81266d9001 openssl: bump to 1.1.1k
6165bb0d60 openssl: sync package download URLs with master
c336db7a78 mbedtls: update to 2.16.10
616fff2a94 mwlwifi: add PKG_FLAGS:=nonshared
dce6b118eb scripts: bundle-libraries.sh: fix broken SDK compiler
afdd5dcd0d build: reduce number of files passed to ipk-remove
1fcd833c9a build: call ipkg-remove using xargs if #args>=512
33df82be36 build: package-ipkg: avoid calling wildcard twice
3402334413 kernel: bump 4.14 to 4.14.224
55e9d87754 kernel: bump 4.14 to 4.14.223
c64742a96e wolfssl: bump to v4.7.0-stable
4b19b2db78 hostapd: P2P: Fix a corner case in peer addition based on PD Request
0a08a9a2b4 build: fix checks for GCC11
a5672f6b96 Revert "base-files: source functions.sh in /lib/functions/system.sh"
b4a4d04b91 kernel: bump 4.14 to 4.14.222
86aeac4fc9 base-files: source functions.sh in /lib/functions/system.sh
e9c0c5021c hostapd: backport ignoring 4addr mode enabling error
a36d2ee310 ramips: remove factory image for TP-Link Archer C20 v1

Fixes: CVE-2021-3450, CVE-2021-3449, CVE-2021-3336, CVE-2021-27803

End the process after one result in case -l is not given
and destination address is unicast.
Reduces singleshot execution time from timeout seconds to around 150ms.

resolves #2184

No package uses l2tp_ip.

3822f44013cc tunneldigger: remove unneeded kmod-l2tp-ip dependency
95c805c863cd tunneldigger: update to latest upstream (#238)

Upstream removed the factory images for the Archer C20 v1 as they
potentially brick the device. Remove them from Gluon to avoid build
failures on the next OpenWrt 19.07 bump.

Signed-off-by: David Bauer <mail@david-bauer.net>

e26b474 Merge pull request #644 from ecsv/batadv-for-19.07
369908c alfred: Start up alfred without valid interfaces
97e7600 alfred: Fix procd process handling for disable state
0a3432d Merge pull request #636 from ecsv/batadv-for-19.07
596dc84 batman-adv: Merge bugfixes from 2021.0
862a2df batctl: Merge bugfixes from 2021.0

6aef4bc7c3 lantiq: fritz7320: enable USB power supply
6bf5bfc19f openssl: bump to 1.1.1j
f44153038e OpenWrt v19.07.7: revert to branch defaults
d5ae565873 OpenWrt v19.07.7: adjust config defaults
c4a6851c72 kernel: bump 4.14 to 4.14.221
f8b849103d ramips: ethernet: Disable TSO support to improve stability

ubuntu-latest is now assigned to Ubuntu 20.04. As we use custom apt
sources for 18.04, pin to this version for now to fix the CI.

fec1aa6dfb mt76: update to the latest version
224fa47bf9 ramips: mark toggle input on EX6150 as a switch
3a05aa17db mac80211: Remove 357-mac80211-optimize-skb-resizing.patch
171d8bce0c ramips: remove factory image for TP-Link Archer C2 v1
2eb8444363 ath79: fix USB power GPIO for TP-Link TL-WR810N v1
d5a8e85878 wolfssl: Backport fix for CVE-2021-3336
cf5e5204d9 bcm63xx: sprom: override the PCI device ID
4465b44fc1 kernel: bump 4.14 to 4.14.219
4b9ade65ec bcm63xx: R5010UNv2: fix flash partitions for 16MB flash
ab9cb390be hostapd: fix P2P group information processing vulnerability
1e90091c5d opkg: update to latest git HEAD of branch openwrt-19.07
312c05611b kernel: bump 4.14 to 4.14.218
3100649458 wolfssl: enable HAVE_SECRET_CALLBACK
e9d2aa9dc6 wolfssl: Fix hostapd build with wolfssl 4.6.0
2044c01de8 wolfssl: Update to v4.6.0-stable
5ac0b2b431 mvebu: omnia: make initramfs image usable out of the box

a7a207e18b mt76: update to the latest version
1ce5008597 wireguard: Fix compile with kernel 4.14.217
2ecb22dc51 kernel: bump 4.14 to 4.14.217
11f4918ebb dnsmasq: backport fixes
9999c87d3a netifd: fix IPv6 routing loop on point-to-point links
250dbb3a60 odhcp6c: fix IPv6 routing loop on point-to-point links
d816c6cd31 kernel: bump 4.14 to 4.14.216
c21d59dc11 imagebuilder: pass IB=1 on checking requirements

kernel: bridge: Fix a deadlock when enabling multicast snooping

[ Upstream commit 851d0a73c90e6c8c63fef106c6c1e73df7e05d9d ]

From: Joseph Huang <Joseph.Huang@garmin.com>

When enabling multicast snooping, bridge module deadlocks on multicast_lock
if 1) IPv6 is enabled, and 2) there is an existing querier on the same L2
network.

The deadlock was caused by the following sequence: While holding the lock,
br_multicast_open calls br_multicast_join_snoopers, which eventually causes
IP stack to (attempt to) send out a Listener Report (in igmp6_join_group).
Since the destination Ethernet address is a multicast address, br_dev_xmit
feeds the packet back to the bridge via br_multicast_rcv, which in turn
calls br_multicast_add_group, which then deadlocks on multicast_lock.

The fix is to move the call br_multicast_join_snoopers outside of the
critical section. This works since br_multicast_join_snoopers only deals
with IP and does not modify any multicast data structures of the bridge,
so there's no need to hold the lock.

Steps to reproduce:
1. sysctl net.ipv6.conf.all.force_mld_version=1
2. have another querier
3. ip link set dev bridge type bridge mcast_snooping 0 && \
   ip link set dev bridge type bridge mcast_snooping 1 < deadlock >

A typical call trace looks like the following:

[  936.251495]  _raw_spin_lock+0x5c/0x68
[  936.255221]  br_multicast_add_group+0x40/0x170 [bridge]
[  936.260491]  br_multicast_rcv+0x7ac/0xe30 [bridge]
[  936.265322]  br_dev_xmit+0x140/0x368 [bridge]
[  936.269689]  dev_hard_start_xmit+0x94/0x158
[  936.273876]  __dev_queue_xmit+0x5ac/0x7f8
[  936.277890]  dev_queue_xmit+0x10/0x18
[  936.281563]  neigh_resolve_output+0xec/0x198
[  936.285845]  ip6_finish_output2+0x240/0x710
[  936.290039]  __ip6_finish_output+0x130/0x170
[  936.294318]  ip6_output+0x6c/0x1c8
[  936.297731]  NF_HOOK.constprop.0+0xd8/0xe8
[  936.301834]  igmp6_send+0x358/0x558
[  936.305326]  igmp6_join_group.part.0+0x30/0xf0
[  936.309774]  igmp6_group_added+0xfc/0x110
[  936.313787]  __ipv6_dev_mc_inc+0x1a4/0x290
[  936.317885]  ipv6_dev_mc_inc+0x10/0x18
[  936.321677]  br_multicast_open+0xbc/0x110 [bridge]
[  936.326506]  br_multicast_toggle+0xec/0x140 [bridge]

Fixes: 4effd28c1245 ("bridge: join all-snoopers multicast address")
Signed-off-by: Joseph Huang <Joseph.Huang@garmin.com>
Acked-by: Nikolay Aleksandrov <nikolay@nvidia.com>
Link: https://lore.kernel.org/r/20201204235628.50653-1-Joseph.Huang@garmin.com


Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[linus.luessing@c0d3.blue: backported to 4.4]

6fc02f2a45 OpenWrt v19.07.6: revert to branch defaults
b12284a14c OpenWrt v19.07.6: adjust config defaults
8055e38794 dnsmasq: Backport some security updates
733e62a8e1 uboot-at91: Add PKG_MIRROR_HASH to fix download
53814dadaf at91bootstrap: Add PKG_MIRROR_HASH to fix download
e30d3ea95f mbedtls: update to 2.16.9
c7b9c85819 kernel: bump 4.14 to 4.14.215
c9388fa986 kernel: bump 4.14 to 4.14.214
e290024717 glibc: update to latest 2.27 commit
2c37993c8a build/prereq: merge ifndef IB block together
79b1fa1702 build, imagebuilder: Do not require compilers
58138df2d5 build, imagebuilder: Do not require libncurses-dev
42e478eb0d build/json: add filesystem information

ipq40xx: Add support for Plasma Cloud PA1200 and PA2200

This device is a dual 5GHz device. It is recommended to manually change the
radio of the first device to the lower 5GHz channels and the second radio
to the upper 5GHz channels

ath79: Add support for Plasma Cloud PA300(E)

gluon-respondd: fix crash on 64bit archs (+ one unrelated issue)

Fixes warnings about implicit pointer-to-int and int-to-pointer casts.

Fixes: 59a4cd63 ("gluon-respondd: expose OWE clients in nodeinfo")

Fixes respondd on 64bit archs, as gluonutil_get_primary_domain() was
assumed to return int without the prototype.

Fixes: bcf57467 ("libgluonutil: implement gluonutil_get_primary_domain()")

This adds the OpenWrt label-mac device selection as the most preferred
fallback.

While this is only used on OpenWrt 19.07 for backports, we can also use
the label-mac device when backporting device support. This way, we have
to deal with less device-sepcific code downstream.

Signed-off-by: David Bauer <mail@david-bauer.net>

actions: run tasks based on set of modified paths

Closes #2166

packages: introduce syslog function in gluon.util

This commit introduces a simple function for writing to the syslog and
replaces the custom function used by gluon-hoodselector.

b14eeccdfe ath79: image: fix initramfs for safeloader devices
cb58c7fe73 kernel: bump 4.14 to 4.14.212
fb52c40531 wireless-regdb: Update to version 2020.11.20
7711a5906a wireless-regdb: bump to latest release 2020-04-29
c03f018220 openssl: update to 1.1.1i
0a59e2a76e mac80211: Update to version 4.19.161-1
3f5fecfd33 ramips: enable LED VCC for Asus RT-AC51U

This switches the used wireless daemons for OWE / SAE to the OpenSSL
flavors. The WolfSSL implementation currently seems to be broken.

THis switch may be reverted at a later point in time when hostapd /
wpa_supplicant implementations for WolfSSL have matured.

Fixes commit fb8cd562 ("modules: update OpenWrt")

d0b8be75ff generic: ipeth: fix iOS 14 tethering
bdc2f19f9d OpenWrt v19.07.5: revert to branch defaults
c37eb9a9f9 OpenWrt v19.07.5: adjust config defaults
5090152ae3 tools: always create $STAGING_DIR/usr/{include,lib}

d830403133 toolchain: kernel-headers: kernel Git tree mirror hash
8c2bb1d9b6 toolchain: kernel-headers: fix check target for kernel Git tree
a47caacaf3 download.pl: properly cleanup intermediate .hash file
605adb1023 download: handle possibly invalid local tarballs
5abe989475 cmake.mk,rules.mk: fix host builds using CMake and ccache
77734ce82a cmake.mk: set C/CXX compiler for host builds as well
ebe8cc2b2a mvebu: fixup Turris Omnia U-Boot environment
f10332c292 mvebu: base-files: Update Turris Omnia U-Boot environment
ca1ee39854 mvebu: Add turris-omnia.bootscript
f61e053e72 uboot-envtools: mvebu: update uci defaults for Turris Omnia
f1525e785e kernel: backport GD25Q256 support from 4.15
c72b7a4f0d kernel: bump 4.14 to 4.14.209
c420f77678 wireguard-tools: fix category/description in menuconfig

openwrt: fix xtables-addons build

This reverts commit 94736703.

Bumping the packages feed fixes the xtables-addons build.

2974079d3 nano: update to 5.4
e82884caf miniupnpd: Pass ipv6 addr to ipv6_listening_ip
33bd6b6af Merge pull request #14115 from mwarning/zt
ace81238c zerotier: update to 1.6.2
808a67b35 net/miniupnpd: ext_ip_reserved_ignore support
1adf9d979 miniupnpd: Added chain rule to filter table so udp stun incoming connections rules works
4ed18c40e miniupnpd: update to 2.2.0
16cceb118 net/miniupnpd: check by /etc/init.d/miniupnpd running
93d44081c miniupnpd: default to IGDv1
49fb6862d adblock: reporting fixes/tweaks
613d4e19c Merge pull request #14029 from aaronjg/xtables-addons-fix
12b0f8c1a xtables-addons: patch for 4.14 route_me_harder fix
a453361e7 Merge pull request #13943 from jjm2473/openwrt-19.07-fix-libtirpc-clang
fb9077a72 Merge pull request #13983 from rs/nextdns-1.9.4-openwrt-19.07
591601446 nextdns: Update to version 1.9.4
889c46a79 Merge pull request #13981 from rs/nextdns-1.9.3-openwrt-19.07
c65dc2c45 nextdns: Update to version 1.9.3
446bec699 Merge pull request #13937 from jjm2473/openwrt-19.07-fix-vim-clang
fb7630209 travelmate: refine scan interface determination
c68be0b84 libs/libtirpc: fix host compile with clang 12.0.0
1f5670bdf vim: fix host compile with clang 12.0.0