Some devices (especially QCA ones) are already using hardcoded partition
names with colons in it. The OpenMesh A62 for example provides following
mtd relevant information via cmdline:

  root=31:11 mtdparts=spi0.0:256k(0:SBL1),128k(0:MIBIB),384k(0:QSEE),64k(0:CDT),64k(0:DDRPARAMS),64k(0:APPSBLENV),512k(0:APPSBL),64k(0:ART),64k(custom),64k(0:KEYS),0x002b0000(kernel),0x00c80000(rootfs),15552k(inactive) rootfsname=rootfs rootwait

The change to split only on the last colon between mtd-id and partitions
will cause newpart to see following string for the first partition:

  KEYS),0x002b0000(kernel),0x00c80000(rootfs),15552k(inactive)

Such a partition list cannot be parsed and thus the device fails to boot.

Avoid this behavior by making sure that the start of the first part-name
("(") will also be the last byte the mtd-id split algorithm is using for
its colon search.

Fixes: 5d01d056 ("kernel: Update kernel 4.14 to version 4.14.202")
Fixes: edda06c7 ("kernel: Update kernel 4.9 to version 4.9.240")
Signed-off-by: NSven Eckelmann <sven@narfation.org>
(backported from commit 223eec7e)

Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

DMI_PRODUCT_SKU is only available with kernel >= 4.18.

Fixes: 2cd234d9 ("mac80211: brcmfmac: backport important fixes from kernel 5.2")
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

The target heavily modifies caamalg.c, so changes introduced in
kernel commit 7b930def8ef6 ("crypto: caam - limit output IV to CBC
to work around CTR mode DMA issue") have broken build.

This adjusts the upstream changes to match the rest of our local
patch.
Signed-off-by: NAdrian Schmutzler <freifunk@adrianschmutzler.de>

Compile and runtime tested on lantiq/xrx200.
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

Compile and runtime tested on x86/64.
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

This packports two security fixes from master.
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit f9005d4f)

This fixes a regression after a kernel change in 4.14.200 [1] that
led to build failure on oxnas/ox820:

  drivers/ata/sata_oxnas.c:2238:13: error: initialization of
  'enum ata_completion_errors (*)(struct ata_queued_cmd *)'
  from incompatible pointer type
  'void (*)(struct ata_queued_cmd *)' [-Werror=incompatible-pointer-types]
    .qc_prep = sata_oxnas_qc_prep,
               ^~~~~~~~~~~~~~~~~~
  drivers/ata/sata_oxnas.c:2238:13: note:
  (near initialization for 'sata_oxnas_ops.qc_prep')

Our local driver is changed the same way as prototyped in the
kernel patch, i.e. return type is changed and AC_ERR_OK return
value is added.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=306a1c5b5683c1d37565e575386139a64bdbec6fSigned-off-by: NAdrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit f6ca57e4)

The id parameter in __rb_get_wlan_data() was incorrectly used on the
assumption that id "0" would always be tied to ath9k with RLE encoding
and positive id (in fact, only id "1" was valid) would always be tied to
("external") ath10k with LZO encoding.

Newer hardware revisions of supported devices prove this assumption to
be invalid, with ath9k caldata being now wrapped in MAGIC_ERD and LZO
compressed, so disable this check to allow newer hardware to correctly
decode caldata for ath9k.

Note: this patch assumes that ath9k caldata is never stored with the new
"LZOR" encoding scheme found on some ath10k devices.
Signed-off-by: NThibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit 1c6990fe)
[keep publishing ath10k caldata in sysfs: it's the way it's done on 18.06]
Signed-off-by: NBaptiste Jonglez <git@bitsofnetworks.org>
Tested-by: Baptiste Jonglez <git@bitsofnetworks.org> [Mikrotik RB941-2nD r3]

Compile and runtime tested on x86/64.
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

Compile and runtime tested on ar71xx/generic.
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

Boolean attributes were parsed the same way as string attributes,
so a value of { "bool_attr": "true" } would be parsed correctly, but
{ "bool_attr": true } (without quotes) was parsed as false.

Fixes FS#3284
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7f676b5e)

When building from a local branch based off the "openwrt-18.06" branch,
version computation is wrong, for instance:

    r6907+1154-7e15e217

The number of local commits (1154 in this case) is wrong because it is
computed against master.  As a result, it wrongly counts *all* commits
since the beginning of the openwrt-18.06 branch as local commits.

The fix is to compare to the openwrt-18.06 branch instead, which gives the
expected result such as:

    r8060+1-1238a223Signed-off-by: NBaptiste Jonglez <git@bitsofnetworks.org>
[shorten commit title]
Signed-off-by: NAdrian Schmutzler <freifunk@adrianschmutzler.de>

This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues and the most notable of them
are described in more detail in the security advisories.

* Local side channel attack on RSA and static Diffie-Hellman
* Local side channel attack on classical CBC decryption in (D)TLS
* When checking X.509 CRLs, a certificate was only considered as revoked
if its revocationDate was in the past according to the local clock if
available.

Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8Signed-off-by: NMagnus Kroken <mkroken@gmail.com>
(cherry picked from commit 66893063)

lzma_xz_dump_options never return NULL,
should compare real options with default options
Signed-off-by: NLiangbin Lian <jjm2473@gmail.com>

Signed-off-by: NLiangbin Lian <jjm2473@gmail.com>

Lua's LNUM patch currently doesn't parse properly certain numbers as
it's visible from the following simple tests.

On x86_64 host (stock Lua 5.1.5, expected output):

 $ /usr/bin/lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  2147483648
  8796093022208
  4294967296

On x86_64 host:

 $ staging_dir/hostpkg/bin/lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  -2147483648
  0
  0

On x86_64 target:

 $ lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  -2147483648
  0
  0

On ath79 target:

 $ lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  -2147483648
  8796093022208
  4294967296

It's caused by two issues fixed in this patch, first issue is caused by
unhadled strtoul overflow and second one is caused by the cast of
unsigned to signed Lua integer when parsing from hex literal.

Run tested on:

 * Zidoo Z9S with RTD1296 CPU (aarch64_cortex-a53)
 * qemu/x86_64
 * qemu/armvirt_64
 * ath79
Signed-off-by: NLiangbin Lian <jjm2473@gmail.com>
[commit subject/message touches, fixed From to match SOB, fixed another
 unhandled case in luaO_str2i, host Lua, package bump]
Signed-off-by: NPetr Štetiar <ynezz@true.cz>
(cherry picked from commit 4bb9af48)

Compile and runtime tested on lantiq/xrx200 + ar71xx/generic.
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

Compile and runtime tested on x86/64
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

Backport a fix from kernel 5.8.3.
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit ca5ee6eb)

This backports some fixes from kernel 5.6 and 4.14.175.
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>
Tested-By: NBaptiste Jonglez <git@bitsofnetworks.org>

Mbed TLS 2.16.7 is a maintenance release of the Mbed TLS 2.16 branch,
and provides bug fixes and minor enhancements. This release includes
fixes for security issues and the most severe one is described in more
detail in a security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07

* Fix a side channel vulnerability in modular exponentiation that could
reveal an RSA private key used in a secure enclave.
* Fix side channel in mbedtls_ecp_check_pub_priv() and
mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private
key that didn't include the uncompressed public key), as well as
mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
f_rng argument. An attacker with access to precise enough timing and
memory access information (typically an untrusted operating system
attacking a secure enclave) could fully recover the ECC private key.
* Fix issue in Lucky 13 counter-measure that could make it ineffective when
hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT
macros).

Due to Mbed TLS moving from ARMmbed to the Trusted Firmware project, some
changes to the download URLs are required. For the time being, the
ARMmbed/mbedtls Github repository is the canonical source for Mbed TLS.
Signed-off-by: NMagnus Kroken <mkroken@gmail.com>
[Use https://codeload.github.com and new tar.gz file]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de
(cherry picked from commit 201d6776)

Compile and runtime tested on lantiq/xrx200.
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

Compile and runtime tested on x86/64.
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

The CONFIG_EFI_CUSTOM_SSDT_OVERLAYS option was added in kernel 4.14.188,
set it for the x86/generic target.

This fixes a build problem in the x86/generic target.

Fixes: 35e9edc3 ("kernel: Update kernel 4.14 to version 4.14.193")
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

The device uses a rf-kill switch instead of a button. Furthermore the
GPIO is active high.
Signed-off-by: NChristoph Krapp <achterin@googlemail.com>
(cherry picked from commit 0af656e9)

The variable in the case argument was mistyped, so the case always
checked against an empty string and never matched.

Fix the variable name. Add a PKG_RELEASE to Makefile so we can bump it.

Fixes: d6de3131 ("cmake: restore parallel build support for bootstrap")
Signed-off-by: NPiotr Stefaniak <pstef@freebsd.org>
[add commit message, add PKG_RELEASE, fix commit title, add Fixes:]
Signed-off-by: NAdrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit e27fbae6)

This adds support for ZyXEL NBG6616 uboot-env access
Signed-off-by: NChristoph Krapp <achterin@googlemail.com>
[add "ar71xx" to commit title]
Signed-off-by: NAdrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit eb95ca3b)

As the ath79 port of this device uses a combined kernel + root
partition the uboot bootcmd variable needs to be changed. As using
cli/luci is more convenient than opening up the case and using a uart
connection, lets unlock the uboot-env partition for write access.
Signed-off-by: NChristoph Krapp <achterin@googlemail.com>
(cherry picked from commit 982c1f6e)

821-usb-Remove-annoying-warning-about-bogus-URB.patch does not apply any
more and was also deleted in master and nobody complained. ;-)

Compile and runtime tested on lantiq/xrx200.
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

Compile and runtime tested on x86/64.
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

Commit 05d73a2a enabled GPIO on ethernet LED, but proper LED setup was
not added then. This commit fixes it by reverting the change on the LED.

Fixes: 05d73a2a ("ar71xx: Arduino Yun board 'WLAN RST' button support")
Signed-off-by: NSungbo Eo <mans0n@gorani.run>
(cherry picked from commit a5e404d1)

Commit bb46b635 changed its partition scheme, but sysupgrade image
validation still uses the old format. This commit fixes it so that
force flag is not needed for sysupgrade.

Fixes: bb46b635 ("ar71xx: move Arduino Yun to generic building code")
Signed-off-by: NSungbo Eo <mans0n@gorani.run>
(cherry picked from commit 58dc1d06)

ZyXEL Keenetic has a USB port. Thus, DWC2 USB controller driver should
be in the default image for this device.

Fixes: a7cbf59e ("ramips: add new device ZyXEL Keenetic as kn")
Signed-off-by: NAlexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
[fixed whitespace issue]
Signed-off-by: NPetr Štetiar <ynezz@true.cz>
(backported from commit 0a182fcb)
Signed-off-by: NAdrian Schmutzler <freifunk@adrianschmutzler.de>

In FS#2738 we can see that patch first introduced in
e8ebcffd ("ramips: add a explicit reset to dwc2")
breaks USB functionality since 18.06. Thus, this patch should be removed.

Removed:
- 0032-USB-dwc2-add-device_reset.patch

Fixes: FS#2738
Fixes: FS#2964
Signed-off-by: NAlexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
(cherry picked from commit ab841b43)

Signed-off-by: NYousong Zhou <yszhou4tech@gmail.com>

This fixes the following compile error:
drivers/mtd/nand/rb91x_nand.c: In function 'rb91x_nand_remove':
drivers/mtd/nand/rb91x_nand.c:445:16: error: 'rbni' undeclared (first use in this function)
  nand_release(&rbni->chip);

Fixes: 0f07496f ("kernel: Update kernel 4.9 to version 4.9.229")
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 66e04abb)

There is one closing bracket too much.

Fixes: 0f07496f ("kernel: Update kernel 4.9 to version 4.9.229")
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 014d3f59)

This bump fixes breakage introduced by kernel commit 8ab8786f78c3fc930f9abf6d6d85e95567de4e1f,
which is part of the 4.14.181 kernel bump, and backported ip6_dst_lookup_flow to 4.14.
This breaks the older WireGuard version currently in 19.07.

For reference, the compilation error is the one below:

build_dir/target-x86_64_musl/linux-x86_64/wireguard-linux-compat-1.0.20200506/src/compat/compat.h:104:42: error: 'const struct ipv6_stub' has no member named 'ipv6_dst_lookup'; did you mean 'ipv6_dst_lookup_flow'?
 #define ipv6_dst_lookup_flow(a, b, c, d) ipv6_dst_lookup(a, b, &dst, c) + (void *)0 ?: dst

Changelogs below taken from the official release announcements.

== Changes since v1.0.20200506 ==

  This release aligns with the changes I sent to DaveM for 5.7-rc7 and were
  pushed to net.git about 45 minutes ago.

  * qemu: use newer iproute2 for gcc-10
  * qemu: add -fcommon for compiling ping with gcc-10

  These enable the test suite to compile with gcc-10.

  * noise: read preshared key while taking lock

  Matt noticed a benign data race when porting the Linux code to OpenBSD.

  * queueing: preserve flow hash across packet scrubbing
  * noise: separate receive counter from send counter

  WireGuard now works with fq_codel, cake, and other qdiscs that make use of
  skb->hash. This should significantly improve latency spikes related to
  buffer bloat. Here's a before and after graph from some data Toke measured:
  https://data.zx2c4.com/removal-of-buffer-bloat-in-wireguard.png

  * compat: support RHEL 8 as 8.2, drop 8.1 support
  * compat: support CentOS 8 explicitly
  * compat: RHEL7 backported the skb hash renamings

  The usual RHEL churn.

  * compat: backport renamed/missing skb hash members

  The new support for fq_codel and friends meant more backporting work.

  * compat: ip6_dst_lookup_flow was backported to 4.14, 4.9, and 4.4

== Changes since v1.0.20200611 ==

  * qemu: always use cbuild gcc rather than system gcc
  * qemu: remove -Werror in order to build ancient kernels better
  * qemu: patch kernels that rely on ancient make
  * qemu: force 2MB pages for binutils 2.31
  * qemu: use cbuild gcc for avx512 exclusion
  * qemu: add extra fill in idt handler for newer binutils
  * qemu: support fetching kernels for arbitrary URLs
  * qemu: patch in UTS_UBUNTU_RELEASE_ABI for Ubuntu detection
  * qemu: work around broken centos8 kernel
  * qemu: mark per_cpu_load_addr as static for gcc-10

  Our qemu test suite can now handle more kernels and more compilers. Scroll
  down to the bottom of https://www.wireguard.com/build-status/ to see the
  expanded array of kernels we now test against, including some distro kernels.

  * compat: widen breadth of integer constants
  * compat: widen breadth of memzero_explicit backport
  * compat: backport skb_scrub_packet to 3.11
  * compat: widen breadth of prandom_u32_max backport
  * compat: narrow the breadth of iptunnel_xmit backport
  * compat: backport iptunnel_xmit to 3.11

  With the expanded qemu test suite, it was possible to expand our list of
  mainline kernels, so the backport compat layer is now more precise.

  * compat: ubuntu appears to have backported ipv6_dst_lookup_flow
  * compat: bionic-hwe-5.0/disco kernel backported skb_reset_redirect and ipv6 flow

  Ubuntu kernels changed recently, so this ensures we can compile with the
  latest Ubuntu releases.

  * compat: remove stale suse support
Signed-off-by: NStijn Segers <foss@volatilesystems.org>
(cherry picked from commit 1fd1f5e8cff18f97675ce303b05d411136b99fb0)