protocol optimistically a42faf1c nghttpx: Write TLS alert during handshake 4aac05e1 Merge pull request #1231 from nghttp2/ws-lib-only b80dfaa8 Adjustment for RFC 8441 a19d8f5d Deal with :protocol pseudo header 33f6e90a Add NGHTTP2_TOKEN__PROTOCOL ed7fabcb Add SETTINGS_ENABLE_CONNECT_PROTOCOL 8753b6da Update doc f2de733b Update neverbleed to fix OpenSSL 1.1.1 issues 88ff8c69 Update mruby 1.4.1 a63558a1 nghttpx: Call OCSP_response_get1_basic only when OCSP status is successful 3575a132 nghttpx: Fix crash with plain text HTTP e2de2fee Update bash_completion 9f415979 Update manual pages 4bfc0cd1 Merge pull request #1230 from nghttp2/nghttpx-faster-logging 9c824b87 nghttpx: Get rid of std::stringstream from Log a1ea1696 Make VALID_HD_NAME_CHARS and VALID_HD_VALUE_CHARS const qualified dfc0f248 Make static_table const qualified ed7c9db2 nghttpx: Add mruby env.tls_handshake_finished 5b42815a nghttpx: Strip incoming Early-Data header field by default cfe7fa9a nghttpx: Add --tls13-ciphers and --tls-client-ciphers options cb8a9d58 src: Remove TLSv1.3 ciphers from DEFAULT_CIPHER_LIST 023b9448 Merge branch 'tls13-early-data' 9b03c64f nghttpx: Should postpone early data by default b8eccec6 nghttpx: Disable OpenSSL anti-replay 9f212587 Specify SSL_CTX_set_max_early_data and add an option to change max value 47f60124 nghttpx: Add an option to postpone early data processing 770e44de Implement draft-ietf-httpbis-replay-02 2ab319c1 Don't hide error code from openssl 39923024 Remove SSL_ERROR_WANT_WRITE handling b30f312a Honor SSL_read semantics c5cdb78a nghttpx: Add TLSv1.3 0-RTT early data support f79a5812 Bump up version number to 1.34.0 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ath79: add Fritz!Box 4020 switchconfigDavid Bauer2018-10-071-1/+5
| | | | | | In contrast to ar71xx, uci switchconfig is missing in the ath79 target. Signed-off-by: David Bauer <mail@david-bauer.net>
* iperf: fix --daemon optionRafał Miłecki2018-10-073-1/+205
| | | | | | | | | | | | | | | Support for -D got broken in the 2.0.11 release by the upstream commit 218d8c667944 ("first pass L2 mode w/UDP checks, v4 only"). After that commit clients were still able to connect but no traffic was passed. It was reported and is fixed now in the upstream git repository. Backport two patches to fix this. The first one is just a requirement for the later to apply. The second one is the real fix and it needed only a small adjustment to apply without backporing the commit 10887b59c7e7 ("fix --txstart-time report messages"). Fixes: 457e6d5a27be ("iperf: bump to 2.0.12") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ath79: add support for TP-Link TL-WA901ND v2David Bauer2018-10-073-0/+140
| | | | | | | | | | | | | | | | | | This commit adds support for the TP-Link TL-WR901ND v2 access point. CPU: Atheros AR9132 400MHz RAM: 32MB FLASH: 4MiB WiFi: Atheros AR9103 3x3:2 bgn LED: Power (static on) LAN (controlled by PHY) SYS, WiFi, QSS toggleable BTN: Reset, QSS Installation: Upload the factory image via the vendor-GUI. Signed-off-by: David Bauer <mail@david-bauer.net>
* ath79: add support for Buffalo WZR-HP-G302H A1A0INAGAKI Hiroshi2018-10-074-0/+263
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Buffalo WZR-HP-G302H is a 2T2R 2.4 GHz 11n router, based on Atheros AR7242. It is Japanese market model of WZR-HP-G300NH2, but there are some diffrences. This commit is based on WZR-HP-G300NH2 in ar71xx. And, G302H has several hardware versions and hardware is different dependent on the versions. This commit adds support for "A1A0" version. Specification: - Atheros AR7242 - 64 MB of RAM (DDR2) - 32 MB of Flash - 2x 16 MB SPI-NOR flash - 2.4 GHz 2T2R wifi - Atheros AR9283 - 5x 10/100/1000 Mbps Ethernet - Atheros AR8316 - 7x LEDs, 5x keys - LED: 1x gpio-leds, 6x ath9k-leds - key: 3x buttons, 2x slide switches - UART header on PCB - Vcc, GND, TX, RX from ethernet port side - 115200n8 Flash instruction using factory image: 1. Boot WZR-HP-G302H normaly and connect the computer to its LAN port 2. Access to "http://192.168.11.1/" and move to firmware update page ("ファーム更新") 3. Select the OpenWrt factory image and click update ("更新実行") button to perform firmware update 4. Wait ~200 seconds to complete flashing Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
* ath79: add hwver parameter to buffalo-tagINAGAKI Hiroshi2018-10-073-5/+6
| | | | | | | In order to be able to set the value of "hardware version" other than "3", I added the "hwver" parameter. Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
* ath79: Add support for TP-Link TL-WR842N-v2Robert Marko2018-10-074-1/+221
| | | | | | | | | | | | | | | | | | | | This PR adds support for TP-Link TL-WR842N-v2 router which is supported by ar71xx to ath79. This is a low cost model with following specs: CPU: Atheros AR9341 SoC RAM: 32 MB DDR1 Flash: 8 MB NOR SPI Switch: Internal AR9341 5 port 10/100 Mbit Ports: 5x 10/100 Mbit(1x WAN, 4x LAN) USB: 1x USB2.0 WLAN: 2.4 GHZ AR9341 Installation: Simply flash the factory image through stock firmware WEB UI. Signed-off-by: Robert Marko <robimarko@gmail.com>
* ipq40xx: Create /var/lock directory in platform_do_upgrade_*Sven Eckelmann2018-10-071-8/+1
| | | | | | | | | | | | | | | | | | The sysupgrade_pre_upgrade hook was removed with 5e1b4c57ded7 ("base-files: drop fwtool_pre_upgrade") while there were still scripts using it: * target/linux/ar71xx/base-files/lib/upgrade/allnet.sh * target/linux/ar71xx/base-files/lib/upgrade/openmesh.sh * target/linux/ipq40xx/base-files/lib/upgrade/openmesh.sh Not running the hooks can either prevent a successful upgrade or brick the device because the fw_setenv program cannot be started correctly. Instead of adding this hook again, the directory /var/lock for fw_setenv can also just be created directly before fw_setenv is called. Fixes: 5e1b4c57ded7 ("base-files: drop fwtool_pre_upgrade") Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
* ar71xx: Create /var/lock directory in platform_do_upgrade_*Sven Eckelmann2018-10-072-16/+3
| | | | | | | | | | | | | | | | | | The sysupgrade_pre_upgrade hook was removed with 5e1b4c57ded7 ("base-files: drop fwtool_pre_upgrade") while there were still scripts using it: * target/linux/ar71xx/base-files/lib/upgrade/allnet.sh * target/linux/ar71xx/base-files/lib/upgrade/openmesh.sh * target/linux/ipq40xx/base-files/lib/upgrade/openmesh.sh Not running the hooks can either prevent a successful upgrade or brick the device because the fw_setenv program cannot be started correctly. Instead of adding this hook again, the directory /var/lock for fw_setenv can also just be created directly before fw_setenv is called. Fixes: 5e1b4c57ded7 ("base-files: drop fwtool_pre_upgrade") Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
* ar71xx: Use sysupgrade's RAMFS_COPY_* for fw_(set|print)envSven Eckelmann2018-10-073-9/+6
| | | | | | | | | | | | The install_bin from /lib/upgrade/common.sh is no longer creating the symlinks when a secondary parameter is added. But the fw_setenv program was always copied this way to the ramdisk for the upgrade. Instead, this should be done using RAMFS_COPY_* like on all other platforms. Fixes: 438dcbfe74a6 ("base-files: automatically handle paths and symlinks for RAMFS_COPY_BIN") Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
* ath79: fix build warningMathias Kresin2018-10-071-2/+0
| | | | | | | | | | | | | | | | | | | | The image build code for the Ubiquiti Nanostation AC series adds the factory image as to be build image. The same is already done by an included recipe which results into an expanded IMAGE variable of: IMAGES = sysupgrade.bin factory.bin factory.bin The build system doesn't like these duplicates and issues the following warning: Makefile:82: warning: overriding recipe for target... Get remove the duplicate factory image to get rid of the warning. Fixes: 5736af8024be ("ath79: Add support for Ubiquiti NanoStation AC loco") fa3c2676ab0c ("ath79: Add support for Ubiquiti Nanostation AC") Signed-off-by: Mathias Kresin <dev@kresin.me>
* odhcpd: update to latest git HEAD (FS#1853)Hans Dedecker2018-10-071-4/+4
| | | | | | | | 57f639e (HEAD -> master, origin/master, origin/HEAD) odhcpd: make DHCPv6/RA/NDP support optional 402c274 dhcpv6: check return code of dhcpv6_ia_init() ee7472a router: don't leak RA message in relay mode (FS#1853) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iw: strip a few more non-essential features from iw-tinyFelix Fietkau2018-10-071-1/+46
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iw: fix filtering linked object files for iw-tinyFelix Fietkau2018-10-071-1/+1
| | | | | | It was broken by the recent commit that added iw-full Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ramips: don't hijack the status ledMathias Kresin2018-10-071-14/+0
| | | | | | | | | | Don't hijack the status led to indicate the wireless state. If we don't have a dedicated wireless led, it's as simply as the wireless status can't be indicated. Such a led misuse should be set by the user and not shipped by default. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: move status led unset to devicetreeMathias Kresin2018-10-078-25/+0
| | | | | | | Release the led used for boot status indication via devicetree instead of setting a default off trigger in userspace. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: add support for indicating the boot state using multiple ledsMathias Kresin2018-10-07214-217/+877
| | | | | | | | | Use diag.sh version used for other targets supporting different leds for the different boot states. The existing led sequences should be the same as before. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: set F5D8235 v1 usb led trigger via devicetreeMathias Kresin2018-10-072-5/+26
| | | | | | | Assign the usbdev trigger via devicetree and drop the userspace handling of the usb leds. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: set rt2880 pci controller of_nodeMathias Kresin2018-10-071-0/+32
| | | | | | | Set the PCI controller of_node such that PCI devices can be instantiated via device tree. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: set usb led trigger via devicetreeMathias Kresin2018-10-0770-80/+235
| | | | | | | | | | Assign the usbdev trigger via devicetree for all subtargets and drop the userspace handling of the usb leds. With the change all usb ports are triggering the usb led instead of only usb 1.1 XOR usb 2.0 XOR usb 3.0 as it was before. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ath79: Add support for Ubiquiti Nanostation ACTobias Schramm2018-10-076-0/+117
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 5 GHz AC wireless outdoor PoE CPE with internal 2.4 GHz management radio CPU: Atheros AR9342 SoC RAM: 64 MB DDR2 Flash: 16 MB NOR SPI Switch: QCA8334 Ports: 2 GbE ports (1x PoE in, 1x PoE passthrough) WLAN: 5 GHz QCA899X (PCI) and 2.4 GHZ AR9342 Successor to the old NanoStation M5 with AC wireless. The integrated QCA899X is a Ubiquiti branded part with modified vendor and product id (0777:11ac9). Serial Serial settings: 115200, 8N1 * = plated through hole 0 = nylon screw [Top of device] +--------------------------+ | [label] | | 0 | | 0 | | [ubnt] | | [logo] 3V3 * | | TX * | | RX * | | GND * | | | | * | | * | | * | | * | | 0 | | 0 | | | | | Installation 1. Connect to serial header on device 2. Power on device and enter uboot console 3. Set up tftp server serving an openwrt initramfs build 4. Load initramfs build using the command tftpboot in the uboot cli 5. Boot the loaded image using the command bootm 6. Copy squashfs openwrt sysupgrade build to the booted device 7. Use mtd to write sysupgrade to partition "firmware" 8. Reboot and enjoy Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
* ath79: Add support for Ubiquiti NanoStation AC locoTobias Schramm2018-10-074-3/+66
| | | | | | | | | | | | | | | | | | | | | | | Atheros AR9342, 16 MB flash, 64 MB RAM Successor to the old NanoStation M5 loco with AC wireless. Includes a mac80211 patch for ath10k_pci because Ubiquiti uses a Ubiquiti branded and customized QCA988X with vendor id 0777 and device id 11ac for AC wireless. Installation 1. Connect to serial header on device (8N1 115200) 2. Power on device and enter uboot console 3. Set up tftp server serving an openwrt initramfs build 4. Load initramfs build using the command tftpboot in the uboot cli 5. Boot the loaded image using the command bootm 6. Copy squashfs openwrt sysupgrade build to the booted device 7. Use mtd to write sysupgrade to partition "firmware" 8. Reboot and enjoy Signed-off-by: Tobias Schramm <tobleminer@gmail.com>