491e839262 brcm47xx: sysupgrade: fix device model detection
4acc0db480 kernel: bump 4.14 to 4.14.146
3699327da3 kernel: bump 4.9 to 4.9.194
45a2c0f309 hostapd: Fix AP mode PMF disconnection protection bypass
e289a4133c hostapd: SAE/EAP-pwd side-channel attack update
a63edb4691 mbedtls: update to 2.16.3
2698157d54 mbedtls: Update to version 2.16.2
952bafa03c openssl: bump to 1.0.2t, add maintainer
7e1db8f27c kernel: bump 4.14 to 4.14.145
d32cf52674 kernel: bump 4.14 to 4.14.144
745292ba10 kernel: bump 4.9 to 4.9.193
5880dd48d5 mac80211: brcmfmac: backport the last 5.4 changes
90f6af5108 ar71xx: fix potential IRQ misses during dispatch for qca953x
e545808e89 ar71xx: Fix potentially missed IRQ handling during dispatch
59e42f9e3e kernel: bump 4.14 to 4.14.143
418cf097e7 kernel: bump 4.9 to 4.9.192
6f677d6848 tools: mkimage: fix __u64 typedef conflict with new glibc
c5ed9f4344 kernel: bump 4.14 to 4.14.142
556f86bbfd kernel: bump 4.9 to 4.9.191
2d257351f3 ramips: fix duplicate network setup for dlink, dir-615-h1
2a22e41fe4 ramips: fix D-Link DIR-615 H1 switch port mapping
f9dec32be7 ramips: remove duplicate case for MAC setup of freestation5
7393ce8d87 mac80211: brcmfmac: backport more kernel 5.4 changes
f6de1fa6c6 bzip2: Fix CVE-2019-12900
7ac6044632 ar71xx: WNR2200: remove redundant GPIO for WLAN LED
9d1cd9d098 kernel: bump 4.14 to 4.14.141
4b5c77ca2f ath9k: backport dynack improvements
73bba470a4 kernel: bump 4.14 to 4.14.140
8bc800aa56 kernel: bump 4.9 to 4.9.190
c948a74158 kernel: bump 4.14 to 4.14.139
09d63fb0a6 musl: Fix CVE-2019-14697
564d81e944 iptables: patch CVE-2019-11360 (security fix)
5e3b21c916 musl: ldso/dlsym: fix mips returning undef dlsym
2df2b75208 wolfssl: fixes for CVE-2018-16870 & CVE-2019-13628
09bdc14419 kernel: bump 4.14 to 4.14.138
e058fb3658 kernel: bump 4.9 to 4.9.189
28dc34f249 xfsprogs: Replace valloc with posix_memalign
24967a6c42 libbsd: Fix compilation under ARC
30815d65d2 nftables: Fix compilation with uClibc-ng
dc2f2a16d3 tools/patch: apply upstream patch for cve-2019-13638
c99ceb7030 tools/patch: apply upstream patch for CVE-2019-13636

Compile-tested: ar71xx-{generic,tiny}, ramips-rt305x, x86-64

(cherry picked from commit 85532548)

This adds a warning that entprise switches with an IGMP/MLD snooping
feature are not supported yet with IGMP/MLD filtering enabled.

For this to work, firstly the Linux bridge on the Gluon node needs to
support Multicast Router Discovery (RFC4286). But this feature was only
added to the Linux kernel recently, in 5.1.

Secondly, a Gluon node would need to periodically send "Multicast Router
Advertisment" (RFC4286) messages, to "announce" the multicast router
port setting on bridge port bat0.

Thirdly, the IGMP/MLD snooping switches would need to implement
RFC4286.

This reverts commit 9b1eb40f.

With the batman-adv v2019.2 upgrade reverted (c1a77339), the batman-adv
multicast-to-multi-unicast feature is not available yet. Without that it is
going to be very unlikely of the batman-adv multicast optimizations to
take effect. E.g. some outdated nodes would disable it.

To avoid confusion and diversion with a few communities having it enabled
and most implicitly deactivated, just deactivate it for all for now
until batman-adv is updated to v2019.2 or greater again.

The kernel partition on these devices is too small for the
OpenWrt 19.07 kernel. It is also located after the rootfs, so
we cannot grow it further.

Therefore mark these devices as deprecated now.

Fixes #1821

Fixes: 071cf7b2 ("Switch to Lua for target definitions")

reduce size by removing dispensable packages,
to fix builds of this target in most cases.

gluon-mesh-babel conigures babeld and thus the mesh. This mesh is only usable
with routes to the clients which are discovered by l3roamd.

* add check_site.lua to validate required field from site
* make use of node_client_prefix6 if defined in site

This adds documentation for the gluon-mesh-batman-adv package and
elaborates on its build and configuration options, as well as
the implemented multicast architecture.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

Fixes #1809

Fixes: bf552491 ("gluon-core: add outdoor support for 5 ghz radios")

This seems to unbreak bootloader image generation with certain shells /
build setups.

Fixes #1766

e130b6f54d0f simple-tc: increment PKG_VERSION
89260206971f libbabelhelper: bump version to allow specifying the command for readbabeldata()
0447a6960caf bump mmfd: Bugfix Crash  and firends

mac_to_ip() calculates an ipv6 address from a mac address according to
RFC 4291. For wireguard we have to use specially crafted addresses that
must be unique. This allows calculating such unique mac-based addresses
by allowing to optionally specifying the bytes to be inserted into the
address.

The new routing_algo site.conf value BATMAN_IV_LEGACY is introduced. With
these changes, the routing_algo setting becomes mandatory.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

We cannot add the same file (here: /lib/gluon/mesh-batman-adv/compat) to
two, installed packages. Therefore, instead of determining the compat
version number from this file, infer it from the batman-adv release
version number instead.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

Instead of unconditionally loading this module on boot the gluon_bat0
netifd protocol script will later take care of loading either the
batman-adv or batman-adv-legacy module, depending on the configured routing
algorithm in UCI.

19ef88a7191f batman-adv-legacy: update maintainers
c04321b96386 batman-adv-legacy: rename title from "B.A.T.M.A.N. Adv" to "... Legacy"
a382d21c6a21 batman-adv-legacy: move binaries, scripts and config to avoid conflicts
3e3db36a2eff batman-adv-legacy: remove module autoload

This displays the branch, repo and commitID that was attempted to update to but
failed. Users then can compare this output to the configuration they meant to
activate in modules and hopefully better find their typos.

Fixes #1775

This is a fix for the broken ingress traffic-shaping in gluon v2018.2.2
and possibly earlier.

For ingress traffic shaping the kernel option NET_ACT_POLICE is needed.
Before this patch there was no dependency to this. Neither in
gluon_core, gluon-mesh-vpn-core nor in the package.

This patch adds this dependency.

[Matthias Schiffer: move dependency from GLUON_CORE to gluon-mesh-vpn-core]

Fixes #1790

7c31643f5cb0 simple-tc: depend on KERNEL_NET_ACT_POLICE or kmod-sched

This reverts commit fb08e104.

Devices featuring ath10k radios should at least 128 MB of memory
as their driver is quite memory hungry.

Devices with a configuration (1x ath10k, 64M memory) like this have
often been seen as running out of memory.

package/gluon-web-network/luasrc/lib/gluon/config-mode/model/admin/network.lua:122:16: (W431) shadowing upvalue f on line 19

Fixes: bab4af01 ("gluon-web-network: improve PoE GPIO name translation
handling")

89808e211c kernel: bump 4.14 to 4.14.137
349714a491 kernel: bump 4.9 to 4.9.188
0a4a82a431 config: introduce separate CONFIG_SIGNATURE_CHECK option
8a83892662 packages: apply usign padding workarounds to package indexes if needed
0bce1d0db9 usign: update to latest Git HEAD
958411aa61 kernel: bump 4.14 to 4.14.136
2807f84b62 kernel: bump 4.9 to 4.9.187
7e4ce0c655 ar71xx: wpj531: fix SIG1/RSS1 LED GPIO

Compile-tested: ar71xx, mpc85xx