47370 Commits

Author SHA1 Message Date
Jo-Philipp Wich
98017228dd uclient: bump to latest Git HEAD
af585db uclient-fetch: support specifying advertised TLS ciphers

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-03-25 19:32:18 +01:00
Jo-Philipp Wich
052aaa7c96 uhttpd: bump to latest Git HEAD
5e9c23c client: allow keep-alive for POST requests
5fc551d tls: support specifying accepted TLS ciphers

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-03-25 19:22:10 +01:00
Jo-Philipp Wich
cd23dc1d21 ustream-ssl: bump to latest Git HEAD
5e1bc34 ustream-openssl: clear error stack before SSL_read/SSL_write
f7f93ad add support for specifying usable ciphers

Also bump the ABI version since the layout of `struct ustream_ssl_ops`
changed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-03-25 19:16:19 +01:00
Kevin Darbyshire-Bryant
1fb3c003d6 build: prereq: tidy gcc version checks
There is a restriction in the number of parameters(10)  that may be passed to
the SetupHostCommand macro so continually adding explicit gcc'n' version
checks ends up breaking the compiler check for the later versions and
oddballs like Darwin as was done in 835d1c68a0 which added gcc10.

Drop all the explicitly specified gcc version checks.  If a suitable gcc
compiler is not found, it may be specified at the dependency checking
stage after which that version will be symlinked into the build staging
host directory.

eg. 'CC=gccfoo CXX=g++foo make prereq'

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2020-03-24 14:42:52 +00:00
Kevin Darbyshire-Bryant
9b0290ffbd nftables: bump to 0.9.3
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-24 14:42:48 +00:00
Kevin Darbyshire-Bryant
a0027f8dbf libnftnl: drop unsupported configure option
--without-json-parsing is not a supported configure option.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-23 21:31:05 +00:00
Paul Spooren
6f01d3334e x86/geode: fixup FEATURE inheritance
In the geode subtarget all default x86 features were overwritten via :=
instead of extending them via +=.

This patch fixes the inheritance and thereby the compilation of
x86/geode target.

Compile tested x86/geode.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-03-23 18:56:26 +00:00
Paul Spooren
3f3a754c68 x86/geode: add missing include after rebase
The x86 image generation was refacted via cb007a7bf6 and accidently not
included `geode.mk` when selected as subtarget.

Now the file is included and image compilation for x86/geode works
again.

Thanks to Russell Senior <russell@personaltelco.net> for reporting the
problem and suggesting a patch!

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-03-23 10:42:53 +00:00
Álvaro Fernández Rojas
340fc3a1c6 bcm27xx: refresh linux 5.4 configs
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-03-23 09:14:36 +01:00
Álvaro Fernández Rojas
31922c4560 bcm27xx-userland: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-03-23 09:06:49 +01:00
Álvaro Fernández Rojas
8c02e7fe9f bcm27xx-gpu-fw: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-03-23 08:55:14 +01:00
Álvaro Fernández Rojas
6c9b5d6972 bcm27xx: sync 5.4 patches with RPi Foundation
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-03-23 08:48:08 +01:00
Robert Marko
835d1c68a0
build: add GCC 10 version detection
Lets add GCC 10 detection to the build system as distributions like Fedora 32 have started shipping with it.
Some tools like mtd-utils need work to compile under GCC10, but that will be next step.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2020-03-23 02:12:30 +01:00
Christian Lamparter
8a92ae8e4b apm821xx: switch to 5.4 kernel
This patch switches the APM821XX target to the linux kernel 5.4 variant.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-03-22 23:02:09 +01:00
Christian Lamparter
3509d4ec56 apm821xx: wndr4700: add preliminary drivetemp sensor
This patch prepares the WNDR4700 to use the HDD sensor for
the thermal zone. While the kernel's thermal.txt device-tree
binding documentation files talks about supporting multiple
sensors for a zone. This sadly is NOT the case. Even the most
current upstream kernels (5.6-rc) supports just >one< sensor
per zone: (driver/base/of-thermal.c:886)
| * REVIST: for now, the thermal framework supports only
| * one sensor per thermal zone. Thus, we are considering
| * only the first two values as slope and offset.

I do hope that this warning will prevent others wasteing time
on trying to figure out why their multi-sensor thermal-zones
definitions are not working as specified.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-03-22 23:02:09 +01:00
Christian Lamparter
01fe7a2b64 apm821xx: add drivetemp sensor for the WD MyBook Series
This patch adds the hwmon-drivetemp to the device.
It also adds device-tree bindings. This can be useful to
automate external fans which can be controlled for example
by either an unused sata-port or by the usb-power regulator.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-03-22 23:02:09 +01:00
Christian Lamparter
0409fe64cf x86: geode/legacy: fix missing watchdog core dependencies
This patch follows the other patches that added the watchdog
core to various (armvirt, malta, ath79, ...) targets that
have been hit by the following build error:

Package kmod-hwmon-sch5627 is missing dependencies for the following libraries:
watchdog.ko

In theory, we could have just added the CONFIG_WATCHDOG_CORE=y
to the Kconfig variable of kmod-hwmon-sch5627's package definition.
This would have forced the watchdog core to be builtin and less
architectures would need to be updated. But we might as well follow
through here.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-03-22 23:02:09 +01:00
Jordan Sokolic
27ffd5ee30 dnsmasq: add 'scriptarp' option
Add option 'scriptarp' to uci dnsmasq config to enable --script-arp functions.
The default setting is false, meaning any scripts in `/etc/hotplug.d/neigh` intended
to be triggered by `/usr/lib/dnsmasq/dhcp-script.sh` will fail to execute.

Also enable --script-arp if has_handlers returns true.

Signed-off-by: Jordan Sokolic <oofnik@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2020-03-22 22:17:37 +01:00
David Bauer
f1f8700d54 ath79: fix missing return statement in ar934x_nand
The reset assert and deassert methods currently miss
a return value, leading to a compilation warning.

Return the return-value of reset_control_assert and
reset_control_deassert to fix these warnings.

Suggested-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-03-22 20:09:44 +01:00
David Bauer
94c0926106 ath79: fix NAND driver compilation for kernel 5.4
This fixes the compilation of the AR934x NAND controller
driver for kernel 5.4 while leaving it untouched for
kernel 4.19.

This change is currently not run-tested, as i do not have such
a device at hand.

CC: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
CC: André Valentin <avalentin@marcant.net>
CC: WeiDong Jia <jwdsccd@gmail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2020-03-22 20:03:18 +01:00
Daniel Golle
9e5a25846f oxnas: yet another irqchip related patch
This time DTS fix, again from Sungbo Eo <mans0n@gorani.run>
  ARM: dts: oxnas: Fix clear-mask property

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-03-22 13:37:37 +00:00
David Bauer
46d0ce19f1 iwinfo: update to latest Git HEAD
9f5a7c4 iwinfo: add missing HT modename for HT-None
06a03c9 Revert "iwinfo: add BSS load element to scan result"
9a4bae8 iwinfo: add device id for Qualcomm Atheros QCA9990
eba5a20 iwinfo: add device id for BCM43602
a6914dc iwinfo: add BSS load element to scan result
bb21698 iwinfo: add device id for Atheros AR9287
7483398 iwinfo: add device id for MediaTek MT7615E

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-03-22 02:08:02 +01:00
David Bauer
280868e54d ath79: align Ubiquiti AC Pro ethernet map to factory
The Uniquiti AC Pro and Ubiquiti AC Mesh Pro currently have the
"Primary" and "Secondary" ethernet ports configured to offer LAN as well
as WAN. However, Uiquiti describes the following behavior for the
devices Ethernet ports:

 > Secondary UniFi Access Point (UAP) Ethernet ports don't
 > provide PoE passthrough (to run current to a second powered
 > device), but they do support data passthrough.
 > It serves as a bridged interface between main / secondary
 > Ethernet port.

To reduce confusion for users (as LAN and WAN functionality is not
visible on the device itself), configure both ports to offer LAN
functionality. Users can still configure a WAN interface on a port they
are able to choose.

CC: Lucian Cristian <lucian.cristian@gmail.com>
Reported-by: Florian Klink <flokli@flokli.de>
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-03-22 02:08:02 +01:00
Robert Marko
be4ed1db18
tools: squashfskit4: fix build with GCC10
In order to build squashfskit with GCC10, this backport from upstream is needed.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
[increase PKG_RELEASE]
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2020-03-22 02:06:16 +01:00
Alexander Couzens
1f4020a293 squashfskit4/Makefile: introduce PKG_RELEASE=1
When adding patches, the PKG_RELEASE should be increased.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2020-03-22 02:05:41 +01:00
Roger Pueyo Centelles
1775d50bde ath79: add support for Ubiquiti NanoBridge M (XM)
This patch adds support for the Ubiquiti NanoBridge M (XM), a
802.11n wireless with a feed+dish form factor, with the same board
definition as the Bullet M (XM).

Specifications:
 - Atheros AR7241 SoC
 - 32 MB RAM
 - 8 MB SPI flash
 - 1x 10/100 Mbps Ethernet port, 24 Vdc PoE-in
 - Power and LAN green LEDs
 - 4x RSSI LEDs (red, orange, green, green)
 - UART (115200 8N1)

Flashing via stock GUI:
 - WARNING: flashing OpenWrt from AirOS v5.6 or newer will brick your
   device! Read the wiki for more info.
 - Downgrade to AirOS v5.5.x (latest available is 5.5.11) first.
 - Upload the factory image via AirOS web GUI.

Flashing via TFTP:
 - WARNING: flashing OpenWrt from AirOS v5.6 or newer will brick your
   device! Read the wiki for more info.
 - Downgrade to AirOS v5.5.x (latest available is 5.5.11) first.
 - Use a pointy tool (e.g., pen cap, slotted screwdriver) to keep the
   reset button pressed.
 - Power on the device (keep reset button pressed).
 - Keep pressing until LEDs flash alternatively LED1+LED3 =>
   LED2+LED4 => LED1+LED3, etc.
 - Release reset button.
 - The device starts a TFTP server at 192.168.1.20.
 - Set a static IP on the computer (e.g., 192.168.1.21/24).
 - Upload via tftp the factory image:
    $ tftp 192.168.1.20
    tftp> bin
    tftp> trace
    tftp> put openwrt-ath79-generic-xxxxx-ubnt_nanobridge-m-squashfs-factory.bin

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
[rebase, fix includes in DTS, add label MAC address, add SOC and
fix sorting in generic-ubnt.mk]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-03-22 00:54:44 +01:00
Rafał Miłecki
8c33debb52 samba36: log error if getting device info failed
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-03-21 22:35:45 +01:00
Rafał Miłecki
8abefc8896 bcm53xx: sysupgrade: optimize building UBI image
Use "truncate" to adjust size of existing file instead of "dd" which
required creating a copy. This saves space on tmpfs. It may be as low
as 2.1 MiB when using OpenWrt default user space and way more (20+ MiB)
when flashing vendor firmware.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-03-21 22:31:35 +01:00
Rafał Miłecki
547f1ec25a busybox: enable truncate on bcm53xx target
It's needed for optimized sysupgrade. On host machine this change
increased busybox size by 4096 B.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-03-21 22:31:35 +01:00
Sungbo Eo
3f14f034fb treewide: omit IMAGE_SIZE argument from check-size
Now that check-size uses IMAGE_SIZE by default, we can skip the argument from
image recipes to reduce redundancy.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[do not touch ar71xx]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-03-21 20:02:55 +01:00
Sungbo Eo
1444e31a7b build: image: set default parameter for check-size
In most cases check-size is used with IMAGE_SIZE and vice versa. Let check-size
use IMAGE_SIZE by default.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-03-21 19:59:08 +01:00
Sungbo Eo
5b392c7119 treewide: gather DEVICE_VARS into one place
Place DEVICE_VARS assignments at the top of the file or above Device/Default
to make them easier to find.

For ramips, remove redundant values already present in parent file.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[do not touch ar71xx, extend commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-03-21 19:55:12 +01:00
Russell Senior
d5812478ad ath79: add support for ubnt_bullet-m-ar7240 variant
This adds support for the Ubiquiti Bullet M (AR7240).

Specifications:
- AR7240 SoC @ 400 MHz
- 32 MB RAM
- 8 MB SPI flash
- 1x 10/100 Mbps Ethernet, 24 Vdc PoE-in
- External antenna
- POWER/LAN green LEDs
- 4x RSSI LEDs (red, orange, green, green)
- UART (115200 8N1) on PCB

Flashing via WebUI:
  Upload the factory image via the stock firmware web UI.

  Attention: airOS firmware versions >= 5.6 have a new bootloader with
  an incompatible partition table!

  Please downgrade to <= 5.5 _before_ flashing OpenWrt!
  Refer to the device's Wiki page for further information.

Flashing via TFTP:
  Same procedure as other Ubiquiti M boards.

- Use a pointy tool (e.g., pen cap, paper clip) and keep the reset
  button on the device or on the PoE supply pressed
- Power on the device via PoE (keep reset button pressed)
- Keep pressing until LEDs flash alternatively LED1+LED3 =>
  LED2+LED4 => LED1+LED3, etc.
- Release reset button
- The device starts a TFTP server at 192.168.1.20
- Set a static IP on the computer (e.g., 192.168.1.21/24)
- Upload via tftp the factory image:
  $ tftp 192.168.1.20
  tftp> bin
  tftp> trace
  tftp> put openwrt-ath79-generic-xxxxx-ubnt_bullet-m-ar7240-squashfs-factory.bin

The "fixed-link" section of the device tree is needed to avoid errors like this:

  Generic PHY mdio.0:1f:04: Master/Slave resolution failed, maybe conflicting manual settings?

With "fixed-link", the errors go away and eth0 comes up reliably.

Signed-off-by: Russell Senior <russell@personaltelco.net>
[fix SUPPORTED_DEVICES]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-03-21 19:22:21 +01:00
Linus Walleij
349ad62341 gemini: Bump kernel to v5.4
The v5.4 kernel already works much better than v4.19
as so many things got upstreamed so let's just bump
it to kernel v5.4.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2020-03-21 18:17:04 +01:00
Linus Walleij
7fc155fd41 gemini: Add kernel config for kernel v5.4
This adds a kernel config file for the v5.4 gemini
kernel.

No major changes compared to v4.19, mainly
CONFIG_MTD_PHYSMAP_OF_GEMINI was renamed to
CONFIG_MTD_PHYSMAP_GEMINI.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
[select UNWINDER_ARM, set CONFIG_DRM_FBDEV_OVERALLOC, drop
dropped 4.19 symbols, kernel config refreshed]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-03-21 18:16:49 +01:00
Linus Walleij
ea2d284082 gemini: Add v5.4 kernel patches
This adds the kernel patches needed for the Gemini.
Just 7 patches, 5 of them are already upstream.

Notably we incorperate the temperature sensor on the
hard drive to drive temperature control of the NAS
chassis. This is required for the DIR-685 which has
no external temperature sensor.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
[use the drivetemp package over the backport]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-03-21 17:50:43 +01:00
Christian Lamparter
711bd33cd1 kernel: 5.4: disable more symbols
These have been discovered by the gemini 5.4 patches.
This is because one of the devices uses the FBDEV emulation.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-03-21 17:50:43 +01:00
Christian Lamparter
d107aaa910 kernel: backport and package drivetemp hwmon from v5.5
This patch backports the hwmon drivetemp sensor module from vanilla
linux 5.5 to be available on OpenWrt's 5.4 kernel.

Extract from The upstream commit by Guenter Roeck <linux@roeck-us.net>:
hwmon: Driver for disk and solid state drives with temperature sensors

"Reading the temperature of ATA drives has been supported for years
by userspace tools such as smarttools or hddtemp. The downside of
such tools is that they need to run with super-user privilege, that
the temperatures are not reported by standard tools such as 'sensors'
or 'libsensors', and that drive temperatures are not available for use
in the kernel's thermal subsystem.

This driver solves this problem by adding support for reading the
temperature of ATA drives from the kernel using the hwmon API and
by adding a temperature zone for each drive.

With this driver, the hard disk temperature can be read [...]
using sysfs:

$ grep . /sys/class/hwmon/hwmon9/{name,temp1_input}
/sys/class/hwmon/hwmon9/name:drivetemp
/sys/class/hwmon/hwmon9/temp1_input:23000

If the drive supports SCT transport and reports temperature limits,
those are reported as well.

drivetemp-scsi-0-0
Adapter: SCSI adapter
temp1:        +27.0<C2><B0>C (low  =  +0.0<C2><B0>C, high = +60.0<C2><B0>C)
                             (crit low = -41.0<C2><B0>C, crit = +85.0<C2><B0>C)
                             (lowest = +23.0<C2><B0>C, highest = +34.0<C2><B0>C)

The driver attempts to use SCT Command Transport to read the drive
temperature. If the SCT Command Transport feature set is not available,
or if it does not report the drive temperature, drive temperatures may
be readable through SMART attributes. Since SMART attributes are not well
defined, this method is only used as fallback mechanism."

This patch incorperates a patch made by Linus Walleij:
820-libata-Assign-OF-node-to-the-SCSI-device.patch
This patch is necessary in order to wire-up the drivetemp
sensor into the device tree's thermal-zones.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-03-21 17:48:34 +01:00
Eneas U de Queiroz
dcef8d6093 openssl: update to 1.1.1e
This version includes bug and security fixes, including medium-severity
CVE-2019-1551, affecting RSA1024, RSA1536, DSA1024 & DH512 on x86_64.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-03-21 17:48:34 +01:00
Eneas U de Queiroz
d9d689589b openssl: add configuration example for afalg-sync
This adds commented configuration help for the alternate, afalg-sync
engine to /etc/ssl/openssl.cnf.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-03-21 17:48:34 +01:00
Daniel Golle
19af00850f oxnas: backport another fix for irqchip
Sungbo Eo <mans0n@gorani.run> submitted another patch fixing an error
on reboot:
  irqchip/versatile-fpga: Apply clear-mask earlier

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-03-21 14:26:26 +00:00
Paul Spooren
2cb6d471b7 scripts: fixup qemustart for new x86 image names
qemustart allows easy testing of created images via `qemu`. The script
automatically selects created images and can setup e.g. networks.

As the x86 target now uses the generic image.mk the profile appears also
in the image name, this is *generic*.

Add the profile name to the qemustart script so it still finds the file.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-03-21 10:36:00 +00:00
Paul Spooren
30a2488290 x86: allow non gzipped images
The previous image generation code would always gzipped images.

This patch changes the behaviour and only compresses images when
selected in menuconfig.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-03-21 10:36:00 +00:00
Paul Spooren
33cc7e763b x86: use qemu-image command from image-commands.mk
The `qemu-image` command converts images to the specified type and
reduces redundant code.

Adaption from Alexander Couzens <lynxis@fe80.eu> work[0].

[0]: https://git.openwrt.org/?p=openwrt/staging/lynxis.git;a=blob;f=target/linux/x86/image/Makefile;h=83b8140b7aefbe708fd09c9c61827e7e39bda8b4;hb=416cccf398e9589e3de386e05b61b1c46cace20d#l51

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-03-21 10:36:00 +00:00
Paul Spooren
b2207e267b x86: remove obsolete legacy profiles
Rely on device profiles instead for packages selection.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rebase, adjusted commit title]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-03-21 10:36:00 +00:00
Paul Spooren
cb007a7bf6 x86: switch image generation to new code
This commit introduces few related changes which need to be done in
single commit to keep images buildable between git revisions. In result
it retains all previous image creation possibilities with slight name
change of generated images. Brief summary of the commit:

* Split up image generation recipe to smaller chunks to make it more
  generic and reusable.

* Make iso images x86 specific and drop their definition as root
  filesystem.

* Convert image creation process to generic code specified in image.mk.

* Make geode subtarget inherit features from the main target instead of
  redefining them.

* For subtargets create device definitions with basic packages set.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rebased]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-03-21 10:36:00 +00:00
Paul Spooren
5a5df62d95 x86/grub2: move grub2 image creation to package
Let the grub2 package take care of creating installable grub2 images,
this will allow creating grub2 images without first calling x86 image
generation recipe. Also as side effect, since those images are now
shared, it'll reduce the number of calling grub-mkimage.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rebase, adjusted commit title]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-03-21 10:36:00 +00:00
Kevin Darbyshire-Bryant
e6e1e12dc3 kernel: connmark set-dscpmark fix build on 5.4
Fix header change that was done for kernel but 4.19 got missed for 5.4.

Solves nasty errors like:

8.4.0_musl/include/linux/netfilter/xt_CONNMARK.h:5,
                from connmark_listener.c:30:
/builder/shared-workdir/build/sdk/staging_dir/toolchain-aarch64_cortex-a53_gcc-8.4.0_musl/include/linux/netfilter/xt_connmark.h:23:2: error: enumerator value for 'XT_CONNMARK_VALUE' is not an integer constant
 XT_CONNMARK_VALUE = BIT(0),
 ^~~~~~~~~~~~~~~~~
/builder/shared-workdir/build/sdk/staging_dir/toolchain-aarch64_cortex-a53_gcc-8.4.0_musl/include/linux/netfilter/xt_connmark.h:25:1: error: enumerator value for 'XT_CONNMARK_DSCP' is not an integer constant
};

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-21 09:51:40 +00:00
Jason A. Donenfeld
2bd56595a6 wireguard: bump to 0.0.20200318
WireGuard had a brief professional security audit. The auditors didn't find
any vulnerabilities, but they did suggest one defense-in-depth suggestion to
protect against potential API misuse down the road, mentioned below. This
compat snapshot corresponds with the patches I just pushed to Dave for
5.6-rc7.

* curve25519-x86_64: avoid use of r12

This buys us 100 extra cycles, which isn't much, but it winds up being even
faster on PaX kernels, which use r12 as a RAP register.

* wireguard: queueing: account for skb->protocol==0

This is the defense-in-depth change. We deal with skb->protocol==0 just fine,
but the advice to deal explicitly with it seems like a good idea.

* receive: remove dead code from default packet type case

A default case of a particular switch statement should never be hit, so
instead of printing a pretty debug message there, we full-on WARN(), so that
we get bug reports.

* noise: error out precomputed DH during handshake rather than config

All peer keys will now be addable, even if they're low order. However, no
handshake messages will be produced successfully. This is a more consistent
behavior with other low order keys, where the handshake just won't complete if
they're being used anywhere.

* send: use normaler alignment formula from upstream

We're trying to keep a minimal delta with upstream for the compat backport.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-21 09:42:07 +01:00
Jason A. Donenfeld
858c6b17c8 wireguard-tools: bump to 1.0.20200319
* netlink: initialize mostly unused field
* curve25519: squelch warnings on clang

Code quality improvements.

* man: fix grammar in wg(8) and wg-quick(8)
* man: backlink wg-quick(8) in wg(8)
* man: add a warning to the SaveConfig description

Man page improvements. We hope to rewrite our man pages in mdocml at some
point soon.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-21 09:41:52 +01:00