git.openwrt.org Git - openwrt/staging/dangole.git/log

build: create APK files parallel to IPK

Create APK files based on the folder and control files of IPK packages.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[included fix for host-build from Felix Fietkau]
Signed-off-by: Paul Spooren <mail@aparcar.org>

lua: make it easier to detect host-built Lua

Install pkg-config file also for host-build, clean up Lua symlinks.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 315f52e0f3bfa3d65ad14ca21a696c6d31c4edcd)

tools/libressl: update to 3.3.3

Fix wrong FPIC variable usage. Fixes compilation under sparc64 host.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit bf4dbbb55e2b8e23f186e1334f1e9ce6a3a8ddfe)

feeds: switch to apk3 branch on packages feed

Use private apk3 branch for 'uvol', 'autopart' and 'apk' packages.

procd: update to git HEAD

64e9f3a procd: fix compilation with newer musl
945d0d7 utils: fix C style in header file
2cfc26f inittab: detect active console from kernel if no console= specified
3e88c6f jail/seccomp: add support for aarch64
c23d8bf trace: fix build on aarch64
7ee4563 procd: Adding support to detect Pantavisor Container Platform
021ece8 procd: Use /dev/console for serial console if exists
2dcefbd jail: add support for cgroup devices as in OCI run-time spec
0ee73b2 uxc: implement support for rootfs overlay in containers
b0a8ea1 jail: do not hack /etc/resolv.conf on container rootfs
92aba53 jail: increase max additional env records to 64
15997e6 jail: allow rootfs to be a symbolic link
0114c6f jail: open() extroot folder before mounting
ed96eda uxc: check for required blockd mounts
0545905 jail: make use of realpath() for rootfs and overlaydir
9bd1b7f jail: refactor directory handling for rootfs and overlaydir
772292e uxc: don't restart containers when mount shows up
3a9d910 uxc: resolve volume UUIDs by name of UCI fstab section
f26233e watchdog: Add an info message if the watchdog reset the system
93fc089 jail: cgroups-bpf: don't use sys/reg.h when building with glibc
548d057 jail: don't ignore return value of seteuid()
220b716 jail: ignore return value when creating default /dev symlinks
78d5baa hotplug-dispatch: don't ignore asprintf() return value
736aee5 uxc: always handle asprintf() return value
2b20456 hotplug-dispatch: replace wrongly used assert()
bfc86a2 jail: cgroups: replace wrongly used assert()
516bdf2 jail: don't ignore return value of write()
e10de28 jail: cgroups-bpf: fix compile with musl 1.2
f5d9b14 hotplug-dispatch: fix rare memory leaks in error paths
9f233f5 system: make rootfs type accessible through board call
48638ad hotplug-dispatch: yet another rare memory leak disovered by Coverity
459b3e8 jail: fix several issues discovered by Coverity
2562e2b ujail-console: add missing error handling discovered by coverity
040fecc system: fix issues reported by Coverity
48f481b service: make sure string read is null terminated
16dbc2a uxc: fix a bunch of issues discovered by Coverity
ff9002f uxc: fix help output
104b49d uxc: support config in uvol
8a8306d uxc.c: fix coverity resource leak warning
7f2398e jail: devices: create parent folder when creating devices
0603c8d jail: return to hook callback instead of just calling it
3edb7eb jail: check return value when opening console
af048a3 jail: use portable sizeof(void *)
6010bd3 utils: make sure read() string is 0 terminated
f6daca3 uxc: free string returned by blobmsg_format_json_indent()
51f1cd2 trace: free string returned by blobmsg_format_json_indent()
d716cb5 trace: handle open() return value and make sure string is terminated
b824a89 jail: preload: avoid NULL-dereference in case things go wrong
167dc24 jail: protect against strcat buffer overflows
df251c2 uxc: move mountpoint of persistent config to /var/run/uxc
e5b38fd trace: free memory allocated by blobmsg_format_json_indent()
96d8bf2 trace: fix potential use-after-free occurence
8eb1d78 initd: fix off-by-one error in mkdev.c
86f82f3 utils: don't ignore open() return value
f5fe04b jail: actually check calloc return value
269c9e4 trace: preload: avoid NULL-dereference here as well
20adf53 Revert "initd: fix off-by-one error in mkdev.c"
773e8da initd: fix off-by-one error in mkdev.c
8a60e7e trace: don't leak file descriptor in error path
68df9ac procd: fix container deletion
f16abe0 uxc: add JSON output option for 'list' command
a23c888 jail: prepare for adding process to existing namespace
50da8a4 instance: allow jailed service to join namespace(s)
482d1ab Revert "jail: do not hack /etc/resolv.conf on container rootfs"
1eb4371 jail: start ubus and netifd instances for container with netns
97bcdcf uxc: fix segfault caused by use-after-free
6398e05 uxc: don't free the stack
324ebd0 jail: fs: add support for asymmetric mount bind
c44ab7f jail: netifd: generate netifd uci config and mount it
82dd390 jail: make use of per-container netifd via ubus
9b1e035 jail: netifd: code cosmetics
d2a2ecc jail: netifd: fix error handling issue reported by coverity
e1d7cee jail: netifd: check target netns fd before using it
59f7699 uxc: add missing 'break' statement

The new per-jail netifd is now configured by filtering the host
network configuration. As libuci is used for that, procd-ujail now
depends on libuci.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

netifd: update to the latest version

94170ae24bc9 device: extend device settings flags to 64 bit
1eb0fafaa986 device: add support for configuring device link speed/duplex
ed84473b7af9 bridge: memset bst->config by default to avoid stale config values
6519cf31e4b0 bridge: add support for an external STP daemon
454e9c33c906 bridge: tune default stp parameters
d590fbd255ce wireless: always enable bpdu filter for AP interfaces and VLANs
f8ff6d820283 system-linux: remove copy&paste from /proc and /sys path names
300b1220fab3 wireless: improve reliability of proxyarp support
5ba9744aac6d device: add support for configuring bonding devices
6fa9b042ff4d wireless: only apply wireless device attributes to the base vif interface
06d11bbf1f2b wireless: only enable proxyarp/isolate for AP vifs
08e954e137ff bonding: claim the port device before creating the bonding device
5a4ac30c7a15 netifd: rework/fix device free handling
4d0c2ad3fd26 wireless: fix applying wireless devices attributes on hotplug events
186f6eaeba70 wireless: display log messages for setup/teardown/retry
fac471c4934a wireless: process and close script file descriptor when rerunning setup
62e2bb56f48e main: poll process log stream even if processes are killed
0e311d3f2d1a wireless: reset number of retries on config change
e467e0ff44c0 wireless: reset retry counter when setup succeeds
448ffc154fe7 wireless: fix index for stations
be8cd8fd4d6f interface: don't fork() to start jail interface
7a048bd6871d interface, ubus: rework netns up/down

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

fstools: update to git HEAD

bad1835 fstools: add partname volume driver
19d7d93 libfstools: partname: several fixes
3c38f0c libfstools: fix build with glibc
d05ad93 libfstools: remove superflus include
964d1e3 partname: allow skipping existing 'rootfs_data' partition
c44b40b overlay: fix syncronizing typo
b5397a1 fstools: block: fix segfault on mount with no target
bd7cc8d block: use dynamically allocated target string
6d8450e blockd: use allocated strings instead of fixed buffers
d47909e libblkid-tiny: fix buffer overflow
67d2297 block: match device path instead of assuming /dev/%s
2aeba88 block: allow autofs and umount commands also on MTD/UBI
3d40a1b blockd: add missing #define _GNU_SOURCE
4d4dcfb blockd: detect mountpoint of /dev/mapper/*
2f42515 block: resolve /dev/mapper/* name for /dev/dm-0 when hotplugging
39558a1 blockd: also send ubus notification on mount hotplug
3386b6b blockd: fix trigger name
cdc9939 blockd: move to its own POSIX process group
59f7c11 blockd: create mountpoint parent folder if needed
9cc96af Revert "block: resolve /dev/mapper/* name for /dev/dm-0 when hotplugging"
06334ac Revert "blockd: detect mountpoint of /dev/mapper/*"
9ab3551 block: use /dev/dm-* instead of /dev/mapper/*
5114595 block: allow remove hotplug event to arrive at blockd
a846c6b blockd: fix length of timeout int passed to ioctl
1d681ca block: support umount device basename
46d02c2 block: don't add non-ubifs ubi devices
cc63933 blockd: send mount.ready when startup has completed
b7bf185 blockd: make most calls to 'block' asynchronous
141ac85 libblkid-tiny: fix invalid open syscall return check
9e26563 libblkid-tiny: install header file to include dir
d4f0129 blockd: also report target in notifications
629726d blockd: fix resource leak discovered by coverity scan
68ae639 libubi: fix several issues discovered by Coverity
a77c4fa ubi: fix resource leak in legacy codepath
2e3aca2 block: fix two resources leaks discovered by Coverity
50e6b20 libfstools: handle open() return value properly in F2FS check
e1b6811 blockd: include missing libubox/utils.h

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

wolfssl: bump PKG_RELEASE

Fixes commit 4b212b1306a9 ("wolfssl: build with WOLFSSL_ALT_CERT_CHAINS")

Signed-off-by: David Bauer <mail@david-bauer.net>

wolfssl: build with WOLFSSL_ALT_CERT_CHAINS

"Alternate certification chains, as oppossed to requiring full chain
validataion. Certificate validation behavior is relaxed, similar to
openssl and browsers. Only the peer certificate must validate to a trusted
certificate. Without this, all certificates sent by a peer must be
used in the trust chain or the connection will be rejected."

This fixes e.g. uclient-fetch and curl connecting to servers using a Let's
Encrypt certificate which are cross-signed by the now expired
DST Root CA X3, see [0].

This is the recommended solution from upstream [1].

The binary size increases by ~12.3kb:
1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
1248704 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f

[0] https://github.com/openwrt/packages/issues/16674
[1] https://github.com/wolfSSL/wolfssl/issues/4443#issuecomment-934926793

Signed-off-by: Andre Heider <a.heider@gmail.com>
[bump PKG_RELEASE]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 28d8e6a8711ba78f1684a205e11b0dbd4ff2b2f3)

mvebu: add support for iEi Puzzle-M901/Puzzle-M902

Hardware specification
----------------------
* CN9130 SoC, Quad-core ARMv8 Cortex-72 @ 2200 MHz
* 4 GB DDR
* 4 GB eMMC
* mmcblk0
- mmcblk0p1    64M  kernel_1
- mmcblk0p2    64M  kernel_2
- mmcblk0p3   512M  rootfs_1
- mmcblk0p4   512M  rootfs_2
- mmcblk0p5   512M  Reserved
- mmcblk0p6    64M  Reserved
- mmcblk0p7   1.8G  rootfs_data

* 4 MB (SPI Flash)
* 6 x 2.5 Gigabit  ports (Puzzle-M901)
- External PHY with 6 ports (AQR112R)

* 6 x 2.5 Gigabit ports (Puzzle-M902)
- External PHY with 6 ports (AQR112R)
   3 x 10 Gigabit ports (Puzzle-M902)
- External PHY with 3 ports (AQR113R)

* 4 x Front panel LED
* 1 x USB 3.0
* Reset button on Rear panel
* UART (115200 8N1,header on PCB)

Flash instructions:
    The original firmware is based on OpenWrt.
    Flash firmware using LuCI and CLI

Signed-off-by: Ian Chang <ianchang@ieiworld.com>
(cherry picked from commit 70c75965a97799b44871249c205bad48fea9a4ae)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

mvebu: backport CN9130 dts necessary files changes to 5.4

1. Add support for Marvell CN9130 SoC
2. Add support for CP115,and create an armada-cp11x.dtsi file which will be used to instantiate both CP110 and CP115
3. Add support for AP807/AP807-quad,AP807 is a major component of CN9130 SoC series
4. Drop PCIe I/O ranges from CP11x file and externalize PCIe macros from CP11x file

Signed-off-by: Ian Chang <ianchang@ieiworld.com>
(cherry picked from commit c98ddf0f019986bbb4c868bfcaf97e0d1f4ee2dc)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

build: prereq detect Python 3.10 for `python3` binary

While the binary `python3.10` is correctly detected by the build system
the default `python3` binary is currently not detected if pointing to a
Python 3.10 installation.

Fix this by extending the grep regex.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 56ea2bf2eec431ccd3c566190a444ad63db39b65)

kernel: ar8216: add get_features method

Modifying PHY capabilities in the probe function broke with upstream
commit 92ed2eb7f4b7 ("net: phy: probe the PHY before determining the
supported features").

AR8316 switches only support 10/100 Mbit/s link modes because of this
change.

Provide a get_features method for the PHY driver, so Gigabit link mode
will be advertised to link partners again.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 766e0f584a325b0b80a97bbc86ca515d97c63001)

prereq-build: recognize Python 3.10

Fedora 35 contains Python 3.10 as default version. Make use of it.

Signed-off-by: Marcin Juszkiewicz <marcin@juszkiewicz.com.pl>
[fix commit subject]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit e1c03ca18519f9683f6bfce1795e58d99575d895)

build: fix `which` detection on Fedora & MacOS

Fix Fedora 34/35 issue where 'which' detection of 'which' wasn't working
because Fedora use alias and proc

Fixup of fca5ad55d2 prereq-build: fix `which` detection on Fedora

Reported-by: Jani Partanen <rtfm@iki.fi>
Suggest-by: Etienne Champetier <champetier.etienne@gmail.com>
Tested-by: Georgi Valkov <gvalkov@abv.bg>
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 0d1ebf0d6d20f0439ab45b293f9daa7662c44ba6)

uhttpd: make organization (O=) of the cert configurable via uci

Make the organization (O=) of the cert configurable via uci. If not
configured, use a combination of "OpenWrt" and an unique id like it was
done before.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(cherry picked from commit 2c6c1501af664490ec9b701b46a201e21c670b96)

uboot-lantiq: fix sha1.h header clash when system libmd installed

Backport of u-boot commit "includes: move openssl headers to include/u-boot"
https://github.com/u-boot/u-boot/commit/2b9912e6a7df7b1f60beb7942bd0e6fa5f9d0167

Fixes: FS#3955
Signed-off-by: Alan Swanson <reiver@improbability.net>
(cherry picked from commit 8db641049292035604f0e1fb788608fdea879eca)

kernel: bump 5.4 to 5.4.150

Manually rebased:
  generic/backport-5.4/370-netfilter-nf_flow_table-fix-offloaded-connection-tim.patch
  generic/pending-5.4/800-bcma-get-SoC-device-struct-copy-its-DMA-params-to-th.patch
  mvebu/patches-5.4/021-arm64-dts-marvell-armada-37xx-Move-PCIe-comphy-handl.patch

Removed upstreamed:
  generic/backport-5.4/040-ARM-8918-2-only-build-return_address-if-needed.patch
  layerscape/patches-5.4/819-uart-0004-MLK-18137-fsl_lpuart-Fix-loopback-mode.patch

All others updated automatically.

Compile-tested on: lantiq/xrx200, armvirt/64
Runtime-tested on: lantiq/xrx200, armvirt/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

ipq-wifi: Work around Plasma Cloud PA1200 5GHz crash

It was noticed [1] that the ath10k firmware crashes on 5GHz since OpenWrt
21.02.0. The problem seems to be triggered by the the nonLinearTxFir field
in the 5GHz BDF. If baseEepHeader.nonLinearTxFir (offset 0xc2) is 1 then
the firmware just crashes when setting up the 5Ghz radio using `ifconfig
wlan1 up`:

  ath10k_ahb a800000.wifi: firmware crashed! (guid 9e36ee82-4d2c-4c63-b20b-609a1eaca30c)
  ath10k_ahb a800000.wifi: qca4019 hw1.0 target 0x01000000 chip_id 0x003b00ff sub 0000:0000
  ath10k_ahb a800000.wifi: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 0
  ath10k_ahb a800000.wifi: firmware ver 10.4-3.6-00140 api 5 features no-p2p,mfp,peer-flow-ctrl,btcoex-param,allows-mesh-bcast,no-ps crc32 ba79b746
  ath10k_ahb a800000.wifi: board_file api 2 bmi_id 0:17 crc32 5f400efc
  ath10k_ahb a800000.wifi: htt-ver 2.2 wmi-op 6 htt-op 4 cal pre-cal-file max-sta 512 raw 0 hwcrypto 1
  ath10k_ahb a800000.wifi: firmware register dump:
  ath10k_ahb a800000.wifi: [00]: 0x0000000B 0x000015B3 0x009C3C27 0x00975B31
  ath10k_ahb a800000.wifi: [04]: 0x009C3C27 0x00060530 0x00000018 0x004176B8
  ath10k_ahb a800000.wifi: [08]: 0x00405A50 0x00412A30 0x00000000 0x00000000
  ath10k_ahb a800000.wifi: [12]: 0x00000009 0x00000000 0x009B9742 0x009B974F
  ath10k_ahb a800000.wifi: [16]: 0x00971238 0x009B9742 0x00000000 0x00000000
  ath10k_ahb a800000.wifi: [20]: 0x409C3C27 0x004053DC 0x00000D2C 0x00405A60
  ath10k_ahb a800000.wifi: [24]: 0x809C3E13 0x0040543C 0x00000000 0xC09C3C27
  ath10k_ahb a800000.wifi: [28]: 0x809B9AC5 0x0040547C 0x00412A30 0x0040549C
  ath10k_ahb a800000.wifi: [32]: 0x809B8ECD 0x0040549C 0x00000001 0x00412A30
  ath10k_ahb a800000.wifi: [36]: 0x809B8FF3 0x004054CC 0x00412838 0x00000014
  ath10k_ahb a800000.wifi: [40]: 0x809BEF98 0x0040551C 0x0041627C 0x00000002
  ath10k_ahb a800000.wifi: [44]: 0x80986D47 0x0040553C 0x0041627C 0x00416A88
  ath10k_ahb a800000.wifi: [48]: 0x809CBB0A 0x0040559C 0x0041ACC0 0x00000000
  ath10k_ahb a800000.wifi: [52]: 0x809864EE 0x0040560C 0x0041ACC0 0x00000001
  ath10k_ahb a800000.wifi: [56]: 0x809CA8A4 0x0040564C 0x0041ACC0 0x00000001
  ath10k_ahb a800000.wifi: Copy Engine register dump:
  ath10k_ahb a800000.wifi: [00]: 0x0004a000  14  14   3   3
  ath10k_ahb a800000.wifi: [01]: 0x0004a400  16  16  22  23
  ath10k_ahb a800000.wifi: [02]: 0x0004a800   3   3   2   3
  ath10k_ahb a800000.wifi: [03]: 0x0004ac00  15  15  15  15
  ath10k_ahb a800000.wifi: [04]: 0x0004b000   4   4  44   4
  ath10k_ahb a800000.wifi: [05]: 0x0004b400   3   3   2   3
  ath10k_ahb a800000.wifi: [06]: 0x0004b800   1   1   1   1
  ath10k_ahb a800000.wifi: [07]: 0x0004bc00   1   1   1   1
  ath10k_ahb a800000.wifi: [08]: 0x0004c000   0   0 127   0
  ath10k_ahb a800000.wifi: [09]: 0x0004c400   0   0   0   0
  ath10k_ahb a800000.wifi: [10]: 0x0004c800   0   0   0   0
  ath10k_ahb a800000.wifi: [11]: 0x0004cc00   0   0   0   0
  ath10k_ahb a800000.wifi: failed to update channel list: -108
  ath10k_ahb a800000.wifi: failed to set pdev regdomain: -108
  ath10k_ahb a800000.wifi: failed to create WMI vdev 0: -108
  ieee80211 phy1: Hardware restart was requested

Since no actual solution is known (besides downgrading the ath10k firmware)
it seems to be better to disable the nonLinearTxFir for now.

[1] https://lore.kernel.org/ath10k/3423718.UToCqzeSYe@ripper/

Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit 8b090708208501a60e71d0118b9860dd401d7d8d)

ipq-wifi: Update Plasma Cloud PA1200 BDFs to firmware 3.5.12

The official Plasma Cloud firmware adjusted the BDFs to contain new
conformance test limits and target power values. These should be imported
to avoid emissions outside the allowed limits.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit e0721608f9620b570c7f18d94681e86b01c0b9a0)

hostapd: fix segfault when deinit mesh ifaces

In hostapd_ubus_add_bss(), ubus objects are not registered for mesh
interfaces. This provokes a segfault when accessing the ubus object in
mesh deinit.

This commit adds the same condition to hostapd_ubus_free_bss() for
discarding those mesh interfaces.

Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
(cherry picked from commit 5269c47e8db549695ceaf6a19afdd0cb90074622)

rockchip: fix broken squashfs sysupgrade

The rockchip platform supports squashfs SD card images. However, the
resulting image is not padded to completely fill the rootfs partition.

Because of that, the f2fs overlay might not be erased, resulting in
uci-defaults not bing executed or the configuration not being erased,
even though drop config was selected.

Modify the image generation process so the image is padded to cover the
entire root filesystem partition.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit b56f7407d999d29c200c8c5880655926ef9874b7)

apm821xx: MBL: band-aid MBL DUO

Takimata reported on the OpenWrt forum in thread [0], that his
MyBook Live Duo wasn't booting OpenWrt 21.02 after upgrading
from the previous OpenWrt 19.07.

The last logged entries on his console

|[    0.531599] sata1-regulator GPIO handle specifies active low - ignored
|[    0.538391] sata0-regulator GPIO handle specifies active low - ignored
|[    0.759791] ata2: SATA link down (SStatus 0 SControl 300)
|[    0.765251] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
|[    5.909555] ata1.00: qc timeout (cmd 0xec)
|[    5.913656] ata1.00: failed to IDENTIFY (I/O error, err_mask=0x4)
|[    6.231757] ata1: SATA link down (SStatus 0 SControl 300)

This extract clearly showed that the HDD on which OpenWrt is installed,
simply disappeared after the SATA power regulators had been initialized.

Since the device-tree regulators haven't changed since the OpenWrt 19.07
days this will require further investigation on the snapshot/master/trunk
branch.

For the time being, it was requested to just delete the nodes so,
the device will boot again. Which unfortunately,  will have to wait
until 21.02.1 is released.

He also confirmed that the My Book Live Single wasn't affected.
It works with or without this change.

[0] <https://forum.openwrt.org/t/21-02-0-and-snapshot-fail-to-boot-on-my-book-live-duo/106585>

Reported-by: Takimata (forum.openwrt.org/u/takimata)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>

mac80211: Update to backports-5.10.68

Refresh all patches.
The removed patches were integrated upstream.

This contains fixes for CVE-2020-3702

1. These patches (ath, ath9k, mac80211) were included in kernel
versions since 4.14.245 and 4.19.205. They fix security vulnerability
CVE-2020-3702 [1] similar to KrØØk, which was found by ESET [2].

Thank you Josef Schlehofer for reporting this problem.

[1] https://nvd.nist.gov/vuln/detail/CVE-2020-3702
[2] https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

ramips: add support for minew g1-c

The minew g1-c is a smart home gateway / BLE gateway.
A Nordic nRF52832 is available via USB UART (cp210x) to support BLE.
The LED ring is a ring of 24x ws2812b connect to a generic GPIO (unsupported).
There is a small LED which is only visible when the device is open which
will be used as LED until the ws2812b is supported.
The board has also a micro sdcard/tfcard slot (untested).
The Nordic nRF52832 exposes SWD over a 5pin header (GND, VCC, SWD, SWC, RST).
The vendor uses an older OpenWrt version, sysupgrade can be used via
serial or ssh.

CPU: MT7628AN / 580MHz
RAM: DDR2 128 MiB RAM
Flash: SPI NOR 16 MiB W25Q128
Ethernet: 1x 100 mbit (Port 0) (PoE in)
USB: USB hub, 2x external, 1x internal to USB UART
Power: via micro usb or PoE 802.11af
UART: 3.3V, 115200 8n1

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>

ipq40xx: Fix board-2.bin package name for Plasma Cloud PA2200

The board data file for the Plasma Cloud PA2200 is not part of the default
board-2.bin which is shipped by ath10k-board-qca4019. A typo in the device
package name resulted in a not correctly selected package for the device
specific board-2.bin. The wifi driver has therefore loaded the wrong
calibration information into the wifi chip.

Fixes: 4871fd2616ac ("ipq40xx: add support for Plasma Cloud PA2200")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit c7e9335e4c23f3bd074cb2b215a289b8b75f319c)

ipq40xx: Fix board-2.bin package name for Plasma Cloud PA1200

The board data file for the Plasma Cloud PA1200 is not part of the default
board-2.bin which is shipped by ath10k-board-qca4019. A typo in the device
package name resulted in a not correctly selected package for the device
specific board-2.bin. The wifi driver has therefore loaded the wrong
calibration information into the wifi chip.

Fixes: ea5bb6bbfee0 ("ipq40xx: add support for Plasma Cloud PA1200")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit d0ffc175350f2be6174932dc0afd4d2737afe52d)

ipq40xx: Select correct board-2.bin for EnGenius EMR3500

The board data file for the EnGenius EMR3500 is not part of the default
board-2.bin which is shipped by ath10k-board-qca4019. As result, the wrong
calibration information will be loaded into the wifi chip.

Fixes: 3f61e5e1b97e ("ipq40xx: add support for EnGenius EMR3500")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit 14bd392a1cd0b8e267e4402ae27b3c5a8f66b933)

ipq40xx: Select correct board-2.bin for EnGenius EMD1

The board data file for the EnGenius EMD1 is not part of the default
board-2.bin which is shipped by ath10k-board-qca4019. As result, the wrong
calibration information will be loaded into the wifi chip.

Fixes: 51f303597839 ("ipq40xx: add support for EnGenius EMD1")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit d9f4a4280e674ddb4ec75ae2d73b0f86e0c282cc)

kernel: backport switchdev fix for bridge in bridge configurations

This patch fixes the forwarding behavior of bridge in bridge
configurations with DSA.

Without it, the configuration of the upper bridge might overwrite
settings of the lower bridge. For example, a vlan-aware bridge
with DSA interfaces in it might be offloaded to the DSA hardware. If the
bridge interface itself gets slave of a different bridge without vlan
filtering, the vlan filtering setting of the lower bridge is overwritten
by the upper bridge, which results in an incorrect hardware
configuration.

This was backported from kernel 5.7.

Ref: https://lore.kernel.org/netdev/20191222192235.GK25745@shell.armlinux.org.uk/
Fixes: FS#3996
Signed-off-by: Fabian Bläse <fabian@blaese.de>
(cherry picked from commit c50ece58c41647880cc74c927d98b465cdfbdad8)

kernel: Add missing kernel config options

These options are selectable when some of the kernel debug options like
KERNEL_SOFTLOCKUP_DETECTOR are selected.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1a3b3dc7974c98843baeb22251dc4c580dc771d6)

build: Replace KERNEL_LOCKUP_DETECTOR with KERNEL_SOFTLOCKUP_DETECTOR

The LOCKUP_DETECTOR configuration option split into the
SOFTLOCKUP_DETECTOR and HARDLOCKUP_DETECTOR configuration option some
time ago. The HARDLOCKUP_DETECTOR option is only working on some
architectures, but SOFTLOCKUP_DETECTOR should work everywhere. Replace
KERNEL_LOCKUP_DETECTOR with KERNEL_SOFTLOCKUP_DETECTOR.

LOCKUP_DETECTOR will be selected by SOFTLOCKUP_DETECTOR automatically.

Fixes: b951f53fbae3 ("build: Add additional kernel debug options")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d27f6e2c5d2a2315cc8fe684d117c80aa9984ca8)

kirkwood: increase kernel partition of Linksyses

At this moment kernel partition in Linksyses EA3500/E4200/EA4500 is
ended before start of rootfs partition. It was introduced in 9808b9ae02
and it broke easy revert to stock. Sysupgrade, when OFW is used, write
whole stock image to kernel partition. Most likeley image will be bigger
than small kernel partition and it make stock system invalid.

This patch change size of kernel partitions and now it overlaps rootfs.
Revert to stock will be possible again.

Fixes: 9808b9ae02 ("kirkwood: switch to kernel 4.9")
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>

mvebu: limit mvneta tx queue workaround to 32 bit SoC

This patch has been carried since introduction throughout every kernel
major bump and no one has tested if the later kernels improved the
situation. The Armada 3720 SoC can only process GbE interrupts on Core 0
and this is already limited in all stable kernels, so ditch this
workaround for 64 bit SoCs.

Ref: https://git.kernel.org/torvalds/c/cf9bf871280d

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
(cherry picked from commit cbdd2b62e4d5e0572204c37d874d32dc8610840e)

OpenWrt v21.02.0: revert to branch defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

OpenWrt v21.02.0: adjust config defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

ath79: add support for onion omega

The Onion Omega is a hardware development platform with built-in WiFi.

https://onioniot.github.io/wiki/

Specifications:
- QCA9331 @ 400 MHz (MIPS 24Kc Big-Endian Processor)
- 64MB of DDR2 RAM running at 400 MHz
- 16MB of on-board flash storage
- Support for USB 2.0
- Support for Ethernet at 100 Mbps
- 802.11b/g/n WiFi at 150 Mbps
- 18 digital GPIOs
- A single Serial UART
- Support for SPI
- Support for I2S

Flash instructions:
The device is running OpenWrt upon release using the ar71xx target.
Both a sysupgrade
and uploading the factory image using u-boots web-UI do work fine.

Depending on the ssh client, it might be necessary to enable outdated
KeyExchange methods e.g. in the clients ssh-config:

Host 192.168.1.1
        KexAlgorithms +diffie-hellman-group1-sha1

The stock credentials are: root onioneer

For u-boots web-UI manually configure `192.168.1.2/24` on your computer,
connect to `192.168.1.1`.

MAC addresses as verified by OEM firmware:
2G       phy0      label
LAN      eth0      label - 1

LAN is only available in combination with an optional expansion dock.

Based on vendor acked commit:
commit 5cd49bb067ca ("ar71xx: add support for Onion Omega")

Partly reverts:
commit fc553c7e4c8e ("ath79: drop unused/incomplete dts")

Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
(cherry picked from commit d98738b5c118fc45068b45f07b8b6938e91f35d2)

kernel: bump 5.4 to 5.4.143

Manually rebased:
bcm27xx/patches-5.4/950-1031-net-lan78xx-Ack-pending-PHY-ints-when-resetting.patch

Removed upstreamed:
mvebu/patches-5.4/100-cpufreq-armada-37xx-forbid-cpufreq-for-1.2-GHz-variant.patch

All others updated automatically.

Compile-tested on: lantiq/xrx200, armvirt/64
Runtime-tested on: lantiq/xrx200, armvirt/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

openssl: bump to 1.1.1l

This version fixes two vulnerabilities:
  - SM2 Decryption Buffer Overflow (CVE-2021-3711)
    Severity: High

  - Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
    Severity: Medium

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7119fd32d397567931e63dbbf72014e95624018f)

prereq-build: require python3-distutils

Debian and Ubuntu ship a python3-minimal package which does not include
the distutils module. This is not supported by upstream and can be
considered a broken python distribution.

In practice, many scripts depend on said module, and this is a reoccuring
pain point for building various OpenWrt packages.

Require and check for said module, enough time has been wasted on this.

A list of just the most recent issues:
https://github.com/openwrt/packages/pull/16304
https://github.com/openwrt/packages/pull/16027
https://github.com/openwrt/packages/pull/15443
https://github.com/openwrt/packages/pull/14394
https://github.com/openwrt/packages/pull/12909
https://github.com/openwrt/packages/issues/12443
https://github.com/openwrt/packages/pull/11035
https://github.com/openwrt/packages/issues/10993

Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit 60af8d753343691c4a647bfc7c51ef6eb92df9f2)

uboot-layerscape: fix dtc compilation on host gcc 10

Backport a patch from upstream U-Boot to fix the compile with host GCC 10.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 8d143784cb8fafccdbcdc0bd5d1aa47d3d676f70)

uboot-at91: fix dtc compilation on host gcc 10

Backport a patch from upstream U-Boot to fix the compile with host GCC 10.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a1034afba8ea8bec48e2528fdae0fb74a6757e53)

kernel: bump 5.4 to 5.4.142

Compile-tested: ath79-generic ipq40xx-generic
Run-tested: ipq40xx-generic

Signed-off-by: David Bauer <mail@david-bauer.net>

ipq40xx: fix Edgecore ECW5211 boot

The bootloader will look for a configuration section named ap.dk01.1-c2
in the FIT image. If this doesn't exist, the device won't boot.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit a43da1be43ae251f0edaa6419612e600fc6ec972)

ath79: kernel: Add missing quote to drivers/mfd/Kconfig

A missing quote in target/linux/ath79/patches-5.x/920-mikrotik-rb4xx.patch
produces:

...
scripts/kconfig/conf --syncconfig Kconfig
drivers/mfd/Kconfig:2016:warning: multi-line strings not supported
...

This patch adds missing closing quote, fixing the above warning.

Signed-off-by: Paul Blazejowski <paulb@blazebox.homeip.net>
(cherry picked from commit f7374bce00a97fda78ace3acaef48369e8246814)

bcm27xx-userland: update to latest version

Properly recognise all BCM2711 variants

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>

bcm27xx-userland: factor out a -dev package

Installing headers and static libraries to the target system seems
to be not required for most use cases, so let's factor them
out into a dedicated -dev package.

This cuts down to disk usage to around 50% of the original
package to ~ 2MB - not that disk space is an issue normally,
but when using inside an initramfs only project, it counts.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

x86: kernel: set NR_CPUS to 512

NR_CPUS limits the number of CPUs supported to 8. This makes total sense
on hardware-restircted platforms, but not on x86_64, where CPUs with
more than 8 cores can be easily acquired and with less physical limitaions.

see also: https://forum.openwrt.org/t/x86-64-8-cpu-limitation-on-vanilla-release/100946

Signed-off-by: Edgar Su <sjs333@outlook.com>
(cherry picked from commit df554e6fcab171ec499d8fb2ed10a0da328323f3)

fritz-tools: fix returning wrong values due to strncmp usage

When having two keys that start with the same characters and the second
key just has one character more nand_tffs_read and tffs_read return the
wrong value for the longer key. This is due to the usage of strncmp in
combination with the length of the shorter key which is usually first in
the list before the longer key and when strncmp matches, the search is
stopped. The problem only occurs when the length of the two keys is
different, not if just the last character is different. The fix is to
use strcmp and as such it will only return the value if the key (name)
and the key to look for (namefilter) have the same value and length. A
sample case returning wrong values is when keys macwlan and macwlan2 are
defined and querying macwlan2 returns the value for macwlan.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
(cherry picked from commit 12564c5b860f9849c9a2fb7026c2c11150b9a4fc)

mbedtls: update to 2.16.11

Switched to AUTORELEASE to avoid manual increments.

Release notes:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit fcfd741eb83520e496eb09de5f8b2f2b62792a80)

mvebu: armada-37xx: add patch to forbid cpufreq for 1.2 GHz

This patch is backported from linux-arm-kernel [1] to improve situation, when
it was reported that 1.2 GHz variant is unstable with DFS.
It waits to be accepted upstream, however, it waits for Marvell people to respond.

[1] https://patchwork.kernel.org/project/linux-arm-kernel/patch/20210630225601.6372-1-kabel@kernel.org/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit d3794768177293f584cc74f90c921276793da1e7)

Revert "mvebu: 5.4 fix DVFS caused random boot crashes"

Based on the discussion on the mailing list [1], the patch which was
reverted, it reverts only one patch without the subsequent ones.

This leads to the SoC scaling issue not using a CPU parent clock, but
it uses DDR clock. This is done for all variants, and it's wrong because
commits (hacks) that were using the DDR clock are no longer in the mainline kernel.

If someone has stability issues on 1.2 GHz, it should not affect all
routers (1 GHz, 800 MHz) and it should be rather consulted with guys, who are trying to
improve the situation in the kernel and not making the situation worse.

There are two solutions in cases of instability:
a) disable cpufreq
b) underclock it up to 1 GHz

This reverts commit 080a0b74e39d159eecf69c468debec42f28bf4d8.

[1] https://lists.openwrt.org/pipermail/openwrt-devel/2021-June/035702.html

CC: Pali Rohár <pali@kernel.org>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 7b868fe04a8961048feec1143e72fe47bde52a12)

dnsmasq: reset EXTRA_MOUNT in the right place

EXTRA_MOUNT variable should be reset in dnsmasq_start() rather than
just once at the beginning of the script.

Fixes: ac4e8aa2f8 ("dnsmasq: fix more dnsmasq jail issues")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ddc8d085f39dea998f59680fb556ca72d779a3b1)

dnsmasq: fix more dnsmasq jail issues

* remove superflus mounts of /dev/null and /dev/urandom
* reset EXTRA_MOUNTS at the beginning of the script
* add mount according to ignore_hosts_dir
* don't add mount for file which is inside a directory already in the
EXTRA_MOUNTS list

Fixes: 59c63224e1 ("dnsmasq: rework jail mounts")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ac4e8aa2f8d98158ea7b749f877269f1f5fa9c5a)

dnsmasq: rework jail mounts

* split into multiple lines to improve readability
* use EXTRA_MOUNT for addnhosts instead of blindly adding /tmp/hosts
* remove no longer needed mount for /sbin/hotplug-call
* add dhcp-script.sh dependencies (jshn, ubus)

Fixes: 3a94c2ca5c ("dnsmasq: add /tmp/hosts/ to jail_mount")
Fixes: aed95c4cb8 ("dnsmasq: switch to ubus-based hotplug call")
Reported-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 59c63224e11d6c4eca27131a73bf16218e47a271)

dnsmasq: use local option for local domain parameter

'--local' is a synonym for '--server' so let's use '--local' in the
resultant config file for uci's 'local' instead of uci's local
parameter being turned into '--server'. Slightly less confusion all
round.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit e4cfefa9fc3d22da5705b554785ba9c533c373d0)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

dnsmasq: add ignore hosts dir to dnsmasq init script

When running multiple instances of dnsmasq, for example one being for the lan
and another for a guest network, it might not be desirable to have the same dns names
configured in both networks

Signed-off-by: João Henriques <joaoh88@gmail.com>
(cherry picked from commit e8a5670122e04574fdb5855ecd63d18f317c5bfd)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>

OpenWrt v21.02.0-rc4: revert to branch defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

OpenWrt v21.02.0-rc4: adjust config defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

kernel: bump 5.4 to 5.4.137

Manually rebased
generic/pending-5.4/680-NET-skip-GRO-for-foreign-MAC-addresses.patch

All others updated automatically.

Compile-tested on: ramips/mt7621, armvirt/32
Runtime-tested on: ramips/mt7621, armvirt/32

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

ramips: mt76x8: add missing config symbol

PWM_MEDIATEK was not defined, breaking builds for the mt76x8 subtarget.

Signed-off-by: David Bauer <mail@david-bauer.net>

x86: move Kconfig symbol to common config

This is required for all x86 targets. x86-legacy missed this config
symbol, breaking the build.

Signed-off-by: David Bauer <mail@david-bauer.net>

generic: add missing Kconfig symbol

Fixes build errors for sunxi as well as rockchip targets.

Signed-off-by: David Bauer <mail@david-bauer.net>

ath79: fix JT-OR750i switch LED assignment

The LEDs for LAN1 and LAN3 were swapped. Link on port 1 would illuminate
the LED on port 3 and vice versa.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit f0a885ed8636b9762d12f2eb2755f63297ff0cb5)

ath79: enable missing pinmux for JT-OR750i

Without explicit configuration of these pins the ethernet as well as
status LED of the device do not work correctly.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 4feb9a4211d4c8e118e6b8f01fa0bbd4eab5d35c)

ath79: add support for Joy-IT JT-OR750i

Specifications:
* QCA9531, 16 MiB flash (Winbond W25Q128JVSQ), 128 MiB RAM
* 802.11n 2T2R (external antennas)
* QCA9887, 802.11ac 1T1R (connected with diplexer to one of the antennas)
* 3x 10/100 LAN, 1x 10/100 WAN
* UART header with pinout printed on PCB

Installation:
* The device comes with a bootloader installed only
* The bootloader offers DHCP and is reachable at http://10.123.123.1
* Accept the agreement and flash sysupgrade.bin
* Use Firefox if flashing does not work

TFTP recovery with static IP:
* Rename sysupgrade.bin to jt-or750i_firmware.bin
* Offer it via TFTP server at 192.168.0.66
* Keep the reset button pressed for 4 seconds after connecting power

TFTP recovery with dynamic IP:
* Rename sysupgrade.bin to jt-or750i_firmware.bin
* Offer it via TFTP server with a DHCP server running at the same address
* Keep the reset button pressed for 6 seconds after connecting power

Co-authored-by: Sebastian Schaper <openwrt@sebastianschaper.net>
Signed-off-by: Vincent Wiemann <vincent.wiemann@ironai.com>
(cherry picked from commit 55b4b3655263984b92e4b9fc515a5e6b8003c655)

netifd: update to the latest version

440eb0647708 bridge: fix regression in bringing up bridge ports

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 39f81b0bf687017b4d086255c94166e662ac177e)

netifd: update to the latest version

85f01c44a950 bridge: check bridge port vlan membership on link-up events
17e453bd68b4 wireless: add back regular virtual interfaces on hotplug-add events as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 2801fe6132c4e2e364e2d5a304594185351b501b)

glibc: update to latest 2.33 HEAD (bug 28011)

b5711025bc x86_64: Remove unneeded static PIE check for undefined weak diagnostic
edfd11197e wordexp: handle overflow in positional parameter number (bug 28011)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 9d2dcc83128a035262bf15b8bbd1f57622465b42)

glibc: update to latest 2.33 HEAD (BZ #27646, bug 27896, BZ #15271)

58b90461ae elf: Use _dl_catch_error from base namespace in dl-libc.c [BZ #27646]
8c06748c51 Fix use of __pthread_attr_copy in mq_notify (bug 27896)
4b6be914bd Use __pthread_attr_copy in mq_notify (bug 27896)
f4cba6ca1e dlfcn: Failures after dlmopen should not terminate process [BZ #15271]

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit f033d5ad1c28e07eb6de2ce3ea8650dc7080d6d0)

dnsmasq: distinct Ubus names for multiple instances

Currently, when using multiple dnsmasq instances they are all assigned
to the same Ubus instance name. This does not work, as only a single
instance can register with Ubus at a time. In the log, this leads to
`Cannot add object to UBus: Invalid argument` error messages.
Furthermore, upstream 3c93e8eb41952a9c91699386132d6fe83050e9be changes
behaviour so that instead of the log, dnsmasq exits at start instead.

With this patch, all dnsmasq instances are assigned unique names so that
they can register with Ubus concurrently. One of the enabled instances
is always assigned the previous default name "dnsmasq" to avoid breaking
backwards compatibility with other software relying on that default.
Previously, a random instance got assigned that name (while the others
produced error logs). Now, the first unnamed dnsmasq config section is
assigned the default name. If there are no unnamed dnsmasq sections the
first encountered named dnsmasq config section is assigned instead.

A similar issue exists for Dbus and was similarly addressed.

Signed-off-by: Etan Kissling <etan.kissling@gmail.com>
[tweaked commit message] dnsmasq was not crashing it is exiting
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit ba5bd8e556b2e7573d27b16e005ba287e066f795)

kernel: bump 5.4 to 5.4.132

Manually rebased
layerscape/patches-5.4/805-display-0002-drm-rockchip-prepare-common-code-for-cdns-and-rk-dpi.patch

All others updated automatically.

Compile-tested on: ramips/mt7621
Runtime-tested on: ramips/mt7621

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

dnsmasq: add /tmp/hosts/ to jail_mount

Programs like the olsr-name-plugin write hostname files to "/tmp/hosts/".
If you don't add this to the jail_mount, dnsmasq can't read it anymore.

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 3a94c2ca5cf7c11ca150fa3ae884e7be8d07a281)

odhcpd: fix invalid DHCPv6 ADVERTSIE with small configured leasetime (FS#3935)

bc9d317 dhcpv6-ia: fix invalid preferred lifetime

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 033d5ff25eaf4facbaab09153982e7321fe282e6)

ipq40xx: fix FRITZRepeater 1200 RGMII delay

When the AVM FRITZ!Repeater 1200 was introduced on Kernel 4.19, the
at803x PHY driver incorrectly set up the delays, not disabling delays
set by the bootloader.

The PHY was always operating with RX as well as TX delays enabled, but
with kernel 5.4 and later, the required TX delay is disabled, breaking
ethernet operation.

Correct the PHY mode, so the driver enables both delays.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit f9d18281051c894eacd40f10c10b430c6c9082ad)

netifd: update to the latest version

7f24a063475e vlan: fix device vlan alias handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit d1a812c49b57636efcb9ef6f5f0aff4f11eb6b36)

mpc85xx: add missing Kconfig symbols

Signed-off-by: David Bauer <mail@david-bauer.net>

netifd: update to the latest version

61a71e5e49c3 bridge: dynamically create vlans for hotplug members
cb6ee9608e10 bridge: fix dynamic delete of hotplug vlans
7f199050f395 wireless: pass the real network ifname to the setup script
50381d0a2998 bridge: allow adding/removing VLANs to configured member ports via hotplug
f12b073c0cc3 wireless: add some comments to functions
b0d090688302 bridge: fix setting pvid for updated vlans
ff3764ce28e0 device: move hotplug handling logic from system-linux.c to device.c
16bff892f415 ubus: add a dummy mode ubus call to simulate hotplug events
7f30b02013f2 examples: make dummy wireless vif names shorter
013a1171e9b0 device: do not treat devices with non-digit characters after . as vlan devices
f037b082923a wireless: handle WDS per-sta devices
db0fa24e1c17 bridge: fix enabling hotplug-added VLANs on the bridge port
4e92ea74273f bridge: bring up pre-existing vlans on hotplug as well
1f283c654aeb bridge: fix hotplug vlan overwrite on big-endian systems

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 1236cbe30cec8e3e8246237005140596f8611ce9)

mediatek: add missing config symbols

Signed-off-by: David Bauer <mail@david-bauer.net>

generic: add missing config symbols

Signed-off-by: David Bauer <mail@david-bauer.net>

iwinfo: move device info into -data package

Backport upstream patch a0a0e02 ("iwinfo: rename hardware.txt to devices.txt")
and split devices.txt (former hardware.txt) into a common libiwinfo-data
package to allow different libiwinfo versions to coexist without file
clashes.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit c13d7c82aa4cd2cbf1f61bad857cd01b795318e3)

build: ensure that dash isn't prepended twice to abi version suffix

The ABIV_$(pkgname) variable already is formatted so return it as-is from
the GetABISuffix macro and only filter through FormatABISuffix if we read
the raw ABI version value from a version stamp file.

This ensures that binary intra-package dependencies on ABI versioned
libraries are properly formatted.

Ref: https://github.com/openwrt/packages/issues/15871
Fixes: f6a03bff5b ("build: prepend ABI suffixes with a dash if package name ends with digit")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit fbb9b1f8ed0d8a76dd989cc6c16a4e0fda2b6e74)

build: prepend ABI suffixes with a dash if package name ends with digit

Ensure that ABI suffixes are separated with a dash from the package name if
the name happens to end with a digit. This implementation detail got lost
during the recent refactoring of the ABI_VERSION handling in buildroot.

Ref: https://github.com/openwrt/packages/pull/14237#issuecomment-860473585
Fixes: c921650382 ("build: drop ABI version from metadata")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f6a03bff5bccdbf9165087bccbb35095903d05c6)

ath79: add missing MTD_NAND_RB91X symbol

Looks like the symbol was forgotten for 5.4

Fixes: 820e660cd7 ("ath79: add NAND driver for MikroTik RB91xG series")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 52c27dab1973d523453fc1e319d8636e1cb10927)

ath79: add missing GPIO_LATCH symbol

Fixes commit 7b8931678c36 ("ath79: add gpio-latch driver for MikroTik RouterBOARDs")

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit f2f137593eb6c0e849352e85c003c91f8be81dd1)

ath79: mikrotik: fix beeper phantom noise on RB912

Analysis done by Denis Kalashnikov:

It seems that some ROS versions on some routerboard models have this bug:
after silence boot (no output to uart, no beeps) beeper clicks when wireless traffic is.

https://forum.mikrotik.com/viewtopic.php?f=3&t=92269
https://forum.mikrotik.com/viewtopic.php?t=63399

From these links:

1)
Hello, I have RB951G-2HnD and I noticed strange thing
when I loaded the device with some wireless traffic it
produced strange sound - like hissing, fizzing etc.

2)
Same problem still on 6.33, with silent boot enabled
I hear buzzing noise on wireless load.

3)
The sound is fixed in v5.19, it was a bug that caused beeper to make clicks.

It also got fixed in RouterOS:

* What's new in 5.19 (2012-Jul-16 10:51):
fix ticking sound on RB411UAHL;

* What's new in 6.38.3 (2017-Feb-07 09:52):
rb3011 - fixed noise from buzzer after silent boot;

I've checked with an oscilloscope that:
* When on the ssr beeper pin is 0,
  on the beeper itself is 1 (~5V),
  and when on the ssr beeper pin is 1,
  on the beeper is 0
  The beeper doesn't consume power,
  so 1 should be a default/idle value for the ssr beeper pin).
* When there is wireless traffic (ping packets)
  in the background and the beeper clicks, I see
  pulses on the beeper itself,
  but no pulses on the ssr beeper pin (Q5 pin of 74hc595).
  When I manually toggle the ssr beeper pin I see pulses on both.
  So, it is likely that the phantom beeper clicks are caused by the EMI.

Suggested-by: Denis Kalashnikov <denis281089@gmail.com>
Reviewed-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit a58bcc9e673db3c6aa39f2089d216d51c8356418)

ath79: ar934x: fix mounting issues if subpage is not supported

Currently, the option to disable subpage writing is only set
when a HW ECC engine is used.

Some boards lack a HW ECC engine and use software for that.
In this case, this NAND option does not get set when the NAND chip
does not support it, resulting in mounting errors.

Move the setting of this option to a generic init location so it
gets set for all types where required.

While at it, also OR the option instead of just setting it
so we don't overwrite potential flags being set somewhere else.

Before:

[    1.681273] UBI: auto-attach mtd2
[    1.684669] ubi0: attaching mtd2
[    1.688877] ubi0 error: validate_ec_hdr: bad VID header offset 2048, expected 512
[    1.696469] ubi0 error: validate_ec_hdr: bad EC header
[    1.701712] Erase counter header dump:
[    1.705512]  magic          0x55424923
[    1.709322]  version        1
[    1.712330]  ec             1
[    1.715331]  vid_hdr_offset 2048
[    1.718610]  data_offset    4096
[    1.721880]  image_seq      1462320675
[    1.725680]  hdr_crc        0x12255a15

After:

    1.680917] UBI: auto-attach mtd2
[    1.684308] ubi0: attaching mtd2
[    2.954504] random: crng init done
[    3.142813] ubi0: scanning is finished
[    3.163455] ubi0: attached mtd2 (name "ubi", size 124 MiB)
[    3.169069] ubi0: PEB size: 131072 bytes (128 KiB), LEB size: 126976 bytes
[    3.176037] ubi0: min./max. I/O unit sizes: 2048/2048, sub-page size 2048
[    3.182942] ubi0: VID header offset: 2048 (aligned 2048), data offset: 4096
[    3.190013] ubi0: good PEBs: 992, bad PEBs: 0, corrupted PEBs: 0
[    3.196102] ubi0: user volume: 3, internal volumes: 1, max. volumes count: 128
[    3.203434] ubi0: max/mean erase counter: 2/0, WL threshold: 4096, image sequence number: 1462320675
[    3.212700] ubi0: available PEBs: 0, total reserved PEBs: 992, PEBs reserved for bad PEB handling: 20
[    3.222124] ubi0: background thread "ubi_bgt0d" started, PID 317
[    3.230246] block ubiblock0_1: created from ubi0:1(rootfs)
[    3.235819] ubiblock: device ubiblock0_1 (rootfs) set to be root filesystem
[    3.256830] VFS: Mounted root (squashfs filesystem) readonly on device 254:0.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry-picked from commit 6561ca1fa510003a19ea7f8800535f12e5098ce2)

ath79: add support for MikroTik RouterBOARD 912UAG-2HPnD

This board has been supported in the ar71xx.

Links:
* https://mikrotik.com/product/RB912UAG-2HPnD
* https://openwrt.org/toh/hwdata/mikrotik/mikrotik_rb912uag-2hpnd

This also supports the 5GHz flavour of the board.

Hardware:
* SoC: Atheros AR9342,
* RAM: DDR 64MB,
* SPI NOR: 64KB,
* NAND: 128MB,
* Ethernet: x1 10/100/1000 port with passive POE in,
* Wi-Fi: 802.11 b/g/n,
* PCIe,
* USB: 2.0 EHCI controller, connected to mPCIe slot and a Type-A
  port -- both can be used for LTE modem, but only one can be
  used at any time.
* LEDs: 5 general purpose LEDs (led1..led5), power LED, user LED,
  Ethernet phy LED,
* Button,
* Beeper.

Not working:
* Button: it shares gpio line 15 with NAND ALE and NAND IO7,
  and current drivers doesn't easily support this configuration,
* Beeper: it is connected to bit 5 of a serial shift register
  (tested with sysfs led trigger timer). But kmod-gpio-beeper
  doesn't work -- we left this as is for now.

Flashing:
* Use the RouterBOARD Reset button to enable TFTP netboot,
boot kernel and initramfs and then perform sysupgrade.
* From ar71xx OpenWrt firmware run:
  $ sysupgrade -F /tmp/<sysupgrade.bin>
For more info see: https://openwrt.org/toh/mikrotik/common.

Co-Developed-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Reviewed-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Signed-off-by: Denis Kalashnikov <denis281089@gmail.com>
(cherry-picked from commit 695a1cd53ca52c678b3f837deb1bf30204285360)

ath79: add NAND driver for MikroTik RB91xG series

Main part is copied from ar71xx original driver rb91x_nand
written by Gabor Juhos <juhosg@openwrt.org>.

What is done:
* Support of kernel 5.4 and 5.10,
* DTS support,
* New gpio API (gpiod_*) support.

Reviewed-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Signed-off-by: Denis Kalashnikov <denis281089@gmail.com>
(cherry-picked from commit 820e660cd7463aa6d5ed9d31baf0f3c35596ce57)

ath79: add gpio-latch driver for MikroTik RouterBOARDs

This is a slighty modified version of ar71xx gpio-latch driver
written by Gabor Juhos <juhosg@openwrt.org>.

Changes:
* DTS support,
* New gpio API (gpiod_*).

Reviewed-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Signed-off-by: Denis Kalashnikov <denis281089@gmail.com>
(cherry-picked from commit 7b8931678c36c8d8c333b446258a653b1358bf70)

hostapd: make wnm_sleep_mode_no_keys configurable

In the aftermath of the KRACK attacks, hostapd gained an AP-side workaround
against WNM-Sleep Mode GTK/IGTK reinstallation attacks. WNM Sleep Mode is not
enabled by default on OpenWrt, but it is configurable through the option
wnm_sleep_mode. Thus, make the AP-side workaround configurable as well by
exposing the option wnm_sleep_mode_no_keys. If you use the option
wpa_disable_eapol_key_retries and have wnm_sleep_mode enabled, you might
consider using this workaround.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[bump PKG_RELEASE]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit bf98faaac8ed24cf7d3d93dd4fcd7304d109363b)

hostapd: make country3 option configurable

The country3 option in hostapd.conf allows the third octet of the country
string to be set. It can be used e.g. to indicate indoor or outdoor use (see
hostapd.conf for further details). Make this option configurable but optional
in OpenWrt.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[bump PKG_RELEASE, rebase]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 9f09c1936a4a13b67fcba632f7ca02331f685359)
Signed-off-by: Paul Spooren <mail@aparcar.org>

ltq-deu: Mark lantiq DEU broken

When the ltq_deu_vr9 kernel module is loaded, hostapd does not start any
more. It fails with this error message:
daemon.err hostapd: nl80211: kernel reports: key addition failed
daemon.err hostapd: Interface initialization failed

OpenWrt uses the standard Linux crypto API in the wifi drivers now
and this probably makes the system offload more crypto operations to
special hardware like the Lantiq DEU. There is probably a bug in the DEU
and these operations fail and then hostapd does not start the interface.

Do not include the Lantiq DEU by default any more.

Fixes: FS#3901
Fixes: 53b6783907f3 ("mac80211: remove patches stripping down crypto support")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Tested-by: Notupus <notpp46@gmail.com>
(cherry-picked from commit 964863bb23999a1fae99b883053cc4f3c5c42b40)

iwinfo: build with nl80211 backend only and make shared

Drop support for building the obsolete broadcom-wl backend and always
forcibly enable the nl82011 support. This allows us to make the package
shared again since no target specific compilation is happening anymore.

This will solve various repository coherency issues related to unavailable
libiwinfo versions in the long run.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 5a1065758b88b568a04a50189400321601904bdf)

treewide: unmark selected packages nonshared

This partially reverts changes done in commit 72cc44958ef4 ("treewide:
mark selected packages nonshared") as it removes the nonshared flag, but
keeps the PKG_RELEASE as the PKG_RELEASE bump while adding nonshared
flag was incorrect.

Unmark uci, ubus, libubox, lua, libnl-tiny and libjson-c as nonshared
packages as this fix attempt didn't worked out. Currently the
imagebuilder is broken again:

openwrt-imagebuilder-21.02.0-rc3-ipq40xx-generic.Linux-x86_64$ make image PROFILE=avm_fritzbox-7530 PACKAGES=luci-ssl-openssl
...
Collected errors:
  * pkg_hash_check_unresolved: cannot find dependency libiwinfo20210430 for luci-mod-status
  * pkg_hash_fetch_best_installation_candidate: Packages for luci-mod-status found, but incompatible with the architectures configured
  * pkg_hash_check_unresolved: cannot find dependency libiwinfo20210430 for rpcd-mod-iwinfo
  * pkg_hash_fetch_best_installation_candidate: Packages for rpcd-mod-iwinfo found, but incompatible with the architectures configured
  * satisfy_dependencies_for: Cannot satisfy the following dependencies for luci-ssl-openssl:
  * libiwinfo20210430
  * opkg_install_cmd: Cannot install package luci-ssl-openssl.

Everything because iwinfo's ABI was changed two times since rc3 release:

+IWINFO_ABI_VERSION:=20210430
+IWINFO_ABI_VERSION:=20210420

Since iwinfo is marked as nonshared, it wasn't built by phase2 builders, but
luci-mod-status was already updated 2 times since rc3 and was thus rebuilt by
phase2 builders:

d1d452ed2fb3 luci-mod-status: don't set '-' hostname when creating static lease
95b3633055c1 luci-mod-status: switch to html table for wlan channel analysis

So now luci-mod-status depends on libiwinfo20210430 but only
libiwinfo20210106 can be downloaded. This is first part of the fix, in
the upcoming commit Jo is going to remove nonshared flag from iwinfo
package as well.

References: https://lists.infradead.org/pipermail/openwrt-devel/2021-July/035736.html
References: https://lists.infradead.org/pipermail/openwrt-devel/2021-July/035741.html
Acked-by: Jo-Philipp Wich <jo@mein.io>
Reported-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8307da3dbdaff13d5ce99f8aefa32f5b7a2e18e6)

ath10k-ct: fix typo in Makefile

Add forgotten colon to Makefile.

Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
(cherry picked from commit f0f1d68d528402b4d51a1dd08d2e2c9034167f92)

ath10k-ct: update to latest version

Changelog:
- ath10k-ct: Add security fixes.
- ath10k-ct: Add 5.12 kernel version.
- ath10k-ct: Fix the beacon/mcast/bcast override issue
- ath10k-ct 5.7: Fix setting mcast/bcast/beacon rate from debugfs.
- ath10k-ct: Add 5.11 driver.

Delete upstreamed patch and refresh the rest. Also, use the opportunity to
set PKG_RELEASE to $(AUTORELEASE).

Runtime-tested on ipq806x (Netgear R7800).

Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
(cherry picked from commit 2e10ed925e1e07c28570731a429efa5e7de3b826)

kernel/modules: move act_gact into kmod-sched-core

As the name suggests, act_gact has the generic actions such as dropping
and accepting packets, so move it into kmod-sched-core.

Signed-off-by: DENG Qingfang <dqfext@gmail.com>
(cherry-picked from commit 10aacb9a6ce3445cdee39573f4120e7888beb022)

package/comgt: Handle bind/unbind events

This script was expecting only add/remove events which has not been the
case since Kernel 4.12 (which added bind/unbind). Bind events were getting
treated as remove events which would cause hotplugged 3g modems to not
work.

More info:
https://lkml.org/lkml/2018/12/23/128
https://github.com/systemd/systemd/issues/8221

Signed-off-by: Arjun AK <arjunak234@gmail.com>
(cherry picked from commit 89ef883b92b3a87d9ab1bd289de26b9e72681dac)

ubus: update to the latest version

4fc532c8a55b ubusd: fix tx_queue linked list usage

Signed-off-by: Felix Fietkau <nbd@nbd.name>