Commits on Jul 26, 2018
  1. odhcpd: update to latest git HEAD

    jow- committed Jun 26, 2018
      81a281e dhcpv6-ia: fix border assignment size setting
      a2ffc59 dhcpv6-ia: fix status code for not on link IAs
      5b087a6 dhcpv6-ia: improve error checking in assign_pd()
      c9114a1 config: fix wrong assignment
      bb8470f dhcpv4: delay forced renew transaction start
      62a1b09 dhcpv4: fix DHCP address space logic
      d5726ff dhcpv4: improve logging when sending DHCP messages
      9484351 odhcpd: call handle_error when socket error can be retrieved
      c45e2eb dhcpv6: fix out of bounds write in handle_nested_message()
      c2ff5af dhcpv6-ia: log renew messages as well
      676eb38 router: fix possible segfault in send_router_advert()
      392701f odhcpd: fix passing possible negative parameter
      029123b treewide: switch to C-code style comments
      6b79748 router: improve error checking
      12e21bc netlink: fix incorrect sizeof argument
      d7aa414 dhcpv6: improve error checking in dhcpv6_setup_interface()
      373495a ubus: fix invalid ipv6-prefix json
      79d5e6f ndp: improve error checking
      d834ae3 dhcpv4: fix error checking in dhcpv4_setup_interface()
      f2aa383 dhcpv4: fix out of bound access in dhcpv4_put
      4591b36 dhcpv4: improve error checking in dhcpv4_setup_interface()
      4983ee5 odhcpd: fix strncpy bounds
      c0f6390 odhcpd: Check if open the ioctl socket failed
      345bba0 dhcpv4: improve error checking in handle_dhcpv4()
      44cce31 ubus: avoid dumping interface state with NULL message
    Cherry picked and squashed from commits:
      b7ef10c odhcpd: update to latest git HEAD
      98a6bee odhcpd: update to latest git HEAD
      88c8882 odhcpd: update to latest git HEAD
    Signed-off-by: Jo-Philipp Wich <>
  2. ubus: update to latest git HEAD

    jow- committed Jul 26, 2018
    40e0931 libubus: pass an empty UBUS_ATTR_DATA block if msg is NULL on invoke
    Signed-off-by: Jo-Philipp Wich <>
    (cherry picked from commit 7316515)
  3. firewall: update to latest git HEAD and build with LTO

    dedeckeh authored and jow- committed May 25, 2018
    Reduces .ipk size on MIPS from 41.6k to 41.1k
      30463d0 zones: add interface/subnet bound LOG rules
      0e77bf2 options: treat time strings as UTC times
      d2bbeb7 firewall3: make reject types selectable by user
      aa8846b ubus: avoid dumping interface state with NULL message
    Cherry picked and squashed from commits:
      a3f2451 firewall: update to latest git HEAD
      433d71e fw3: update to latest git HEAD
      ef96d1e firewall: compile with LTO enabled
      1e83f77 firewall3: update to latest git HEAD
      3ee2c76 firewall: update to latest git HEAD
    Signed-off-by: Hans Dedecker <>
    Signed-off-by: John Crispin <>
    Signed-off-by: Felix Fietkau <>
    Signed-off-by: Jo-Philipp Wich <>
Commits on Jul 25, 2018
  1. ubus: update to latest git HEAD

    blogic committed Jul 25, 2018
    884be45 libubus: check for non-NULL data before running callbacks
    Signed-off-by: John Crispin <>
    (cherry picked from commit a5c3bba)
  2. libubox: update to latest git HEAD

    blogic committed Jul 25, 2018
    c83a84a fix segfault when passed blobmsg attr is NULL
    Signed-off-by: John Crispin <>
    (cherry picked from commit 5dc3262)
  3. wireguard-tools: add wireguard_watchdog script

    notgood authored and Kevin Darbyshire-Bryant committed Jul 1, 2018
    This watchdog script tries to re-resolve hostnames for inactive WireGuard peers.
    Use it for peers with a frequently changing dynamic IP.
    persistent_keepalive must be set, recommended value is 25 seconds.
    Run this script from cron every minute:
    echo '* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root
    Signed-off-by: Aleksandr V. Piskunov <>
    [bump the package release]
    Signed-off-by: Kevin Darbyshire-Bryant <>
    (cherry picked from commit 20c4819)
  4. wireguard: bump to 0.0.20180718

    zx2c4 authored and Kevin Darbyshire-Bryant committed Jul 18, 2018
    80b41cd version: bump snapshot
    fe5f0f6 recieve: disable NAPI busy polling
    e863f40 device: destroy workqueue before freeing queue
    81a2e7e wg-quick: allow link local default gateway
    95951af receive: use gro call instead of plain call
    d9501f1 receive: account for zero or negative budget
    e80799b tools: only error on wg show if all interfaces failk
    Signed-off-by: Jason A. Donenfeld <>
    [Added commit log to commit description]
    Signed-off-by: Kevin Darbyshire-Bryant <>
    (cherry picked from commit 57b808e)
  5. wireguard: bump to 0.0.20180708

    zx2c4 authored and Kevin Darbyshire-Bryant committed Jul 10, 2018
    * device: print daddr not saddr in missing peer error
    * receive: style
    Debug messages now make sense again.
    * wg-quick: android: support excluding applications
    Android now supports excluding certain apps (uids) from the tunnel.
    * selftest: ratelimiter: improve chance of success via retry
    * qemu: bump default kernel version
    * qemu: decide debug kernel based on KERNEL_VERSION
    Some improvements to our testing infrastructure.
    * receive: use NAPI on the receive path
    This is a big change that should both improve preemption latency (by not
    disabling it unconditionally) and vastly improve rx performance on most
    systems by using NAPI. The main purpose of this snapshot is to test out this
    Signed-off-by: Jason A. Donenfeld <>
    (cherry picked from commit 4630159)
Commits on Jul 21, 2018
  1. build: do not alter global default package selection from profiles

    jow- committed Jul 21, 2018
    This partly reverts ca32373 which lets
    profiles that suppress packages to alter the package selection for all
    devices of the target when building with CONFIG_TARGET_PER_DEVICE_ROOTFS.
    In particular, this caused the brcm47xx Edimax PS-1208MFG profile to
    disable mtd, dropbear, firewall and other essential packages for all
    brcm47xx/generic builds.
    To solve this problem, prevent profiles from mangling the global
    DEFAULT_PACKAGES selection and restrict the supression of negated
    packages to the local PACKAGE variable list only.
    Fixes ca32373 (" let profile remove from DEFAULT_PACKAGES")
    Signed-off-by: Jo-Philipp Wich <>
    (cherry picked from commit 69ea512)
  2. WDR4900v1 remove dt node for absent hw crypto.

    tim-seoss authored and jow- committed Jul 4, 2018
    The WDR4900v1 uses the P1040 SoC, so the device tree pulls in the
    definition for the related P1010 SoC.  However, the P1040 lacks the
    CAAM/SEC4 hardware crypto accelerator which the P1010 device tree
    defines.  If left defined, this causes the CAAM drivers (if present) to
    attempt to use the non-existent device, making various crypto-related
    operations (e.g. macsec and ipsec) fail.
    This commit overrides the incorrect dt node definition in the included
    See also:
    Signed-off-by: Tim Small <>
    (cherry picked from commit e97aaf4)
  3. iproute2: tc: backport canonical cake support

    Kevin Darbyshire-Bryant
    Kevin Darbyshire-Bryant committed Jul 20, 2018
    iproute2's tc was updated to support the recently upstreamed cake qdisc.
    Backport this canonical support from upstream into iproute2 v4.16
    There is no kernel kmod/userspace tc ABI change in this release from the
    previous package bump, so everyone can breath a sigh of relief.
    This is largely a code style change, the exception to prove the rule:
    option 'autorate_ingress' has been changed to 'autorate-ingress' to fit
    in with upstream option naming expectations.
    No openwrt package (e.g. sqm-scripts) has knowledge of
    'autorate_ingress' thus only users who made their own scripts or used
    it within the 'dangerous configuration' options of sqm-scripts will be
    Signed-off-by: Kevin Darbyshire-Bryant <>
Commits on Jul 20, 2018
  1. build: fix compile error when a package includes itself in PROVIDES

    nbd168 authored and jow- committed Jul 20, 2018
    Signed-off-by: Felix Fietkau <>
    (cherry picked from commit 7c306ae)
Commits on Jul 19, 2018
  1. apm821xx: fix sata access freezes

    chunkeey authored and mkresin committed Jul 16, 2018
    The original vendor's driver programmed the dma controller's
    AHB HPROT values to enable bufferable, privileged mode. This
    along with the "same priorty for both channels" fixes the
    freezes according to @takimata, @And.short, that have been
    reported on the forum by @TiceRex.
    Furtheremore, @takimata reported that the patch also improved
    the performance of the HDDs considerably:
    |It seems your patch unleashed the full power of the SATA port.
    |Where I was previously hitting a really hard limit at around
    |82 MB/s for reading and 27 MB/s for writing, I am now getting this:
    |root@OpenWrt:/mnt# time dd if=/dev/zero of=tempfile bs=1M count=1024
    |1024+0 records in
    |1024+0 records out
    |real    0m 13.65s
    |user    0m 0.01s
    |sys     0m 11.89s
    |root@OpenWrt:/mnt# time dd if=tempfile of=/dev/null bs=1M count=1024
    |1024+0 records in
    |1024+0 records out
    |real    0m 8.41s
    |user    0m 0.01s
    |sys     0m 4.70s
    |This means: 121 MB/s reading and 75 MB/s writing!
    |The drive is a WD Green WD10EARX taken from an older MBL Single.
    |I repeated the test a few times with even larger files to rule out
    |any caching, I'm still seeing the same great performance. OpenWrt is
    |now completely on par with the original MBL firmware's performance.
    Signed-off-by: Christian Lamparter <>
Commits on Jul 18, 2018
  1. base-files: fix wrong sysctl parameter order

    luizluca authored and mkresin committed Jul 17, 2018
    Restarting service sysctl echos multiple errors like:
      sysctl: -e: No such file or directory
    After the first filename, all remaining arguments are treated
    as files.
    Signed-off-by: Luiz Angelo Daros de Luca <>
  2. igmpproxy: run in foreground for procd

    Kevin Darbyshire-Bryant
    Kevin Darbyshire-Bryant committed Jul 18, 2018
    procd needs processes to stay in foreground to remain under its gaze and
    control.  Failure to do so means service stop commands fail to actually
    stop the process (procd doesn't think it's running 'cos the process has
    exited already as part of its forking routing)
    Signed-off-by: Kevin Darbyshire-Bryant <>
    (cherry picked from commit 9d5a246)
Commits on Jul 17, 2018
  1. mediatek: fix parallel build issues in image build code

    jow- committed Jul 17, 2018
    Drop the parallel-unsafe custom Build/dtb macro and use the .dtb artifacts
    produced by the generic image build code.
    Also remove unused .dtb references in the mt7623 subtarget.
    Signed-off-by: Jo-Philipp Wich <>
    (backported from commit 8194f9e)
Commits on Jul 16, 2018
  1. mtd: improve check for TRX header being already fixed

    Rafał Miłecki
    Rafał Miłecki committed Jul 15, 2018
    First of all lengths should be compared after checking all blocks for
    being good/bad. It's because requested length may differ from a final
    one if there were some bad blocks.
    Secondly it makes sense to also compare crc32 since we already have a
    new one calculated.
    Signed-off-by: Rafał Miłecki <>
    (cherry picked from commit 82498a7)
  2. mtd: support bad blocks within the mtd_fixtrx()

    Rafał Miłecki
    Rafał Miłecki committed Jul 15, 2018
    Reading MTD data with (p)read doesn't return any error when accessing
    bad block. As the result, with current code, CRC32 covers "data" stored
    in bad blocks.
    That behavior doesn't match CFE's one (bootloader simply skips bad
    blocks) and may result in:
    1) Invalid CRC32
    2) CFE refusing to boot firmware with a following error:
    Boot program checksum is invalid
    Fix that problem by checking every block before reading its content.
    Signed-off-by: Rafał Miłecki <>
    (cherry picked from commit 0f54489)
  3. kmod-sched-cake: bump to 20180716

    Kevin Darbyshire-Bryant
    Kevin Darbyshire-Bryant committed Jul 15, 2018
    Bump to the latest cake recipe.
    This backports tc class support to kernel 4.9 and other than conditional
    kernel compilation pre-processor macros represents the cake that has
    gone upstream into kernel 4.19.  Loud cheer!
    Fun may be had by changing cake tin classification for packets on
    ingress. e.g.
    tc filter add dev ifb4eth0 parent 800b: protocol ip u32 match \
    ip dport 6981 0xffff action skbedit priority 800b:1
    Where 800b: represents the filter handle for the ifb obtained by 'tc
    qdisc' and the 1 from 800b:1 represents the cake tin number.  So the
    above example puts all incoming packets destined for port 6981 into the
    BULK (lowest priority) tin.
    f39ab9a Obey tin_order for tc filter classifiers
    1e2473f Clean up after latest backport.
    82531d0 Reorder includes to fix out of tree compilation
    52cbc00 Code style cleanup
    6cdb496 Fix argument order for NL_SET_ERR_MSG_ATTR()
    cab17b6 Remove duplicate call to qdisc_watchdog_init()
    71c7991 Merge branch 'backport-classful'
    32aa7fb Fix compilation on Linux 4.9
    9f8fe7a Fix compilation on Linux 4.14
    ceab7a3 Rework filter classification
    aad5436 Fixed version of class stats
    be1c549 Add cake-specific class stats
    483399d Use tin_order for class dumps
    80dc129 Add class dumping
    0c8e6c1 Fix dropping when using filters
    c220493 Add the minimum class ops
    5ed54d2 Start implementing tc filter/class support
    Signed-off-by: Kevin Darbyshire-Bryant <>
    (cherry picked from commit c729c43)
  4. qos-scripts: fix uci callback handling

    guidosarducci authored and dedeckeh committed Jun 8, 2018
    The previous callback code was fragile, dependent on some UCI callback
    bugs and side-effects now fixed in master commit 73d8a6a.
    Update scripts to use callbacks where appropriate and necessary, while
    using normal UCI config parsing for all else. This results in smaller,
    simpler, more robust code. Use callbacks in to only process
    'interface' defaults and the varying entries for 'reclassify', 'default'
    and 'classify' sections. Also switch qos-stat to use non-callback UCI
    The current changes work independently of 73d8a6a (i.e. both before and
    after), and are consistent with UCI config parsing documentation.
    Signed-off-by: Tony Ambardar <>
  5. base-files: fix UCI config parsing and callback handling

    guidosarducci authored and dedeckeh committed Mar 8, 2018
    There are several long-standing issues present in the UCI shell API as
    documented in They
    relate both to high-level, user-defined callback functions used to
    process UCI config files, and also to low-level functions used within
    scripts generally.
    The related problems have been encountered now and in the past, e.g., and include:
    a) UCI parsing option() function and user-defined option_cb() callbacks
    being erroneously called during processing of "list" config file entries;
    b) normal usage of the low-level config_set() unexpectedy calling any
    defined option_cb() if present; and
    c) handling of the list_cb() not respecting the NO_CALLBACK variable.
    Root causes include a function stack "inversion", where the low-level
    config_set() function incorrectly calls the high-level option() function,
    intended only for processing the "option" keyword of UCI config files.
    This change addresses the inversion and other issues, making the option
    handling code more consistent and smaller, and simplifying developers'
    usage of UCI callbacks.
    Signed-off-by: Tony Ambardar <>
    Signed-off-by: Hans Dedecker <> [PKG_RELEASE increase]
  6. apm821xx: fix usb-otg on 4.14

    chunkeey authored and blogic committed Jul 14, 2018
    Starting with 4.14, the "amcc,dwc-otg" needs to be used
    in order to get the usb-otg to work.
    Signed-off-by: Christian Lamparter <>
    (cherry picked from commit 12b80f1)
Commits on Jul 15, 2018
  1. odhcp6c: add noserverunicast config option for broken DHCPv6 servers

    dedeckeh committed Jul 15, 2018
    Fix broken DHCPv6 servers which provide the server unicast option but
    do not reply on DHCPv6 renew messages directed to the IPv6 address
    contained in the server unicast option which results in broken IPv6
    67ae6a7 odhcp6c: add option to ignore Server Unicast option
    Signed-off-by: Hans Dedecker <>
  2. odhcp6c: update to latest git HEAD

    dedeckeh committed Jun 20, 2018
    b99c1f6 odhcp6c: remove len check in option parsing handle
    Signed-off-by: Hans Dedecker <>
  3. odhcp6c: user string option support

    dedeckeh committed Jun 11, 2018
    ca8822b odhcp6c: add support for user string options
    Signed-off-by: Hans Dedecker <>
  4. ipq40xx: add get_status_led to

    blocktrron authored and NeoRaider committed Jun 12, 2018
    This commit adds the get_status_led method to, which sets the
    boot-led as status-led for scripts using this method to get a
    This method is used platform-independent in downstream project gluon to
    set the LED used to indicate the config-mode.
    Signed-off-by: David Bauer <>
    (cherry picked from commit 4fc0051)
  5. OpenWrt v18.06.0-rc2: revert to branch defaults

    jow- committed Jul 15, 2018
    Signed-off-by: Jo-Philipp Wich <>
  6. OpenWrt v18.06.0-rc2: adjust config defaults

    jow- committed Jul 15, 2018
    Signed-off-by: Jo-Philipp Wich <>
  7. uhttpd: update to latest Git head

    jow- committed Jul 2, 2018
    db86175 lua: honour size argument in recv() function
    d3b9560 utils: add uh_htmlescape() helper
    8109b95 file: escape strings in HTML output
    393b59e proc: expose HTTP Origin header in process environment
    796d42b client: flush buffered SSL output when tearing down client ustream
    Signed-off-by: Jo-Philipp Wich <>
    (cherry picked from commit b54bef2)
Commits on Jul 14, 2018
  1. include/ explicitly check for -f flag when using busy…

    NeoRaider committed Jul 14, 2018
    …box time
    On Debian, busybox does have a time applet, but it does not support the -f
    flag. Catch this in prereq check to give users to proper error message.
    Signed-off-by: Matthias Schiffer <>
    (cherry picked from commit b123921)
  2. include/ fix kernel rebuild on backport patch changes

    NeoRaider committed Jul 14, 2018
    An incorrect variable name was referenced in KERNEL_FILE_DEPENDS, leading
    to the omission of the backport-* patch dirs in the generation of the
    prepared stamp name.
    Signed-off-by: Matthias Schiffer <>
    (cherry picked from commit 36fa1bb)
  3. kernel: backport page fragment API changes from 4.10+ to 4.9

    nbd168 committed Jul 14, 2018
    mt76 now relies on this API
    Signed-off-by: Felix Fietkau <>
Commits on Jul 13, 2018
  1. kernel: gen_stats: Fix netlink stats dumping in the presence of padding

    Kevin Darbyshire-Bryant
    Kevin Darbyshire-Bryant committed Jul 2, 2018
    Backport hot off the press upstream netlink patch.  Fixes stats display
    from CAKE qdisc on MIPS allowing us to bump CAKE to latest version.
    The gen_stats facility will add a header for the toplevel nlattr of type
    TCA_STATS2 that contains all stats added by qdisc callbacks. A reference
    to this header is stored in the gnet_dump struct, and when all the
    per-qdisc callbacks have finished adding their stats, the length of the
    containing header will be adjusted to the right value.
    However, on architectures that need padding (i.e., that don't set
    CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS), the padding nlattr is added
    before the stats, which means that the stored pointer will point to the
    padding, and so when the header is fixed up, the result is just a very
    big padding nlattr. Because most qdiscs also supply the legacy TCA_STATS
    struct, this problem has been mostly invisible, but we exposed it with
    the netlink attribute-based statistics in CAKE.
    Fix the issue by fixing up the stored pointer if it points to a padding
    Signed-off-by: Kevin Darbyshire-Bryant <>
    (cherry picked from commit 3698b34)
  2. ramips: clean up and fix MT7621 NAND driver issues

    nbd168 committed Jul 11, 2018
    - remove misaligned custom buffer allocation in the NAND driver
    - remove broken bounce buffer implementation for 16-byte align
    Let the MTD core take care of both
    Fixes messages like these:
    [  102.820541] Data buffer not 16 bytes aligned: 87daf08c
    Signed-off-by: Felix Fietkau <>
  3. mt76: update to the latest version

    nbd168 committed Jul 13, 2018
    08719b1 mt76: use a per rx queue page fragment cache
    4d2c565 mt76x2: reset HW before probe
    f622975 mt76x2: fix CCK protection control frame rate
    6780375 mt76x2: add frame protection support
    Signed-off-by: Felix Fietkau <>