OpenWrt v18.06.1: adjust config defaults

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

.github/pull_request_template

@@ -3,6 +3,6 @@ Thanks for your contribution to OpenWrt!
 To help keep the codebase consistent and readable,
 and to help people review your contribution,
 we ask you to follow the rules you find in the wiki at this link
-https://lede-project.org/submitting-patches
+https://openwrt.org/submitting-patches
 
 Please remove this message before posting the pull request.

README

@@ -1,26 +1,31 @@
+  _______                     ________        __
+ |       |.-----.-----.-----.|  |  |  |.----.|  |_
+ |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
+ |_______||   __|_____|__|__||________||__|  |____|
+          |__| W I R E L E S S   F R E E D O M
+ -----------------------------------------------------
+
 This is the buildsystem for the OpenWrt Linux distribution.
 
-Please use "make menuconfig" to choose your preferred
-configuration for the toolchain and firmware.
+To build your own firmware you need a Linux, BSD or MacOSX system (case
+sensitive filesystem required). Cygwin is unsupported because of the lack
+of a case sensitive file system.
 
-You need to have installed gcc, binutils, bzip2, flex, python, perl, make,
-find, grep, diff, unzip, gawk, getopt, subversion, libz-dev and libc headers.
+You need gcc, binutils, bzip2, flex, python, perl, make, find, grep, diff,
+unzip, gawk, getopt, subversion, libz-dev and libc headers installed.
 
-Run "./scripts/feeds update -a" to get all the latest package definitions
-defined in feeds.conf / feeds.conf.default respectively
-and "./scripts/feeds install -a" to install symlinks of all of them into
-package/feeds/.
+1. Run "./scripts/feeds update -a" to obtain all the latest package definitions
+defined in feeds.conf / feeds.conf.default
 
-Use "make menuconfig" to configure your image.
+2. Run "./scripts/feeds install -a" to install symlinks for all obtained
+packages into package/feeds/
 
-Simply running "make" will build your firmware.
-It will download all sources, build the cross-compile toolchain, 
-the kernel and all choosen applications.
-
-To build your own firmware you need to have access to a Linux, BSD or MacOSX system
-(case-sensitive filesystem required). Cygwin will not be supported because of
-the lack of case sensitiveness in the file system.
+3. Run "make menuconfig" to select your preferred configuration for the
+toolchain, target system & firmware packages.
 
+4. Run "make" to build your firmware. This will download all sources, build
+the cross-compile toolchain and then cross-compile the Linux kernel & all
+chosen applications for your target system.
 
 Sunshine!
 	Your OpenWrt Community

feeds.conf.default

@@ -1,4 +1,4 @@
-src-git packages https://git.openwrt.org/feed/packages.git^05b9aceb00725b69220defaaad11f24b63731ac3
-src-git luci https://git.openwrt.org/project/luci.git^911219898f5e65e8bb867a8195812550cff583d5
+src-git packages https://git.openwrt.org/feed/packages.git^35e0b737ab496f5b51e80079b0d8c9b442e223f5
+src-git luci https://git.openwrt.org/project/luci.git^f64b1523447547032d5280fb0bcdde570f2ca913
 src-git routing https://git.openwrt.org/feed/routing.git^1b9d1c419f0ecefda51922a7845ab2183d6acd76
-src-git telephony https://git.openwrt.org/feed/telephony.git^278ca6938638aa2d5569b29166d157e0458f656e
+src-git telephony https://git.openwrt.org/feed/telephony.git^b9d7b321d15a44c5abb9e5d43a4ec78abfd9031b

include/feeds.mk

@@ -34,8 +34,8 @@ endef
 define FeedSourcesAppend
 ( \
   echo 'src/gz %d_core %U/targets/%S/packages'; \
-  echo 'src/gz %d_base %U/packages/%A/base'; \
   $(strip $(if $(CONFIG_PER_FEED_REPO), \
+	echo 'src/gz %d_base %U/packages/%A/base'; \
 	$(foreach feed,$(FEEDS_AVAILABLE), \
 		$(if $(CONFIG_FEED_$(feed)), \
 			echo '$(if $(filter m,$(CONFIG_FEED_$(feed))),# )src/gz %d_$(feed) %U/packages/%A/$(feed)';)))) \

include/kernel-version.mk

@@ -2,15 +2,11 @@
 
 LINUX_RELEASE?=1
 
-LINUX_VERSION-3.18 = .71
-LINUX_VERSION-4.4 = .121
-LINUX_VERSION-4.9 = .111
-LINUX_VERSION-4.14 = .54
+LINUX_VERSION-4.9 = .120
+LINUX_VERSION-4.14 = .63
 
-LINUX_KERNEL_HASH-3.18.71 = 5abc9778ad44ce02ed6c8ab52ece8a21c6d20d21f6ed8a19287b4a38a50c1240
-LINUX_KERNEL_HASH-4.4.121 = 44a88268b5088dc326b30c9b9133ac35a9a200b636b7268d08f32abeae6ca729
-LINUX_KERNEL_HASH-4.9.111 = 5966558959dc580f163766f3fdefd7e57c01b2b45d51202d00b3807c253759dd
-LINUX_KERNEL_HASH-4.14.54 = 451642ac28c539a91072f1fb83b1c061d6d44df870ddf5562400ade5e1c4b6c6
+LINUX_KERNEL_HASH-4.9.120 = d75af506865edc8145a344c4e73c3bb1000e6c9f1c3489b8dae47ca8f033fd91
+LINUX_KERNEL_HASH-4.14.63 = cd2e52f0e7ba861afa91cf487b2f45e5174115870f256a1d65996647b7bcc6d3
 
 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
 sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))

include/package-ipkg.mk

@@ -190,7 +190,7 @@ $(_endef)
 			fi; \
 		done; $(Package/$(1)/extra_provides) \
 	) | sort -u > $(PKG_INFO_DIR)/$(1).provides
-	$(if $(PROVIDES),@for pkg in $(PROVIDES); do cp $(PKG_INFO_DIR)/$(1).provides $(PKG_INFO_DIR)/$$$$pkg.provides; done)
+	$(if $(PROVIDES),@for pkg in $(filter-out $(1),$(PROVIDES)); do cp $(PKG_INFO_DIR)/$(1).provides $(PKG_INFO_DIR)/$$$$pkg.provides; done)
 	$(CheckDependencies)
 
 	$(RSTRIP) $$(IDIR_$(1))

include/target.mk

@@ -51,7 +51,7 @@ else
   endif
 endif
 
-ifneq ($(filter 3.18 4.4 4.9,$(KERNEL_PATCHVER)),)
+ifneq ($(filter 4.9,$(KERNEL_PATCHVER)),)
   DEFAULT_PACKAGES.router:=$(filter-out kmod-ipt-offload,$(DEFAULT_PACKAGES.router))
 endif
 
@@ -72,7 +72,6 @@ define Profile
   $(eval $(call ProfileDefault))
   $(eval $(call Profile/$(1)))
   dumpinfo : $(call shexport,Profile/$(1)/Description)
-  DEFAULT_PACKAGES := $(filter-out $(patsubst -%,%,$(filter -%,$(PACKAGES))),$(DEFAULT_PACKAGES))
   PACKAGES := $(filter-out -%,$(PACKAGES))
   DUMPINFO += \
 	echo "Target-Profile: $(1)"; \

include/version.mk

@@ -25,13 +25,13 @@ PKG_CONFIG_DEPENDS += \
 sanitize = $(call tolower,$(subst _,-,$(subst $(space),-,$(1))))
 
 VERSION_NUMBER:=$(call qstrip,$(CONFIG_VERSION_NUMBER))
-VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),18.06.0-rc2)
+VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),18.06.1)
 
 VERSION_CODE:=$(call qstrip,$(CONFIG_VERSION_CODE))
-VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r7141-e4d0ee5af5)
+VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r7258-5eb055306f)
 
 VERSION_REPO:=$(call qstrip,$(CONFIG_VERSION_REPO))
-VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),http://downloads.openwrt.org/releases/18.06.0-rc2)
+VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),http://downloads.openwrt.org/releases/18.06.1)
 
 VERSION_DIST:=$(call qstrip,$(CONFIG_VERSION_DIST))
 VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),OpenWrt)

package/base-files/Makefile

@@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/version.mk
 include $(INCLUDE_DIR)/feeds.mk
 
 PKG_NAME:=base-files
-PKG_RELEASE:=190
+PKG_RELEASE:=192
 PKG_FLAGS:=nonshared
 
 PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/

package/base-files/files/etc/init.d/sysctl

@@ -39,6 +39,6 @@ apply_defaults() {
 start() {
 	apply_defaults
 	for CONF in /etc/sysctl.d/*.conf /etc/sysctl.conf; do
-		[ -f "$CONF" ] && sysctl -p "$CONF" -e >&-
+		[ -f "$CONF" ] && sysctl -e -p "$CONF" >&-
 	done
 }

package/base-files/files/lib/functions.sh

@@ -57,16 +57,16 @@ config () {
 	export ${NO_EXPORT:+-n} CONFIG_NUM_SECTIONS=$(($CONFIG_NUM_SECTIONS + 1))
 	name="${name:-cfg$CONFIG_NUM_SECTIONS}"
 	append CONFIG_SECTIONS "$name"
-	[ -n "$NO_CALLBACK" ] || config_cb "$cfgtype" "$name"
 	export ${NO_EXPORT:+-n} CONFIG_SECTION="$name"
-	export ${NO_EXPORT:+-n} "CONFIG_${CONFIG_SECTION}_TYPE=$cfgtype"
+	config_set "$CONFIG_SECTION" "TYPE" "${cfgtype}"
+	[ -n "$NO_CALLBACK" ] || config_cb "$cfgtype" "$name"
 }
 
 option () {
 	local varname="$1"; shift
 	local value="$*"
 
-	export ${NO_EXPORT:+-n} "CONFIG_${CONFIG_SECTION}_${varname}=$value"
+	config_set "$CONFIG_SECTION" "${varname}" "${value}"
 	[ -n "$NO_CALLBACK" ] || option_cb "$varname" "$*"
 }
 
@@ -81,7 +81,7 @@ list() {
 	config_set "$CONFIG_SECTION" "${varname}_ITEM$len" "$value"
 	config_set "$CONFIG_SECTION" "${varname}_LENGTH" "$len"
 	append "CONFIG_${CONFIG_SECTION}_${varname}" "$value" "$LIST_SEP"
-	list_cb "$varname" "$*"
+	[ -n "$NO_CALLBACK" ] || list_cb "$varname" "$*"
 }
 
 config_unset() {
@@ -113,11 +113,8 @@ config_set() {
 	local section="$1"
 	local option="$2"
 	local value="$3"
-	local old_section="$CONFIG_SECTION"
 
-	CONFIG_SECTION="$section"
-	option "$option" "$value"
-	CONFIG_SECTION="$old_section"
+	export ${NO_EXPORT:+-n} "CONFIG_${section}_${option}=${value}"
 }
 
 config_foreach() {

package/base-files/files/lib/functions/network.sh

@@ -6,10 +6,16 @@
 __network_ifstatus() {
 	local __tmp
 
-	[ -z "$__NETWORK_CACHE" ] && \
-		export __NETWORK_CACHE="$(ubus call network.interface dump)"
+	[ -z "$__NETWORK_CACHE" ] && {
+		__tmp="$(ubus call network.interface dump 2>&1)"
+		case "$?" in
+			4) : ;;
+			0) export __NETWORK_CACHE="$__tmp" ;;
+			*) echo "$__tmp" >&2 ;;
+		esac
+	}
 
-	__tmp="$(jsonfilter ${4:+-F "$4"} ${5:+-l "$5"} -s "$__NETWORK_CACHE" -e "$1=@.interface${2:+[@.interface='$2']}$3")"
+	__tmp="$(jsonfilter ${4:+-F "$4"} ${5:+-l "$5"} -s "${__NETWORK_CACHE:-{}}" -e "$1=@.interface${2:+[@.interface='$2']}$3")"
 
 	[ -z "$__tmp" ] && \
 		unset "$1" && \

package/base-files/files/lib/upgrade/fwtool.sh

@@ -1,7 +1,3 @@
-fwtool_pre_upgrade() {
-	fwtool -q -i /dev/null "$1"
-}
-
 fwtool_check_image() {
 	[ $# -gt 1 ] && return 1
 

package/base-files/files/sbin/sysupgrade

@@ -137,7 +137,6 @@ add_overlayfiles() {
 
 # hooks
 sysupgrade_image_check="fwtool_check_image platform_check_image"
-sysupgrade_pre_upgrade="fwtool_pre_upgrade"
 
 if [ $SAVE_OVERLAY = 1 ]; then
 	[ ! -d /overlay/upper/etc ] && {
@@ -264,10 +263,8 @@ else
 	rm -f /tmp/sysupgrade.always.overwrite.bootdisk.partmap
 fi
 
-run_hooks "" $sysupgrade_pre_upgrade
-
 install_bin /sbin/upgraded
-v "Commencing upgrade. All shell sessions will be closed now."
+v "Commencing upgrade. Closing all shell sessions."
 
 COMMAND='. /lib/functions.sh; include /lib/upgrade; do_upgrade_stage2'
 

package/base-files/image-config.in

@@ -183,7 +183,7 @@ if VERSIONOPT
 	config VERSION_REPO
 		string
 		prompt "Release repository"
-		default "http://downloads.openwrt.org/releases/18.06.0-rc2"
+		default "http://downloads.openwrt.org/releases/18.06.1"
 		help
 			This is the repository address embedded in the image, it defaults
 			to the trunk snapshot repo; the url may contain the following placeholders:

package/firmware/amd64-microcode/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=amd64-microcode
-PKG_VERSION:=20171205
+PKG_VERSION:=20180524
 PKG_RELEASE:=1
 
 PKG_SOURCE:=amd64-microcode_3.$(PKG_VERSION).$(PKG_RELEASE).tar.xz
 PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/non-free/a/amd64-microcode/
-PKG_HASH:=a38bc072f535a3d3c1bf4e9e545197aa5114e979e94ef7e4a67e615df2f853a7
+PKG_HASH:=7c389c357c242e7161f6872bf4e12011a71e4c0683f06fb1bcfad650a78bf0a9
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-3.$(PKG_VERSION).$(PKG_RELEASE)
 
 PKG_LICENSE_FILE:=LICENSE.amd-ucode

package/firmware/intel-microcode/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=intel-microcode
-PKG_VERSION:=20180312
-PKG_RELEASE:=1
+PKG_VERSION:=20180703
+PKG_RELEASE:=2
 
 PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).$(PKG_RELEASE).tar.xz
 PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/non-free/i/intel-microcode/
-PKG_HASH:=6ccb295d23961c7b96a69280e30fdce939e1d905147b22b8428886b173812d52
+PKG_HASH:=26dfaa47100ce3d06f968edefa7539da10de7b96d5d8e26ee8174a040ee5cdae
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-3.$(PKG_VERSION).$(PKG_RELEASE)
 
 PKG_BUILD_DEPENDS:=iucode-tool/host
@@ -36,14 +36,14 @@ endef
 
 define Build/Compile
 	IUCODE_TOOL=$(STAGING_DIR)/../host/bin/iucode_tool $(MAKE) -C $(PKG_BUILD_DIR)
-	mkdir $(PKG_BUILD_DIR)/intel-ucode
+	mkdir $(PKG_BUILD_DIR)/intel-ucode-ipkg
 	$(STAGING_DIR)/../host/bin/iucode_tool -q \
-		--write-firmware=$(PKG_BUILD_DIR)/intel-ucode $(PKG_BUILD_DIR)/$(MICROCODE).bin
+		--write-firmware=$(PKG_BUILD_DIR)/intel-ucode-ipkg $(PKG_BUILD_DIR)/$(MICROCODE).bin
 endef
 
 define Package/intel-microcode/install
 	$(INSTALL_DIR) $(1)/lib/firmware/intel-ucode
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/intel-ucode/* $(1)/lib/firmware/intel-ucode
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/intel-ucode-ipkg/* $(1)/lib/firmware/intel-ucode
 endef
 
 $(eval $(call BuildPackage,intel-microcode))

package/kernel/gpio-nct5104d/src/gpio-nct5104d.c

@@ -434,11 +434,6 @@ static int __init nct5104d_gpio_init(void)
 	const char *board_vendor = dmi_get_system_info(DMI_BOARD_VENDOR);
 	const char *board_name = dmi_get_system_info(DMI_BOARD_NAME);
 
- 	/* Make sure we only run on PC Engine APU boards */
-	if (!board_name || !board_vendor || strcasecmp(board_vendor, "PC Engines") || strncasecmp(board_name, "apu", 3)) {
-		return -ENODEV;
-	}
-
 	if (nct5104d_find(0x2e, &sio) &&
 	    nct5104d_find(0x4e, &sio))
 		return -ENODEV;

package/kernel/kmod-sched-cake/Makefile

@@ -13,9 +13,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/dtaht/sch_cake.git
-PKG_SOURCE_DATE:=2018-07-06
-PKG_SOURCE_VERSION:=c91b94f0b4456c43def2e77248a455a9a2449ed1
-PKG_MIRROR_HASH:=e1b7081e1b559a9c01721ffc856debdb91e36488b51b9facb7db73f40ab85914
+PKG_SOURCE_DATE:=2018-07-16
+PKG_SOURCE_VERSION:=f39ab9a402ad51d7c17d4cde18ca15b2b7022030
+PKG_MIRROR_HASH:=fc22fc6eb7a24f4595c2777f33758ebcf9a2a404c16d00aa37ae389cd7f9c78f
 PKG_MAINTAINER:=Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
 
 include $(INCLUDE_DIR)/package.mk

package/kernel/leds-apu2/src/leds-apu2.c

@@ -331,18 +331,6 @@ static int __init gpio_apu2_init (void)
 	const char *board_vendor = dmi_get_system_info(DMI_BOARD_VENDOR);
 	const char *board_name = dmi_get_system_info(DMI_BOARD_NAME);
 
-	/* Match the device name/model */
-	if (!board_name \
-			|| !board_vendor \
-			|| strcasecmp(board_vendor, "PC Engines") \
-			|| (strcasecmp(board_name, "apu2") \
-				&& strcasecmp(board_name, "apu3") \
-				&& strcasecmp(board_name, "PC Engines apu2") \
-				&& strcasecmp(board_name, "PC Engines apu3"))) {
-		err = -ENODEV;
-		goto exit;
-	}
-
 	pr_info ("%s: load APU2/LED GPIO driver module\n", DEVNAME);
 
 	err = platform_driver_register (&gpio_apu2_driver);

package/kernel/linux/Makefile

@@ -14,7 +14,7 @@ PKG_FLAGS:=hold
 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/packages
 SCAN_DEPS=modules/*.mk $(TOPDIR)/target/linux/*/modules.mk $(TOPDIR)/include/netfilter.mk
 
-PKG_LICENSE:=GPLv2
+PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=
 
 export SHELL:=/bin/sh

package/kernel/mac80211/patches/335-v4.18-0001-brcmfmac-move-ALLFFMAC-variable-in-flowring-module.patch

@@ -0,0 +1,52 @@
+From f8793c26fe586659d6da3fa277e63961a69d314b Mon Sep 17 00:00:00 2001
+From: Arend Van Spriel <arend.vanspriel@broadcom.com>
+Date: Wed, 16 May 2018 14:11:58 +0200
+Subject: [PATCH] brcmfmac: move ALLFFMAC variable in flowring module
+
+The only user of ALLFFMAC is the flowring module so no need to
+expose it in a header file.
+
+Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com>
+Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
+Reviewed-by: Franky Lin <franky.lin@broadcom.com>
+Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c   | 2 --
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.h   | 2 --
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/flowring.c | 2 ++
+ 3 files changed, 2 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
+@@ -36,8 +36,6 @@ MODULE_AUTHOR("Broadcom Corporation");
+ MODULE_DESCRIPTION("Broadcom 802.11 wireless LAN fullmac driver.");
+ MODULE_LICENSE("Dual BSD/GPL");
+ 
+-const u8 ALLFFMAC[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+-
+ #define BRCMF_DEFAULT_SCAN_CHANNEL_TIME	40
+ #define BRCMF_DEFAULT_SCAN_UNASSOC_TIME	40
+ 
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.h
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.h
+@@ -19,8 +19,6 @@
+ #include <linux/platform_data/brcmfmac.h>
+ #include "fwil_types.h"
+ 
+-extern const u8 ALLFFMAC[ETH_ALEN];
+-
+ #define BRCMF_FW_ALTPATH_LEN			256
+ 
+ /* Definitions for the module global and device specific settings are defined
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/flowring.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/flowring.c
+@@ -46,6 +46,8 @@ static const u8 brcmf_flowring_prio2fifo
+ 	3
+ };
+ 
++static const u8 ALLFFMAC[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
++
+ 
+ static bool
+ brcmf_flowring_is_tdls_mac(struct brcmf_flowring *flow, u8 mac[ETH_ALEN])

package/kernel/mac80211/patches/335-v4.18-0002-brcmfmac-add-support-for-sysfs-initiated-coredump.patch

@@ -0,0 +1,76 @@
+From 8e072168f75ebce85b96cbcefea2b10ddbd5913f Mon Sep 17 00:00:00 2001
+From: Arend Van Spriel <arend.vanspriel@broadcom.com>
+Date: Wed, 16 May 2018 14:11:59 +0200
+Subject: [PATCH] brcmfmac: add support for sysfs initiated coredump
+
+The driver already supports device coredump initiated by firmware
+event. Since commit 3c47d19ff4dc ("drivers: base: add coredump driver
+ops") it is also possible to initiate it from user-space through
+sysfs. This patch adds support for SDIO and PCIe devices.
+
+[rafal@milecki.pl: use LINUX_VERSION_CODE]
+Reviewed-by: Hante Meuleman <hante.meuleman@broadcom.com>
+Reviewed-by: Pieter-Paul Giesberts <pieter-paul.giesberts@broadcom.com>
+Reviewed-by: Franky Lin <franky.lin@broadcom.com>
+Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c | 1 +
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/bus.h    | 2 ++
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c   | 8 ++++++++
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c   | 1 +
+ 4 files changed, 12 insertions(+)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bcmsdh.c
+@@ -1165,6 +1165,9 @@ static struct sdio_driver brcmf_sdmmc_dr
+ #ifdef CONFIG_PM_SLEEP
+ 		.pm = &brcmf_sdio_pm_ops,
+ #endif	/* CONFIG_PM_SLEEP */
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
++		.coredump = brcmf_dev_coredump,
++#endif
+ 	},
+ };
+ 
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bus.h
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/bus.h
+@@ -250,6 +250,8 @@ int brcmf_attach(struct device *dev, str
+ void brcmf_detach(struct device *dev);
+ /* Indication from bus module that dongle should be reset */
+ void brcmf_dev_reset(struct device *dev);
++/* Request from bus module to initiate a coredump */
++void brcmf_dev_coredump(struct device *dev);
+ 
+ /* Configure the "global" bus state used by upper layers */
+ void brcmf_bus_change_state(struct brcmf_bus *bus, enum brcmf_bus_state state);
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
+@@ -1201,6 +1201,14 @@ void brcmf_dev_reset(struct device *dev)
+ 		brcmf_fil_cmd_int_set(drvr->iflist[0], BRCMF_C_TERMINATED, 1);
+ }
+ 
++void brcmf_dev_coredump(struct device *dev)
++{
++	struct brcmf_bus *bus_if = dev_get_drvdata(dev);
++
++	if (brcmf_debug_create_memdump(bus_if, NULL, 0) < 0)
++		brcmf_dbg(TRACE, "failed to create coredump\n");
++}
++
+ void brcmf_detach(struct device *dev)
+ {
+ 	s32 i;
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
+@@ -2044,6 +2044,9 @@ static struct pci_driver brcmf_pciedrvr
+ #ifdef CONFIG_PM
+ 	.driver.pm = &brcmf_pciedrvr_pm,
+ #endif
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 17, 0)
++	.driver.coredump = brcmf_dev_coredump,
++#endif
+ };
+ 
+ 

package/kernel/mac80211/patches/335-v4.18-0004-brcmfmac-validate-user-provided-data-for-memdump-bef.patch

@@ -0,0 +1,32 @@
+From d2af9b566554e01f9ad67b330ce569dbc130e5d3 Mon Sep 17 00:00:00 2001
+From: Franky Lin <franky.lin@broadcom.com>
+Date: Wed, 16 May 2018 14:12:01 +0200
+Subject: [PATCH] brcmfmac: validate user provided data for memdump before
+ copying
+
+In patch "brcmfmac: add support for sysfs initiated coredump", a new
+scenario of brcmf_debug_create_memdump was added in which the user of
+the function might not necessarily provide prefix data. Hence the
+function should not assume the data is always valid and should perform a
+check before copying.
+
+Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+Signed-off-by: Franky Lin <franky.lin@broadcom.com>
+Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/debug.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/debug.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/debug.c
+@@ -40,7 +40,8 @@ int brcmf_debug_create_memdump(struct br
+ 	if (!dump)
+ 		return -ENOMEM;
+ 
+-	memcpy(dump, data, len);
++	if (data && len > 0)
++		memcpy(dump, data, len);
+ 	err = brcmf_bus_get_memdump(bus, dump + len, ramsize);
+ 	if (err) {
+ 		vfree(dump);

package/kernel/mac80211/patches/335-v4.18-0005-brcmfmac-trigger-memory-dump-upon-firmware-halt-sign.patch

@@ -0,0 +1,38 @@
+From 8a3ab2f38f1669e3be6433a1f6b82a077b38c4c7 Mon Sep 17 00:00:00 2001
+From: Franky Lin <franky.lin@broadcom.com>
+Date: Wed, 16 May 2018 14:12:02 +0200
+Subject: [PATCH] brcmfmac: trigger memory dump upon firmware halt signal
+
+PCIe dongle firmware signals a halt/trap through mailbox interrupt.
+Trigger a memory dump upon receiving such signal could help to provide
+useful information for issue debug.
+
+Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+Signed-off-by: Franky Lin <franky.lin@broadcom.com>
+Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
+@@ -182,6 +182,7 @@ static const struct brcmf_firmware_mappi
+ #define BRCMF_D2H_DEV_D3_ACK			0x00000001
+ #define BRCMF_D2H_DEV_DS_ENTER_REQ		0x00000002
+ #define BRCMF_D2H_DEV_DS_EXIT_NOTE		0x00000004
++#define BRCMF_D2H_DEV_FWHALT			0x10000000
+ 
+ #define BRCMF_H2D_HOST_D3_INFORM		0x00000001
+ #define BRCMF_H2D_HOST_DS_ACK			0x00000002
+@@ -717,6 +718,10 @@ static void brcmf_pcie_handle_mb_data(st
+ 		devinfo->mbdata_completed = true;
+ 		wake_up(&devinfo->mbdata_resp_wait);
+ 	}
++	if (dtoh_mb_data & BRCMF_D2H_DEV_FWHALT) {
++		brcmf_dbg(PCIE, "D2H_MB_DATA: FW HALT\n");
++		brcmf_dev_coredump(&devinfo->pdev->dev);
++	}
+ }
+ 
+ 

package/kernel/mac80211/patches/335-v4.18-0006-brcmfmac-trigger-memory-dump-on-SDIO-firmware-halt-m.patch

@@ -0,0 +1,30 @@
+From b8248236e92790ac635caeb4156e46ea2417e037 Mon Sep 17 00:00:00 2001
+From: Franky Lin <franky.lin@broadcom.com>
+Date: Wed, 16 May 2018 14:12:03 +0200
+Subject: [PATCH] brcmfmac: trigger memory dump on SDIO firmware halt message
+
+Attempt to dump dongle memory for debug upon receiving firmware halt
+message through dongle to host mail box interrupt.
+
+Reviewed-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+Signed-off-by: Franky Lin <franky.lin@broadcom.com>
+Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
+@@ -1072,8 +1072,10 @@ static u32 brcmf_sdio_hostmail(struct br
+ 	bus->sdcnt.f1regdata += 2;
+ 
+ 	/* dongle indicates the firmware has halted/crashed */
+-	if (hmb_data & HMB_DATA_FWHALT)
++	if (hmb_data & HMB_DATA_FWHALT) {
+ 		brcmf_err("mailbox indicates firmware halted\n");
++		brcmf_dev_coredump(&sdiod->func1->dev);
++	}
+ 
+ 	/* Dongle recomposed rx frames, accept them again */
+ 	if (hmb_data & HMB_DATA_NAKHANDLED) {

package/kernel/mac80211/patches/336-v4.18-brcmfmac-stop-watchdog-before-detach-and-free-everyt.patch

@@ -0,0 +1,70 @@
+From 373c83a801f15b1e3d02d855fad89112bd4ccbe0 Mon Sep 17 00:00:00 2001
+From: Michael Trimarchi <michael@amarulasolutions.com>
+Date: Wed, 30 May 2018 11:06:34 +0200
+Subject: [PATCH] brcmfmac: stop watchdog before detach and free everything
+
+Using built-in in kernel image without a firmware in filesystem
+or in the kernel image can lead to a kernel NULL pointer deference.
+Watchdog need to be stopped in brcmf_sdio_remove
+
+The system is going down NOW!
+[ 1348.110759] Unable to handle kernel NULL pointer dereference at virtual address 000002f8
+Sent SIGTERM to all processes
+[ 1348.121412] Mem abort info:
+[ 1348.126962]   ESR = 0x96000004
+[ 1348.130023]   Exception class = DABT (current EL), IL = 32 bits
+[ 1348.135948]   SET = 0, FnV = 0
+[ 1348.138997]   EA = 0, S1PTW = 0
+[ 1348.142154] Data abort info:
+[ 1348.145045]   ISV = 0, ISS = 0x00000004
+[ 1348.148884]   CM = 0, WnR = 0
+[ 1348.151861] user pgtable: 4k pages, 48-bit VAs, pgdp = (____ptrval____)
+[ 1348.158475] [00000000000002f8] pgd=0000000000000000
+[ 1348.163364] Internal error: Oops: 96000004 [#1] PREEMPT SMP
+[ 1348.168927] Modules linked in: ipv6
+[ 1348.172421] CPU: 3 PID: 1421 Comm: brcmf_wdog/mmc0 Not tainted 4.17.0-rc5-next-20180517 #18
+[ 1348.180757] Hardware name: Amarula A64-Relic (DT)
+[ 1348.185455] pstate: 60000005 (nZCv daif -PAN -UAO)
+[ 1348.190251] pc : brcmf_sdiod_freezer_count+0x0/0x20
+[ 1348.195124] lr : brcmf_sdio_watchdog_thread+0x64/0x290
+[ 1348.200253] sp : ffff00000b85be30
+[ 1348.203561] x29: ffff00000b85be30 x28: 0000000000000000
+[ 1348.208868] x27: ffff00000b6cb918 x26: ffff80003b990638
+[ 1348.214176] x25: ffff0000087b1a20 x24: ffff80003b94f800
+[ 1348.219483] x23: ffff000008e620c8 x22: ffff000008f0b660
+[ 1348.224790] x21: ffff000008c6a858 x20: 00000000fffffe00
+[ 1348.230097] x19: ffff80003b94f800 x18: 0000000000000001
+[ 1348.235404] x17: 0000ffffab2e8a74 x16: ffff0000080d7de8
+[ 1348.240711] x15: 0000000000000000 x14: 0000000000000400
+[ 1348.246018] x13: 0000000000000400 x12: 0000000000000001
+[ 1348.251324] x11: 00000000000002c4 x10: 0000000000000a10
+[ 1348.256631] x9 : ffff00000b85bc40 x8 : ffff80003be11870
+[ 1348.261937] x7 : ffff80003dfc7308 x6 : 000000078ff08b55
+[ 1348.267243] x5 : 00000139e1058400 x4 : 0000000000000000
+[ 1348.272550] x3 : dead000000000100 x2 : 958f2788d6618100
+[ 1348.277856] x1 : 00000000fffffe00 x0 : 0000000000000000
+
+Signed-off-by: Michael Trimarchi <michael@amarulasolutions.com>
+Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+Tested-by: Andy Shevchenko <andy.shevchenko@gmail.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
+@@ -4297,6 +4297,13 @@ void brcmf_sdio_remove(struct brcmf_sdio
+ 	brcmf_dbg(TRACE, "Enter\n");
+ 
+ 	if (bus) {
++		/* Stop watchdog task */
++		if (bus->watchdog_tsk) {
++			send_sig(SIGTERM, bus->watchdog_tsk, 1);
++			kthread_stop(bus->watchdog_tsk);
++			bus->watchdog_tsk = NULL;
++		}
++
+ 		/* De-register interrupt handler */
+ 		brcmf_sdiod_intr_unregister(bus->sdiodev);
+ 

package/kernel/mac80211/patches/337-v4.18-brcmfmac-fix-regression-in-parsing-NVRAM-for-multipl.patch

@@ -0,0 +1,41 @@
+From 299b6365a3b7cf7f5ea1c945a420e9ee4841d6f7 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
+Date: Sun, 22 Jul 2018 23:46:25 +0200
+Subject: [PATCH] brcmfmac: fix regression in parsing NVRAM for multiple
+ devices
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+NVRAM is designed to work with Broadcom's SDK Linux kernel which fakes
+PCI domain 0 for all internal MMIO devices. Since official Linux kernel
+uses platform devices for that purpose there is a mismatch in numbering
+PCI domains.
+
+There used to be a fix for that problem but it was accidentally dropped
+during the last firmware loading rework. That resulted in brcmfmac not
+being able to extract device specific NVRAM content and all kind of
+calibration problems.
+
+Reported-by: Aditya Xavier <adityaxavier@gmail.com>
+Fixes: 2baa3aaee27f ("brcmfmac: introduce brcmf_fw_alloc_request() function")
+Cc: stable@vger.kernel.org # v4.17+
+Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
+Acked-by: Arend van Spriel <arend.vanspriel@broadcom.com>
+Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
+---
+ drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
++++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/pcie.c
+@@ -1785,7 +1785,8 @@ brcmf_pcie_prepare_fw_request(struct brc
+ 	fwreq->items[BRCMF_PCIE_FW_CODE].type = BRCMF_FW_TYPE_BINARY;
+ 	fwreq->items[BRCMF_PCIE_FW_NVRAM].type = BRCMF_FW_TYPE_NVRAM;
+ 	fwreq->items[BRCMF_PCIE_FW_NVRAM].flags = BRCMF_FW_REQF_OPTIONAL;
+-	fwreq->domain_nr = pci_domain_nr(devinfo->pdev->bus);
++	/* NVRAM reserves PCI domain 0 for Broadcom's SDK faked bus */
++	fwreq->domain_nr = pci_domain_nr(devinfo->pdev->bus) + 1;
+ 	fwreq->bus_nr = devinfo->pdev->bus->number;
+ 
+ 	return fwreq;

package/kernel/mac80211/patches/860-brcmfmac-register-wiphy-s-during-module_init.patch

@@ -13,7 +13,7 @@ Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
 
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/core.c
-@@ -1314,6 +1314,7 @@ int __init brcmf_core_init(void)
+@@ -1322,6 +1322,7 @@ int __init brcmf_core_init(void)
  {
  	if (!schedule_work(&brcmf_driver_work))
  		return -EBUSY;

package/kernel/mac80211/patches/864-brcmfmac-do-not-use-internal-roaming-engine-by-default.patch

@@ -9,7 +9,7 @@ Signed-off-by: Phil Elwell <phil@raspberrypi.org>
 
 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
 +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/common.c
-@@ -72,7 +72,11 @@ static int brcmf_fcmode;
+@@ -70,7 +70,11 @@ static int brcmf_fcmode;
  module_param_named(fcmode, brcmf_fcmode, int, 0);
  MODULE_PARM_DESC(fcmode, "Mode of firmware signalled flow control");
  

package/kernel/mwlwifi/Makefile

@@ -15,9 +15,9 @@ PKG_LICENSE_FILES:=
 
 PKG_SOURCE_URL:=https://github.com/kaloz/mwlwifi
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2018-03-30
-PKG_SOURCE_VERSION:=fcaea79ad33d6ae3c381d9e96bf77d6870ca8e79
-PKG_MIRROR_HASH:=1c0fa04ca80939038139dd50a50d9dc0d879b7cb594770282e3ec0008a479452
+PKG_SOURCE_DATE:=2018-06-15
+PKG_SOURCE_VERSION:=8683de8e97a31fe01cfd4e63ef6e9867b50aadae
+PKG_MIRROR_HASH:=69cd9f7c79564e444edf423133b13dcfbba9f66c051516606049087fa1973a20
 
 PKG_MAINTAINER:=Imre Kaloz <kaloz@openwrt.org>
 PKG_BUILD_PARALLEL:=1
@@ -27,7 +27,7 @@ include $(INCLUDE_DIR)/package.mk
 
 define KernelPackage/mwlwifi
   SUBMENU:=Wireless Drivers
-  TITLE:=Marvell 88W8864/88W8897/88W8964 wireless driver
+  TITLE:=Marvell 88W8864/88W8897/88W8964/88W8997 wireless driver
   DEPENDS:=+kmod-mac80211 +@DRIVER_11N_SUPPORT +@DRIVER_11AC_SUPPORT +@DRIVER_11W_SUPPORT @PCI_SUPPORT @TARGET_mvebu
   FILES:=$(PKG_BUILD_DIR)/mwlwifi.ko
   AUTOLOAD:=$(call AutoLoad,50,mwlwifi)
@@ -87,7 +87,16 @@ define Package/mwlwifi-firmware-88w8964/install
 	$(call Package/mwlwifi-firmware/install,$(1),88W8964.bin)
 endef
 
+define Package/mwlwifi-firmware-88w8997
+$(call Package/mwlwifi-firmware-default,88W8997)
+endef
+
+define Package/mwlwifi-firmware-88w8997/install
+	$(call Package/mwlwifi-firmware/install,$(1),88W8997.bin)
+endef
+
 $(eval $(call KernelPackage,mwlwifi))
 $(eval $(call BuildPackage,mwlwifi-firmware-88w8864))
 $(eval $(call BuildPackage,mwlwifi-firmware-88w8897))
 $(eval $(call BuildPackage,mwlwifi-firmware-88w8964))
+$(eval $(call BuildPackage,mwlwifi-firmware-88w8997))

package/libs/libubox/Makefile

@@ -5,9 +5,9 @@ PKG_RELEASE=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/libubox.git
-PKG_SOURCE_DATE:=2018-04-12
-PKG_SOURCE_VERSION:=6eff829d788b36939325557066f58aafd6a05321
-PKG_MIRROR_HASH:=d0ea16385a133d668d18d793d0bffd867a8c799832a176f0a312c1b473ff918d
+PKG_SOURCE_DATE:=2018-07-25
+PKG_SOURCE_VERSION:=c83a84afbef2b24f960ddeda0b5e2ab01fba6981
+PKG_MIRROR_HASH:=4a9594d2ae3706174d182a21fe815f1d18c20beca6593707cc757994975dc670
 CMAKE_INSTALL:=1
 
 PKG_LICENSE:=ISC

package/libs/mbedtls/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mbedtls
-PKG_VERSION:=2.8.0
+PKG_VERSION:=2.12.0
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-gpl.tgz
 PKG_SOURCE_URL:=https://tls.mbed.org/download/
-PKG_HASH:=649eb27187154590edda52943a7f468e740ec08807e5bf68ff45f4e8ffd68923
+PKG_HASH:=8661d19a896a5a7a232ed01ac7f05cf0ec3514798f18076c2c9ef965fbeb5a28
 
 PKG_BUILD_PARALLEL:=1
 PKG_LICENSE:=GPL-2.0+

package/libs/mbedtls/patches/200-config.patch

@@ -1,6 +1,23 @@
 --- a/include/mbedtls/config.h
 +++ b/include/mbedtls/config.h
-@@ -566,17 +566,17 @@
+@@ -548,14 +548,14 @@
+  *
+  * Enable Output Feedback mode (OFB) for symmetric ciphers.
+  */
+-#define MBEDTLS_CIPHER_MODE_OFB
++//#define MBEDTLS_CIPHER_MODE_OFB
+ 
+ /**
+  * \def MBEDTLS_CIPHER_MODE_XTS
+  *
+  * Enable Xor-encrypt-xor with ciphertext stealing mode (XTS) for AES.
+  */
+-#define MBEDTLS_CIPHER_MODE_XTS
++//#define MBEDTLS_CIPHER_MODE_XTS
+ 
+ /**
+  * \def MBEDTLS_CIPHER_NULL_CIPHER
+@@ -645,19 +645,19 @@
   *
   * Comment macros to disable the curve and functions for it
   */
@@ -24,19 +41,21 @@
 +//#define MBEDTLS_ECP_DP_BP384R1_ENABLED
 +//#define MBEDTLS_ECP_DP_BP512R1_ENABLED
  #define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+-#define MBEDTLS_ECP_DP_CURVE448_ENABLED
++//#define MBEDTLS_ECP_DP_CURVE448_ENABLED
  
  /**
-@@ -601,8 +601,8 @@
-  * Requires: MBEDTLS_HMAC_DRBG_C
+  * \def MBEDTLS_ECP_NIST_OPTIM
+@@ -682,7 +682,7 @@
   *
   * Comment this macro to disable deterministic ECDSA.
-- */
- #define MBEDTLS_ECDSA_DETERMINISTIC
-+ */
+  */
+-#define MBEDTLS_ECDSA_DETERMINISTIC
++//#define MBEDTLS_ECDSA_DETERMINISTIC
  
  /**
   * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-@@ -655,7 +655,7 @@
+@@ -735,7 +735,7 @@
   *             See dhm.h for more details.
   *
   */
@@ -45,17 +64,16 @@
  
  /**
   * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-@@ -674,8 +674,8 @@
-  *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+@@ -755,7 +755,7 @@
   *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
   *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
-- */
- #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-+ */
+  */
+-#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
++//#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
  
  /**
   * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
-@@ -700,7 +700,7 @@
+@@ -780,7 +780,7 @@
   *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
   *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
   */
@@ -64,7 +82,7 @@
  
  /**
   * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
-@@ -834,7 +834,7 @@
+@@ -914,7 +914,7 @@
   *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
   *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
   */
@@ -73,7 +91,7 @@
  
  /**
   * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-@@ -858,7 +858,7 @@
+@@ -938,7 +938,7 @@
   *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
   *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
   */
@@ -82,7 +100,7 @@
  
  /**
   * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
-@@ -962,7 +962,7 @@
+@@ -1042,7 +1042,7 @@
   * This option is only useful if both MBEDTLS_SHA256_C and
   * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
   */
@@ -91,7 +109,7 @@
  
  /**
   * \def MBEDTLS_ENTROPY_NV_SEED
-@@ -1057,14 +1057,14 @@
+@@ -1137,14 +1137,14 @@
   * Uncomment this macro to disable the use of CRT in RSA.
   *
   */
@@ -108,7 +126,7 @@
  
  /**
   * \def MBEDTLS_SHA256_SMALLER
-@@ -1080,7 +1080,7 @@
+@@ -1160,7 +1160,7 @@
   *
   * Uncomment to enable the smaller implementation of SHA256.
   */
@@ -117,7 +135,7 @@
  
  /**
   * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
-@@ -1207,7 +1207,7 @@
+@@ -1298,7 +1298,7 @@
   *          configuration of this extension).
   *
   */
@@ -126,17 +144,16 @@
  
  /**
   * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
-@@ -1381,8 +1381,8 @@
-  * callbacks are provided by MBEDTLS_SSL_TICKET_C.
+@@ -1473,7 +1473,7 @@
   *
   * Comment this macro to disable support for SSL session tickets
-- */
- #define MBEDTLS_SSL_SESSION_TICKETS
-+ */
+  */
+-#define MBEDTLS_SSL_SESSION_TICKETS
++//#define MBEDTLS_SSL_SESSION_TICKETS
  
  /**
   * \def MBEDTLS_SSL_EXPORT_KEYS
-@@ -1412,7 +1412,7 @@
+@@ -1503,7 +1503,7 @@
   *
   * Comment this macro to disable support for truncated HMAC in SSL
   */
@@ -145,17 +162,16 @@
  
  /**
   * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
-@@ -1470,8 +1470,8 @@
-  * Requires: MBEDTLS_VERSION_C
+@@ -1562,7 +1562,7 @@
   *
   * Comment this to disable run-time checking and save ROM space
-- */
- #define MBEDTLS_VERSION_FEATURES
-+ */
+  */
+-#define MBEDTLS_VERSION_FEATURES
++//#define MBEDTLS_VERSION_FEATURES
  
  /**
   * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
-@@ -1801,7 +1801,7 @@
+@@ -1892,7 +1892,7 @@
   *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
   *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
   */
@@ -163,8 +179,8 @@
 +//#define MBEDTLS_CAMELLIA_C
  
  /**
-  * \def MBEDTLS_CCM_C
-@@ -1815,7 +1815,7 @@
+  * \def MBEDTLS_ARIA_C
+@@ -1958,7 +1958,7 @@
   * This module enables the AES-CCM ciphersuites, if other requisites are
   * enabled as well.
   */
@@ -173,16 +189,34 @@
  
  /**
   * \def MBEDTLS_CERTS_C
-@@ -1827,7 +1827,7 @@
+@@ -1970,7 +1970,7 @@
   *
   * This module is used for testing (ssl_client/server).
   */
 -#define MBEDTLS_CERTS_C
 +//#define MBEDTLS_CERTS_C
  
+ /**
+  * \def MBEDTLS_CHACHA20_C
+@@ -1979,7 +1979,7 @@
+  *
+  * Module:  library/chacha20.c
+  */
+-#define MBEDTLS_CHACHA20_C
++//#define MBEDTLS_CHACHA20_C
+ 
+ /**
+  * \def MBEDTLS_CHACHAPOLY_C
+@@ -1990,7 +1990,7 @@
+  *
+  * This module requires: MBEDTLS_CHACHA20_C, MBEDTLS_POLY1305_C
+  */
+-#define MBEDTLS_CHACHAPOLY_C
++//#define MBEDTLS_CHACHAPOLY_C
+ 
  /**
   * \def MBEDTLS_CIPHER_C
-@@ -1880,7 +1880,7 @@
+@@ -2043,7 +2043,7 @@
   *
   * This module provides debugging functions.
   */
@@ -191,7 +225,7 @@
  
  /**
   * \def MBEDTLS_DES_C
-@@ -1909,7 +1909,7 @@
+@@ -2072,7 +2072,7 @@
   * \warning   DES is considered a weak cipher and its use constitutes a
   *            security risk. We recommend considering stronger ciphers instead.
   */
@@ -200,17 +234,43 @@
  
  /**
   * \def MBEDTLS_DHM_C
-@@ -2070,8 +2070,8 @@
-  * Requires: MBEDTLS_MD_C
-  *
-  * Uncomment to enable the HMAC_DRBG random number geerator.
-- */
- #define MBEDTLS_HMAC_DRBG_C
-+ */
+@@ -2235,7 +2235,7 @@
+  * This module adds support for the Hashed Message Authentication Code
+  * (HMAC)-based key derivation function (HKDF).
+  */
+-#define MBEDTLS_HKDF_C
++//#define MBEDTLS_HKDF_C
  
  /**
-  * \def MBEDTLS_MD_C
-@@ -2365,7 +2365,7 @@
+  * \def MBEDTLS_HMAC_DRBG_C
+@@ -2249,7 +2249,7 @@
+  *
+  * Uncomment to enable the HMAC_DRBG random number geerator.
+  */
+-#define MBEDTLS_HMAC_DRBG_C
++//#define MBEDTLS_HMAC_DRBG_C
+ 
+ /**
+  * \def MBEDTLS_NIST_KW_C
+@@ -2545,7 +2545,7 @@
+  *
+  * This module enables abstraction of common (libc) functions.
+  */
+-#define MBEDTLS_PLATFORM_C
++//#define MBEDTLS_PLATFORM_C
+ 
+ /**
+  * \def MBEDTLS_POLY1305_C
+@@ -2555,7 +2555,7 @@
+  * Module:  library/poly1305.c
+  * Caller:  library/chachapoly.c
+  */
+-#define MBEDTLS_POLY1305_C
++//#define MBEDTLS_POLY1305_C
+ 
+ /**
+  * \def MBEDTLS_RIPEMD160_C
+@@ -2566,7 +2566,7 @@
   * Caller:  library/md.c
   *
   */
@@ -219,37 +279,25 @@
  
  /**
   * \def MBEDTLS_RSA_C
-@@ -2449,8 +2449,8 @@
-  * Caller:
-  *
-  * Requires: MBEDTLS_SSL_CACHE_C
-- */
- #define MBEDTLS_SSL_CACHE_C
-+ */
- 
- /**
-  * \def MBEDTLS_SSL_COOKIE_C
-@@ -2471,8 +2471,8 @@
-  * Caller:
+@@ -2673,7 +2673,7 @@
   *
   * Requires: MBEDTLS_CIPHER_C
-- */
- #define MBEDTLS_SSL_TICKET_C
-+ */
+  */
+-#define MBEDTLS_SSL_TICKET_C
++//#define MBEDTLS_SSL_TICKET_C
  
  /**
   * \def MBEDTLS_SSL_CLI_C
-@@ -2571,8 +2571,8 @@
-  * Module:  library/version.c
+@@ -2773,7 +2773,7 @@
   *
   * This module provides run-time version information.
-- */
- #define MBEDTLS_VERSION_C
-+ */
+  */
+-#define MBEDTLS_VERSION_C
++//#define MBEDTLS_VERSION_C
  
  /**
   * \def MBEDTLS_X509_USE_C
-@@ -2682,7 +2682,7 @@
+@@ -2883,7 +2883,7 @@
   * Module:  library/xtea.c
   * Caller:
   */

package/libs/mbedtls/patches/300-soversion-compatibility.patch

@@ -0,0 +1,34 @@
+--- a/library/CMakeLists.txt
++++ b/library/CMakeLists.txt
+@@ -159,7 +159,7 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
+ 
+ if(USE_SHARED_MBEDTLS_LIBRARY)
+     add_library(mbedcrypto SHARED ${src_crypto})
+-    set_target_properties(mbedcrypto PROPERTIES VERSION 2.12.0 SOVERSION 3)
++    set_target_properties(mbedcrypto PROPERTIES VERSION 2.12.0 SOVERSION 1)
+     target_link_libraries(mbedcrypto ${libs})
+ 
+     add_library(mbedx509 SHARED ${src_x509})
+@@ -167,7 +167,7 @@ if(USE_SHARED_MBEDTLS_LIBRARY)
+     target_link_libraries(mbedx509 ${libs} mbedcrypto)
+ 
+     add_library(mbedtls SHARED ${src_tls})
+-    set_target_properties(mbedtls PROPERTIES VERSION 2.12.0 SOVERSION 11)
++    set_target_properties(mbedtls PROPERTIES VERSION 2.12.0 SOVERSION 10)
+     target_link_libraries(mbedtls ${libs} mbedx509)
+ 
+     install(TARGETS mbedtls mbedx509 mbedcrypto
+--- a/library/Makefile
++++ b/library/Makefile
+@@ -35,9 +35,9 @@ LOCAL_CFLAGS += -fPIC -fpic
+ endif
+ endif
+ 
+-SOEXT_TLS=so.11
++SOEXT_TLS=so.10
+ SOEXT_X509=so.0
+-SOEXT_CRYPTO=so.3
++SOEXT_CRYPTO=so.1
+ 
+ # Set AR_DASH= (empty string) to use an ar implentation that does not accept
+ # the - prefix for command line options (e.g. llvm-ar)

package/libs/openssl/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_BASE:=1.0.2
-PKG_BUGFIX:=o
+PKG_BUGFIX:=p
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
@@ -24,7 +24,7 @@ PKG_SOURCE_URL:= \
 	http://gd.tuwien.ac.at/infosys/security/openssl/source/ \
 	http://www.openssl.org/source/ \
 	http://www.openssl.org/source/old/$(PKG_BASE)/
-PKG_HASH:=ec3f5c9714ba0fd45cb4e087301eb1336c317e0d20b575a125050470e8089e4d
+PKG_HASH:=50a98e07b1a89eb8f6a99477f262df71c6fa7bef77df4dc83025a2845c827d00
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE

package/libs/openssl/patches/150-no_engines.patch

@@ -1,6 +1,6 @@
 --- a/Configure
 +++ b/Configure
-@@ -2136,6 +2136,11 @@ EOF
+@@ -2144,6 +2144,11 @@ EOF
  	close(OUT);
    }
    

package/libs/openssl/patches/200-parallel_build.patch

@@ -173,7 +173,7 @@
  
  apps:
  	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -586,7 +586,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssl
+@@ -593,7 +593,7 @@ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssl
  #	fi
  
  dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)

package/libs/uclient/Makefile

@@ -5,9 +5,9 @@ PKG_RELEASE=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/uclient.git
-PKG_SOURCE_DATE:=2017-11-02
-PKG_SOURCE_VERSION:=4b87d83160fec70d50b7fcd736a8c538c28a016c
-PKG_MIRROR_HASH:=4bbb4d5f295ebdcd67fec87a6794168bea2176a42cb2907c47d8566fb33dafb3
+PKG_SOURCE_DATE:=2018-08-03
+PKG_SOURCE_VERSION:=ae1c656ff041c6f1ccb37b070fa261e0d71f2b12
+PKG_MIRROR_HASH:=e88c92f880d3c1cf4162f62c4eeb8986baa8d73772e51eed3a60a8346aeb1b7c
 CMAKE_INSTALL:=1
 
 PKG_BUILD_DEPENDS:=ustream-ssl

package/libs/ustream-ssl/Makefile

@@ -1,13 +1,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ustream-ssl
-PKG_RELEASE:=3
+PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/ustream-ssl.git
-PKG_SOURCE_DATE:=2018-04-30
-PKG_SOURCE_VERSION:=527e7002d0429465bd49c0c0d416ef22fbf5ae86
-PKG_MIRROR_HASH:=b0b4219730a369741a192a67d4fbf7328bd62df8ae4f0d0e3084461e3bbaba54
+PKG_SOURCE_DATE:=2018-05-22
+PKG_SOURCE_VERSION:=5322f9db23b69fdc2b4760a6cfd67848a11818a4
+PKG_MIRROR_HASH:=c943f6e603b1309b33fd276acddffb33a171b6370455b6c21200897012e42d05
 CMAKE_INSTALL:=1
 
 PKG_BUILD_DIR=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_SOURCE_SUBDIR)

package/network/config/firewall/Makefile

@@ -13,9 +13,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall3.git
-PKG_SOURCE_DATE:=2018-05-14
-PKG_SOURCE_VERSION:=b45e162eca2c6e913318c4552643aae2a973ae3a
-PKG_MIRROR_HASH:=bdc6be90a94669817cf1543b814da7b5cd10eac3f5096533e0336352ff132d16
+PKG_SOURCE_DATE:=2018-07-26
+PKG_SOURCE_VERSION:=aa8846bb101054392b81f09bade120c021695892
+PKG_MIRROR_HASH:=cc2ff632744bdefbc64ad11dc18944b44af006c986367a28d6483ade6012effa
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=ISC
 
@@ -40,8 +40,8 @@ define Package/firewall/conffiles
 /etc/firewall.user
 endef
 
-TARGET_CFLAGS += -ffunction-sections -fdata-sections
-TARGET_LDFLAGS += -Wl,--gc-sections
+TARGET_CFLAGS += -ffunction-sections -fdata-sections -flto
+TARGET_LDFLAGS += -Wl,--gc-sections -flto
 CMAKE_OPTIONS += $(if $(CONFIG_IPV6),,-DDISABLE_IPV6=1)
 
 define Package/firewall/install

package/network/config/netifd/Makefile

@@ -5,9 +5,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/netifd.git
-PKG_SOURCE_DATE:=2018-05-30
-PKG_SOURCE_VERSION:=a580028dae5b7bebcc14c240fe7dac31cbd89355
-PKG_MIRROR_HASH:=41a645bc322c6a444bcc74cd099af6aead30924594aecf4e433204f8524a470e
+PKG_SOURCE_DATE:=2018-07-30
+PKG_SOURCE_VERSION:=a0a1e52eb300b574098ae18fc7e6849ff50c2e5e
+PKG_MIRROR_HASH:=f2a556e0de1e04d4e7b6ca30d3e7c65710659201fc81efb10420cd895d72a307
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 
 PKG_LICENSE:=GPL-2.0

package/network/config/qos-scripts/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=qos-scripts
-PKG_VERSION:=1.3.0
+PKG_VERSION:=1.3.1
 PKG_RELEASE:=1
 PKG_LICENSE:=GPL-2.0
 

package/network/config/qos-scripts/files/usr/bin/qos-stat

@@ -14,16 +14,17 @@ get_ifname() {
 	[ "$cfgt" = "interface" ] && config_get "$interface" ifname
 }
 
-config_cb() {
-	config_get TYPE "$CONFIG_SECTION" TYPE
+qos_set_device() {
+	config_get TYPE "$1" TYPE
 	[ "interface" = "$TYPE" ] && {
-		config_get device "$CONFIG_SECTION" ifname
-		[ -z "$device" ] && device="$(get_ifname ${CONFIG_SECTION})"
-		config_set "$CONFIG_SECTION" device "$device"
+		config_get device "$1" ifname
+		[ -z "$device" ] && device="$(get_ifname $1)"
+		config_set "$1" device "$device"
 	}
 }
 
 config_load qos
+config_foreach qos_set_device
 
 print_comments() {
 	echo ''

package/network/config/qos-scripts/files/usr/lib/qos/generate.sh

@@ -191,8 +191,6 @@ config_cb() {
 	option_cb() {
 		return 0
 	}
-
-	# Section start
 	case "$1" in
 		interface)
 			config_set "$2" "classgroup" "Default"
@@ -200,43 +198,41 @@ config_cb() {
 		;;
 		classify|default|reclassify)
 			option_cb() {
-				append options "$1"
+				append "CONFIG_${CONFIG_SECTION}_options" "$1"
 			}
 		;;
 	esac
+}
 
-    # Section end
-	config_get TYPE "$CONFIG_SECTION" TYPE
+qos_parse_config() {
+	config_get TYPE "$1" TYPE
 	case "$TYPE" in
 		interface)
-			config_get_bool enabled "$CONFIG_SECTION" enabled 1
-			[ 1 -eq "$enabled" ] || return 0
-			config_get classgroup "$CONFIG_SECTION" classgroup
-			config_set "$CONFIG_SECTION" ifbdev "$C"
-			C=$(($C+1))
-			append INTERFACES "$CONFIG_SECTION"
-			config_set "$classgroup" enabled 1
-			config_get device "$CONFIG_SECTION" device
-			[ -z "$device" ] && {
-				device="$(find_ifname ${CONFIG_SECTION})"
-				config_set "$CONFIG_SECTION" device "$device"
+			config_get_bool enabled "$1" enabled 1
+			[ 1 -eq "$enabled" ] && {
+				config_get classgroup "$1" classgroup
+				config_set "$1" ifbdev "$C"
+				C=$(($C+1))
+				append INTERFACES "$1"
+				config_set "$classgroup" enabled 1
+				config_get device "$1" device
+				[ -z "$device" ] && {
+					device="$(find_ifname $1)"
+					config_set "$1" device "$device"
+				}
 			}
 		;;
-		classgroup) append CG "$CONFIG_SECTION";;
+		classgroup) append CG "$1";;
 		classify|default|reclassify)
 			case "$TYPE" in
 				classify) var="ctrules";;
 				*) var="rules";;
 			esac
-			config_get target "$CONFIG_SECTION" target
-			config_set "$CONFIG_SECTION" options "$options"
-			append "$var" "$CONFIG_SECTION"
-			unset options
+			append "$var" "$1"
 		;;
 	esac
 }
 
-
 enum_classes() {
 	local c="0"
 	config_get classes "$1" classes
@@ -500,7 +496,10 @@ INTERFACES=""
 [ -e ./qos.conf ] && {
 	. ./qos.conf
 	config_cb
-} || config_load qos
+} || {
+	config_load qos
+	config_foreach qos_parse_config
+}
 
 C="0"
 for iface in $INTERFACES; do

package/network/ipv6/odhcp6c/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=odhcp6c
-PKG_RELEASE:=12
+PKG_RELEASE:=14
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/odhcp6c.git
-PKG_SOURCE_DATE:=2018-04-29
-PKG_SOURCE_VERSION:=5316d7f8bdcd8dd29286e98404a4f4fd2456500f
-PKG_MIRROR_HASH:=93acfd799c798da25b69e05e5926b1ada9a8213cdb70e1ccbd6027c2d27741ce
+PKG_SOURCE_DATE:=2018-07-14
+PKG_SOURCE_VERSION:=67ae6a71b5762292e114b281d0e329cc24209ae6
+PKG_MIRROR_HASH:=176b637b3856af0d6bb9c526afbddca4e569ea056fc36fc026345e7e22a6cef5
 PKG_MAINTAINER:=Hans Dedecker <dedeckeh@gmail.com>
 PKG_LICENSE:=GPL-2.0
 

package/network/ipv6/odhcp6c/files/dhcpv6.sh

@@ -16,6 +16,7 @@ proto_dhcpv6_init_config() {
 	proto_config_add_string 'forceprefix:bool'
 	proto_config_add_string 'extendprefix:bool'
 	proto_config_add_string 'norelease:bool'
+	proto_config_add_string 'noserverunicast:bool'
 	proto_config_add_array 'ip6prefix:list(ip6addr)'
 	proto_config_add_string iface_dslite
 	proto_config_add_string zone_dslite
@@ -50,8 +51,8 @@ proto_dhcpv6_setup() {
 	local config="$1"
 	local iface="$2"
 
-	local reqaddress reqprefix clientid reqopts defaultreqopts noslaaconly forceprefix extendprefix norelease ip6prefix ip6prefixes iface_dslite iface_map iface_464xlat ifaceid userclass vendorclass sendopts delegate zone_dslite zone_map zone_464xlat zone encaplimit_dslite encaplimit_map soltimeout fakeroutes sourcefilter keep_ra_dnslifetime ra_holdoff
-	json_get_vars reqaddress reqprefix clientid reqopts defaultreqopts noslaaconly forceprefix extendprefix norelease iface_dslite iface_map iface_464xlat ifaceid userclass vendorclass delegate zone_dslite zone_map zone_464xlat zone encaplimit_dslite encaplimit_map soltimeout fakeroutes sourcefilter keep_ra_dnslifetime ra_holdoff
+	local reqaddress reqprefix clientid reqopts defaultreqopts noslaaconly forceprefix extendprefix norelease noserverunicast ip6prefix ip6prefixes iface_dslite iface_map iface_464xlat ifaceid userclass vendorclass sendopts delegate zone_dslite zone_map zone_464xlat zone encaplimit_dslite encaplimit_map soltimeout fakeroutes sourcefilter keep_ra_dnslifetime ra_holdoff
+	json_get_vars reqaddress reqprefix clientid reqopts defaultreqopts noslaaconly forceprefix extendprefix norelease noserverunicast iface_dslite iface_map iface_464xlat ifaceid userclass vendorclass delegate zone_dslite zone_map zone_464xlat zone encaplimit_dslite encaplimit_map soltimeout fakeroutes sourcefilter keep_ra_dnslifetime ra_holdoff
 	json_for_each_item proto_dhcpv6_add_prefix ip6prefix ip6prefixes
 
 	# Configure
@@ -71,6 +72,8 @@ proto_dhcpv6_setup() {
 
 	[ "$norelease" = "1" ] && append opts "-k"
 
+	[ "$noserverunicast" = "1" ] && append opts "-U"
+
 	[ -n "$ifaceid" ] && append opts "-i$ifaceid"
 
 	[ -n "$vendorclass" ] && append opts "-V$vendorclass"

package/network/services/dnsmasq/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dnsmasq
-PKG_VERSION:=2.80test2
-PKG_RELEASE:=3
+PKG_VERSION:=2.80test3
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq/test-releases
-PKG_HASH:=e731666094699afcbad947f89f7f8afbf92e5ddc3c915459d4936159d81116f0
+PKG_HASH:=af9f6fd13e0d6c5a68059bcf8634c2784c0533017fd48fbaf59cd2955342d301
 
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING

package/network/services/dnsmasq/files/dnsmasq.init

@@ -844,8 +844,10 @@ dnsmasq_start()
 	config_list_foreach "$cfg" "rev_server" append_rev_server
 	config_list_foreach "$cfg" "address" append_address
 	config_list_foreach "$cfg" "ipset" append_ipset
-	config_list_foreach "$cfg" "interface" append_interface
-	config_list_foreach "$cfg" "notinterface" append_notinterface
+	[ -n "$BOOT" ] || {
+		config_list_foreach "$cfg" "interface" append_interface
+		config_list_foreach "$cfg" "notinterface" append_notinterface
+	}
 	config_list_foreach "$cfg" "addnhosts" append_addnhosts
 	config_list_foreach "$cfg" "bogusnxdomain" append_bogusnxdomain
 	append_parm "$cfg" "leasefile" "--dhcp-leasefile" "/tmp/dhcp.leases"
@@ -967,7 +969,7 @@ dnsmasq_start()
 	config_foreach filter_dnsmasq match dhcp_match_add "$cfg"
 	config_foreach filter_dnsmasq domain dhcp_domain_add "$cfg"
 	config_foreach filter_dnsmasq hostrecord dhcp_hostrecord_add "$cfg"
-	config_foreach filter_dnsmasq relay dhcp_relay_add "$cfg"
+	[ -n "$BOOT" ] || config_foreach filter_dnsmasq relay dhcp_relay_add "$cfg"
 
 	echo >> $CONFIGFILE_TMP
 	config_foreach filter_dnsmasq srvhost dhcp_srv_add "$cfg"
@@ -984,13 +986,13 @@ dnsmasq_start()
 		# Enable RA feature for when/if it is constructed,
 		# and RA is selected per interface pool (RA, DHCP, or both),
 		# but no one (should) want RA broadcast in syslog
-		config_foreach filter_dnsmasq dhcp dhcp_add "$cfg"
+		[ -n "$BOOT" ] || config_foreach filter_dnsmasq dhcp dhcp_add "$cfg"
 		xappend "--enable-ra"
 		xappend "--quiet-ra"
 		append_bool "$cfg" quietdhcp "--quiet-dhcp6"
 
 	elif [ "$DNSMASQ_DHCP_VER" -gt 0 ] ; then
-		config_foreach filter_dnsmasq dhcp dhcp_add "$cfg"
+		[ -n "$BOOT" ] || config_foreach filter_dnsmasq dhcp dhcp_add "$cfg"
 	fi
 
 
@@ -1059,6 +1061,13 @@ service_triggers()
 
 	config_load dhcp
 	config_foreach add_interface_trigger dhcp
+	config_foreach add_interface_trigger relay
+}
+
+boot()
+{
+	BOOT=1
+	start "$@"
 }
 
 start_service() {

package/network/services/dnsmasq/patches/0001-Be-persistent-with-broken-upstream-DNSSEC-warnings.patch

@@ -1,26 +0,0 @@
-From f84e674d8aa2316fea8d2145a40fcef0441e3856 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Fri, 4 May 2018 16:29:57 +0100
-Subject: [PATCH 01/10] Be persistent with broken-upstream-DNSSEC warnings.
-
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- src/dnssec.c | 7 +------
- 1 file changed, 1 insertion(+), 6 deletions(-)
-
---- a/src/dnssec.c
-+++ b/src/dnssec.c
-@@ -876,12 +876,7 @@ int dnssec_validate_ds(time_t now, struc
-   
-   if (rc == STAT_INSECURE)
-     {
--      static int reported = 0;
--      if (!reported)
--	{
--	  reported = 1;
--	  my_syslog(LOG_WARNING, _("Insecure DS reply received, do upstream DNS servers support DNSSEC?"));
--	}
-+      my_syslog(LOG_WARNING, _("Insecure DS reply received, do upstream DNS servers support DNSSEC?"));
-       rc = STAT_BOGUS;
-     }
-   

package/network/services/dnsmasq/patches/0002-Fix-DHCP-broken-ness-when-no-ping-AND-dhcp-sequentia.patch

@@ -1,35 +0,0 @@
-From 0669ee7a69a004ce34fed41e50aa575f8e04427b Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Fri, 4 May 2018 16:46:24 +0100
-Subject: [PATCH 02/10] Fix DHCP broken-ness when --no-ping AND
- --dhcp-sequential-ip are set.
-
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- CHANGELOG  | 3 ++-
- src/dhcp.c | 2 +-
- 2 files changed, 3 insertions(+), 2 deletions(-)
-
---- a/CHANGELOG
-+++ b/CHANGELOG
-@@ -14,7 +14,8 @@ version 2.80
-         when the upstream namesevers do not support DNSSEC, and in this
-         case no DNSSEC validation at all is occuring.
- 
--
-+        Fix DHCP broken-ness when --no-ping AND --dhcp-sequential-ip
-+	are set. Thanks to Daniel Miess for help with this.
- 
- 
- version 2.79
---- a/src/dhcp.c
-+++ b/src/dhcp.c
-@@ -678,7 +678,7 @@ struct ping_result *do_icmp_ping(time_t
-   if ((count >= max) || option_bool(OPT_NO_PING) || loopback)
-     {
-       /* overloaded, or configured not to check, loopback interface, return "not in use" */
--      dummy.hash = 0;
-+      dummy.hash = hash;
-       return &dummy;
-     }
-   else if (icmp_ping(addr))

package/network/services/dnsmasq/patches/0003-Add-logging-for-DNS-error-returns-from-upstream-and-.patch

@@ -1,184 +0,0 @@
-From 07ed585c38d8f7c0a18470d2e79cf46ea92ea96a Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Fri, 4 May 2018 21:52:22 +0100
-Subject: [PATCH 03/10] Add logging for DNS error returns from upstream and
- local configuration.
-
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- src/cache.c   | 13 +++++++++++++
- src/dnsmasq.h |  7 ++++++-
- src/forward.c | 25 +++++++++++++++++++------
- src/rfc1035.c | 19 ++++++++++++++-----
- 4 files changed, 52 insertions(+), 12 deletions(-)
-
---- a/src/cache.c
-+++ b/src/cache.c
-@@ -1598,6 +1598,19 @@ void log_query(unsigned int flags, char
-     {
-       if (flags & F_KEYTAG)
- 	sprintf(daemon->addrbuff, arg, addr->addr.log.keytag, addr->addr.log.algo, addr->addr.log.digest);
-+      else if (flags & F_RCODE)
-+	{
-+	  unsigned int rcode = addr->addr.rcode.rcode;
-+
-+	   if (rcode == SERVFAIL)
-+	     dest = "SERVFAIL";
-+	   else if (rcode == REFUSED)
-+	     dest = "REFUSED";
-+	   else if (rcode == NOTIMP)
-+	     dest = "not implemented";
-+	   else
-+	     sprintf(daemon->addrbuff, "%u", rcode);
-+	}
-       else
- 	{
- #ifdef HAVE_IPV6
---- a/src/dnsmasq.h
-+++ b/src/dnsmasq.h
-@@ -268,7 +268,11 @@ struct all_addr {
-     /* for log_query */
-     struct {
-       unsigned short keytag, algo, digest;
--    } log; 
-+    } log;
-+    /* for log_query */
-+    struct {
-+      unsigned int rcode;
-+    } rcode;
-     /* for cache_insert of DNSKEY, DS */
-     struct {
-       unsigned short class, type;
-@@ -459,6 +463,7 @@ struct crec {
- #define F_IPSET     (1u<<26)
- #define F_NOEXTRA   (1u<<27)
- #define F_SERVFAIL  (1u<<28)
-+#define F_RCODE     (1u<<29)
- 
- /* Values of uid in crecs with F_CONFIG bit set. */
- #define SRC_INTERFACE 0
---- a/src/forward.c
-+++ b/src/forward.c
-@@ -563,6 +563,7 @@ static size_t process_reply(struct dns_h
-   unsigned char *pheader, *sizep;
-   char **sets = 0;
-   int munged = 0, is_sign;
-+  unsigned int rcode = RCODE(header);
-   size_t plen; 
-   
-   (void)ad_reqd;
-@@ -593,6 +594,9 @@ static size_t process_reply(struct dns_h
-   
-   if ((pheader = find_pseudoheader(header, n, &plen, &sizep, &is_sign, NULL)))
-     {
-+      /* Get extended RCODE. */
-+      rcode |= sizep[2] << 4;
-+
-       if (check_subnet && !check_source(header, plen, pheader, query_source))
- 	{
- 	  my_syslog(LOG_WARNING, _("discarding DNS reply: subnet option mismatch"));
-@@ -641,11 +645,20 @@ static size_t process_reply(struct dns_h
-   if (!is_sign && !option_bool(OPT_DNSSEC_PROXY))
-      header->hb4 &= ~HB4_AD;
-   
--  if (OPCODE(header) != QUERY || (RCODE(header) != NOERROR && RCODE(header) != NXDOMAIN))
-+  if (OPCODE(header) != QUERY)
-     return resize_packet(header, n, pheader, plen);
-+
-+  if (rcode != NOERROR && rcode != NXDOMAIN)
-+    {
-+      struct all_addr a;
-+      a.addr.rcode.rcode = rcode;
-+      log_query(F_UPSTREAM | F_RCODE, "error", &a, NULL);
-+      
-+      return resize_packet(header, n, pheader, plen);
-+    }
-   
-   /* Complain loudly if the upstream server is non-recursive. */
--  if (!(header->hb4 & HB4_RA) && RCODE(header) == NOERROR &&
-+  if (!(header->hb4 & HB4_RA) && rcode == NOERROR &&
-       server && !(server->flags & SERV_WARNED_RECURSIVE))
-     {
-       prettyprint_addr(&server->addr, daemon->namebuff);
-@@ -654,7 +667,7 @@ static size_t process_reply(struct dns_h
- 	server->flags |= SERV_WARNED_RECURSIVE;
-     }  
- 
--  if (daemon->bogus_addr && RCODE(header) != NXDOMAIN &&
-+  if (daemon->bogus_addr && rcode != NXDOMAIN &&
-       check_for_bogus_wildcard(header, n, daemon->namebuff, daemon->bogus_addr, now))
-     {
-       munged = 1;
-@@ -666,7 +679,7 @@ static size_t process_reply(struct dns_h
-     {
-       int doctored = 0;
-       
--      if (RCODE(header) == NXDOMAIN && 
-+      if (rcode == NXDOMAIN && 
- 	  extract_request(header, n, daemon->namebuff, NULL) &&
- 	  check_for_local_domain(daemon->namebuff, now))
- 	{
-@@ -1090,7 +1103,7 @@ void reply_query(int fd, int family, tim
- 	      if (status == STAT_BOGUS && extract_request(header, n, daemon->namebuff, NULL))
- 		domain = daemon->namebuff;
- 	      
--	      log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result);
-+	      log_query(F_SECSTAT, domain, NULL, result);
- 	    }
- 	  
- 	  if (status == STAT_SECURE)
-@@ -1948,7 +1961,7 @@ unsigned char *tcp_request(int confd, ti
- 			  if (status == STAT_BOGUS && extract_request(header, m, daemon->namebuff, NULL))
- 			    domain = daemon->namebuff;
- 
--			  log_query(F_KEYTAG | F_SECSTAT, domain, NULL, result);
-+			  log_query(F_SECSTAT, domain, NULL, result);
- 			  
- 			  if (status == STAT_BOGUS)
- 			    {
---- a/src/rfc1035.c
-+++ b/src/rfc1035.c
-@@ -926,12 +926,11 @@ unsigned int extract_request(struct dns_
-   return F_QUERY;
- }
- 
--
- size_t setup_reply(struct dns_header *header, size_t qlen,
- 		struct all_addr *addrp, unsigned int flags, unsigned long ttl)
- {
-   unsigned char *p;
--
-+  
-   if (!(p = skip_questions(header, qlen)))
-     return 0;
-   
-@@ -948,7 +947,12 @@ size_t setup_reply(struct dns_header *he
-   else if (flags == F_NXDOMAIN)
-     SET_RCODE(header, NXDOMAIN);
-   else if (flags == F_SERVFAIL)
--    SET_RCODE(header, SERVFAIL);
-+    {
-+      struct all_addr a;
-+      a.addr.rcode.rcode = SERVFAIL;
-+      log_query(F_CONFIG | F_RCODE, "error", &a, NULL);
-+      SET_RCODE(header, SERVFAIL);
-+    }
-   else if (flags == F_IPV4)
-     { /* we know the address */
-       SET_RCODE(header, NOERROR);
-@@ -966,8 +970,13 @@ size_t setup_reply(struct dns_header *he
-     }
- #endif
-   else /* nowhere to forward to */
--    SET_RCODE(header, REFUSED);
-- 
-+    {
-+      struct all_addr a;
-+      a.addr.rcode.rcode = REFUSED;
-+      log_query(F_CONFIG | F_RCODE, "error", &a, NULL);
-+      SET_RCODE(header, REFUSED);
-+    }
-+  
-   return p - (unsigned char *)header;
- }
- 

package/network/services/dnsmasq/patches/0004-Add-packet-dump-debugging-facility.patch

@@ -1,587 +0,0 @@
-From 6b17335209639a56f214d011eaed4ebcde8dd276 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Tue, 8 May 2018 18:32:14 +0100
-Subject: [PATCH 04/10] Add packet-dump debugging facility.
-
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- CHANGELOG      |   6 ++
- Makefile       |   2 +-
- bld/Android.mk |   3 +-
- man/dnsmasq.8  |   7 ++
- src/config.h   |  16 ++++-
- src/dnsmasq.c  |  16 ++++-
- src/dnsmasq.h  |  29 +++++++-
- src/dump.c     | 210 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- src/forward.c  |  37 ++++++++--
- src/option.c   |  14 ++++
- 10 files changed, 329 insertions(+), 11 deletions(-)
- create mode 100644 src/dump.c
-
---- a/CHANGELOG
-+++ b/CHANGELOG
-@@ -17,6 +17,12 @@ version 2.80
-         Fix DHCP broken-ness when --no-ping AND --dhcp-sequential-ip
- 	are set. Thanks to Daniel Miess for help with this.
- 
-+	Add a facilty to store DNS packets sent/recieved in a
-+	pcap-format file for later debugging. The file location
-+	is given by the --dumpfile option, and a bitmap controlling
-+	which packets should be dumped is given by the --dumpmask
-+	option.
-+
- 
- version 2.79
- 	Fix parsing of CNAME arguments, which are confused by extra spaces.
---- a/Makefile
-+++ b/Makefile
-@@ -76,7 +76,7 @@ objs = cache.o rfc1035.o util.o option.o
-        helper.o tftp.o log.o conntrack.o dhcp6.o rfc3315.o \
-        dhcp-common.o outpacket.o radv.o slaac.o auth.o ipset.o \
-        domain.o dnssec.o blockdata.o tables.o loop.o inotify.o \
--       poll.o rrfilter.o edns0.o arp.o crypto.o
-+       poll.o rrfilter.o edns0.o arp.o crypto.o dump.o
- 
- hdrs = dnsmasq.h config.h dhcp-protocol.h dhcp6-protocol.h \
-        dns-protocol.h radv-protocol.h ip6addr.h
---- a/bld/Android.mk
-+++ b/bld/Android.mk
-@@ -10,7 +10,8 @@ LOCAL_SRC_FILES :=  bpf.c cache.c dbus.c
- 		    dhcp6.c rfc3315.c dhcp-common.c outpacket.c \
- 		    radv.c slaac.c auth.c ipset.c domain.c \
- 	            dnssec.c dnssec-openssl.c blockdata.c tables.c \
--		    loop.c inotify.c poll.c rrfilter.c edns0.c arp.c crypto.c
-+		    loop.c inotify.c poll.c rrfilter.c edns0.c arp.c \
-+		    crypto.c dump.c
- 
- LOCAL_MODULE := dnsmasq
- 
---- a/man/dnsmasq.8
-+++ b/man/dnsmasq.8
-@@ -647,6 +647,13 @@ V4 mapped IPv6 addresses, which have a r
- The address range can be of the form
- <ip address>,<ip address> or <ip address>/<netmask> in both forms of the option.
- .TP
-+.B --dumpfile=<path/to/file>
-+Specify the location of a pcap-format file which dnsmasq uses to dump copies of network packets for debugging purposes. If the file exists when dnsmasq starts, it is not deleted; new packets are added to the end.
-+.TP
-+.B --dumpmask=<mask>
-+Specify which types of packets should be added to the dumpfile. The argument should be the OR of the bitmasks for each type of packet to be dumped: it can be specified in hex by preceding the number with 0x in  the normal way. Each time a packet is written to the dumpfile, dnsmasq logs the packet sequence and the mask
-+representing its type. The current types are: 0x0001 - DNS queries from clients 0x0002 DNS replies to clients 0x0004 - DNS queries to upstream 0x0008 - DNS replies from upstream 0x0010 - queries send upstream for DNSSEC validation 0x0020 - replies to queries for DNSSEC validation 0x0040 - replies to client queries which fail DNSSEC validation 0x0080 replies to queries for DNSSEC validation which fail validation.
-+.TP
- .B --add-mac[=base64|text]
- Add the MAC address of the requestor to DNS queries which are
- forwarded upstream. This may be used to DNS filtering by the upstream
---- a/src/config.h
-+++ b/src/config.h
-@@ -117,6 +117,9 @@ HAVE_AUTH
- HAVE_DNSSEC
-    include DNSSEC validator.
- 
-+HAVE_DUMPFILE
-+   include code to dump packets to a libpcap-format file for debugging.
-+
- HAVE_LOOP
-    include functionality to probe for and remove DNS forwarding loops.
- 
-@@ -132,6 +135,7 @@ NO_DHCP6
- NO_SCRIPT
- NO_LARGEFILE
- NO_AUTH
-+NO_DUMPFILE
- NO_INOTIFY
-    these are available to explicitly disable compile time options which would 
-    otherwise be enabled automatically (HAVE_IPV6, >2Gb file sizes) or 
-@@ -164,6 +168,7 @@ RESOLVFILE
- #define HAVE_AUTH
- #define HAVE_IPSET 
- #define HAVE_LOOP
-+#define HAVE_DUMPFILE
- 
- /* Build options which require external libraries.
-    
-@@ -363,6 +368,10 @@ HAVE_SOCKADDR_SA_LEN
- #undef HAVE_LOOP
- #endif
- 
-+#ifdef NO_DUMPFILE
-+#undef HAVE_DUMPFILE
-+#endif
-+
- #if defined (HAVE_LINUX_NETWORK) && !defined(NO_INOTIFY)
- #define HAVE_INOTIFY
- #endif
-@@ -451,8 +460,11 @@ static char *compile_opts =
- #ifndef HAVE_INOTIFY
- "no-"
- #endif
--"inotify";
--
-+"inotify "
-+#ifndef HAVE_DUMPFILE
-+"no-"
-+#endif
-+"dumpfile";
- 
- #endif
- 
---- a/src/dnsmasq.c
-+++ b/src/dnsmasq.c
-@@ -366,7 +366,16 @@ int main (int argc, char **argv)
-   else
-     daemon->inotifyfd = -1;
- #endif
--       
-+
-+  if (daemon->dump_file)
-+#ifdef HAVE_DUMPFILE
-+    dump_init();
-+  else 
-+    daemon->dumpfd = -1;
-+#else
-+  die(_("Packet dumps not available: set HAVE_DUMP in src/config.h"), NULL, EC_BADCONF);
-+#endif
-+  
-   if (option_bool(OPT_DBUS))
- #ifdef HAVE_DBUS
-     {
-@@ -1424,6 +1433,11 @@ static void async_event(int pipe, time_t
- 
- 	if (daemon->runfile)
- 	  unlink(daemon->runfile);
-+
-+#ifdef HAVE_DUMPFILE
-+	if (daemon->dumpfd != -1)
-+	  close(daemon->dumpfd);
-+#endif
- 	
- 	my_syslog(LOG_INFO, _("exiting on receipt of SIGTERM"));
- 	flush_log();
---- a/src/dnsmasq.h
-+++ b/src/dnsmasq.h
-@@ -119,6 +119,9 @@ typedef unsigned long long u64;
- #include <net/if_arp.h>
- #include <netinet/in_systm.h>
- #include <netinet/ip.h>
-+#ifdef HAVE_IPV6
-+#include <netinet/ip6.h>
-+#endif
- #include <netinet/ip_icmp.h>
- #include <sys/uio.h>
- #include <syslog.h>
-@@ -598,6 +601,16 @@ struct hostsfile {
-   unsigned int index; /* matches to cache entries for logging */
- };
- 
-+/* packet-dump flags */
-+#define DUMP_QUERY     0x0001
-+#define DUMP_REPLY     0x0002
-+#define DUMP_UP_QUERY  0x0004
-+#define DUMP_UP_REPLY  0x0008
-+#define DUMP_SEC_QUERY 0x0010
-+#define DUMP_SEC_REPLY 0x0020
-+#define DUMP_BOGUS     0x0040
-+#define DUMP_SEC_BOGUS 0x0080
-+
- 
- /* DNSSEC status values. */
- #define STAT_SECURE             1
-@@ -1020,14 +1033,14 @@ extern struct daemon {
-   unsigned int duid_enterprise, duid_config_len;
-   unsigned char *duid_config;
-   char *dbus_name;
-+  char *dump_file;
-+  int dump_mask;
-   unsigned long soa_sn, soa_refresh, soa_retry, soa_expiry;
- #ifdef OPTION6_PREFIX_CLASS 
-   struct prefix_class *prefix_classes;
- #endif
- #ifdef HAVE_DNSSEC
-   struct ds_config *ds;
--  int dnssec_no_time_check;
--  int back_to_the_future;
-   char *timestamp_file;
- #endif
- 
-@@ -1040,6 +1053,8 @@ extern struct daemon {
-   char *workspacename; /* ditto */
-   char *rr_status; /* flags for individual RRs */
-   int rr_status_sz;
-+  int dnssec_no_time_check;
-+  int back_to_the_future;
- #endif
-   unsigned int local_answer, queries_forwarded, auth_answer;
-   struct frec *frec_list;
-@@ -1094,6 +1109,10 @@ extern struct daemon {
-   char *addrbuff;
-   char *addrbuff2; /* only allocated when OPT_EXTRALOG */
- 
-+#ifdef HAVE_DUMPFILE
-+  /* file for packet dumps. */
-+  int dumpfd;
-+#endif
- } *daemon;
- 
- /* cache.c */
-@@ -1588,3 +1607,9 @@ int check_source(struct dns_header *head
- /* arp.c */
- int find_mac(union mysockaddr *addr, unsigned char *mac, int lazy, time_t now);
- int do_arp_script_run(void);
-+
-+/* dump.c */
-+#ifdef HAVE_DUMPFILE
-+void dump_init(void);
-+void dump_packet(int mask, void *packet, size_t len, union mysockaddr *src, union mysockaddr *dst);
-+#endif
---- /dev/null
-+++ b/src/dump.c
-@@ -0,0 +1,210 @@
-+/* dnsmasq is Copyright (c) 2000-2018 Simon Kelley
-+
-+   This program is free software; you can redistribute it and/or modify
-+   it under the terms of the GNU General Public License as published by
-+   the Free Software Foundation; version 2 dated June, 1991, or
-+   (at your option) version 3 dated 29 June, 2007.
-+ 
-+   This program is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+   GNU General Public License for more details.
-+     
-+   You should have received a copy of the GNU General Public License
-+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-+*/
-+
-+#include "dnsmasq.h"
-+
-+#ifdef HAVE_DUMPFILE
-+
-+static u32 packet_count;
-+
-+/* https://wiki.wireshark.org/Development/LibpcapFileFormat */
-+struct pcap_hdr_s {
-+        u32 magic_number;   /* magic number */
-+        u16 version_major;  /* major version number */
-+        u16 version_minor;  /* minor version number */
-+        u32 thiszone;       /* GMT to local correction */
-+        u32 sigfigs;        /* accuracy of timestamps */
-+        u32 snaplen;        /* max length of captured packets, in octets */
-+        u32 network;        /* data link type */
-+};
-+
-+struct pcaprec_hdr_s {
-+        u32 ts_sec;         /* timestamp seconds */
-+        u32 ts_usec;        /* timestamp microseconds */
-+        u32 incl_len;       /* number of octets of packet saved in file */
-+        u32 orig_len;       /* actual length of packet */
-+};
-+
-+
-+void dump_init(void)
-+{
-+  struct stat buf;
-+  struct pcap_hdr_s header;
-+  struct pcaprec_hdr_s pcap_header;
-+
-+  packet_count = 0;
-+  
-+  if (stat(daemon->dump_file, &buf) == -1)
-+    {
-+      /* doesn't exist, create and add header */
-+      header.magic_number = 0xa1b2c3d4;
-+      header.version_major = 2;
-+      header.version_minor = 4;
-+      header.thiszone = 0;
-+      header.sigfigs = 0;
-+      header.snaplen = daemon->edns_pktsz + 200; /* slop for IP/UDP headers */
-+      header.network = 101; /* DLT_RAW http://www.tcpdump.org/linktypes.html */
-+
-+      if (errno != ENOENT ||
-+	  (daemon->dumpfd = creat(daemon->dump_file, S_IRUSR | S_IWUSR)) == -1 ||
-+	  !read_write(daemon->dumpfd, (void *)&header, sizeof(header), 0))
-+	die(_("cannot create %s: %s"), daemon->dump_file, EC_FILE);
-+    }
-+  else if ((daemon->dumpfd = open(daemon->dump_file, O_APPEND | O_RDWR)) == -1 ||
-+	   !read_write(daemon->dumpfd, (void *)&header, sizeof(header), 1) ||
-+	   header.magic_number != 0xa1b2c3d4)
-+    die(_("cannot access %s: %s"), daemon->dump_file, EC_FILE);
-+  else
-+    {
-+      /* count existing records */
-+      while (read_write(daemon->dumpfd, (void *)&pcap_header, sizeof(pcap_header), 1))
-+	{
-+	  lseek(daemon->dumpfd, pcap_header.incl_len, SEEK_CUR);
-+	  packet_count++;
-+	}
-+    }
-+}
-+
-+void dump_packet(int mask, void *packet, size_t len, union mysockaddr *src, union mysockaddr *dst)
-+{
-+  struct ip ip;
-+#ifdef HAVE_IPV6
-+  struct ip6_hdr ip6;
-+  int family;
-+#endif
-+  struct udphdr {
-+    u16 uh_sport;               /* source port */
-+    u16 uh_dport;               /* destination port */
-+    u16 uh_ulen;                /* udp length */
-+    u16 uh_sum;                 /* udp checksum */
-+  } udp;
-+  struct pcaprec_hdr_s pcap_header;
-+  struct timeval time;
-+  u32 i, sum;
-+  void *iphdr;
-+  size_t ipsz;
-+  int rc;
-+  
-+  if (daemon->dumpfd == -1 || !(mask & daemon->dump_mask))
-+    return;
-+  
-+  /* So wireshark can Id the packet. */
-+  udp.uh_sport = udp.uh_dport = htons(NAMESERVER_PORT);
-+
-+#ifdef HAVE_IPV6
-+  if (src)
-+    family = src->sa.sa_family;
-+  else
-+    family = dst->sa.sa_family;
-+
-+  if (family == AF_INET6)
-+    {
-+      iphdr = &ip6;
-+      ipsz = sizeof(ip6);
-+      memset(&ip6, 0, sizeof(ip6));
-+      
-+      ip6.ip6_vfc = 6 << 4;
-+      ip6.ip6_plen = htons(sizeof(struct udphdr) + len);
-+      ip6.ip6_nxt = IPPROTO_UDP;
-+      ip6.ip6_hops = 64;
-+
-+      if (src)
-+	{
-+	  memcpy(&ip6.ip6_src, &src->in6.sin6_addr, IN6ADDRSZ);
-+	  udp.uh_sport = src->in6.sin6_port;
-+	}
-+      
-+      if (dst)
-+	{
-+	  memcpy(&ip6.ip6_dst, &dst->in6.sin6_addr, IN6ADDRSZ);
-+	  udp.uh_dport = dst->in6.sin6_port;
-+	}
-+            
-+      /* start UDP checksum */
-+      for (sum = 0, i = 0; i < IN6ADDRSZ; i++)
-+	sum += ((u16 *)&ip6.ip6_src)[i];
-+    }
-+  else
-+#endif
-+    {
-+      iphdr = &ip;
-+      ipsz = sizeof(ip);
-+      memset(&ip, 0, sizeof(ip));
-+      
-+      ip.ip_v = IPVERSION;
-+      ip.ip_hl = sizeof(struct ip) / 4;
-+      ip.ip_len = htons(sizeof(struct ip) + sizeof(struct udphdr) + len); 
-+      ip.ip_ttl = IPDEFTTL;
-+      ip.ip_p = IPPROTO_UDP;
-+      
-+      if (src)
-+	{
-+	  ip.ip_src = src->in.sin_addr;
-+	  udp.uh_sport = src->in.sin_port;
-+	}
-+
-+      if (dst)
-+	{
-+	  ip.ip_dst = dst->in.sin_addr;
-+	  udp.uh_dport = dst->in.sin_port;
-+	}
-+      
-+      ip.ip_sum = 0;
-+      for (sum = 0, i = 0; i < sizeof(struct ip) / 2; i++)
-+	sum += ((u16 *)&ip)[i];
-+      while (sum >> 16)
-+	sum = (sum & 0xffff) + (sum >> 16);  
-+      ip.ip_sum = (sum == 0xffff) ? sum : ~sum;
-+      
-+      /* start UDP checksum */
-+      sum = ip.ip_src.s_addr & 0xffff;
-+      sum += (ip.ip_src.s_addr >> 16) & 0xffff;
-+      sum += ip.ip_dst.s_addr & 0xffff;
-+      sum += (ip.ip_dst.s_addr >> 16) & 0xffff;
-+    }
-+  
-+  if (len & 1)
-+    ((unsigned char *)packet)[len] = 0; /* for checksum, in case length is odd. */
-+
-+  udp.uh_sum = 0;
-+  udp.uh_ulen = htons(sizeof(struct udphdr) + len);
-+  sum += htons(IPPROTO_UDP);
-+  sum += htons(sizeof(struct udphdr) + len);
-+  for (i = 0; i < sizeof(struct udphdr)/2; i++)
-+    sum += ((u16 *)&udp)[i];
-+  for (i = 0; i < (len + 1) / 2; i++)
-+    sum += ((u16 *)packet)[i];
-+  while (sum >> 16)
-+    sum = (sum & 0xffff) + (sum >> 16);
-+  udp.uh_sum = (sum == 0xffff) ? sum : ~sum;
-+
-+  rc = gettimeofday(&time, NULL);
-+  pcap_header.ts_sec = time.tv_sec;
-+  pcap_header.ts_usec = time.tv_usec;
-+  pcap_header.incl_len = pcap_header.orig_len = ipsz + sizeof(udp) + len;
-+  
-+  if (rc == -1 ||
-+      !read_write(daemon->dumpfd, (void *)&pcap_header, sizeof(pcap_header), 0) ||
-+      !read_write(daemon->dumpfd, iphdr, ipsz, 0) ||
-+      !read_write(daemon->dumpfd, (void *)&udp, sizeof(udp), 0) ||
-+      !read_write(daemon->dumpfd, (void *)packet, len, 0))
-+    my_syslog(LOG_ERR, _("failed to write packet dump"));
-+  else
-+    my_syslog(LOG_INFO, _("dumping UDP packet %u mask 0x%04x"), ++packet_count, mask);
-+
-+}
-+
-+#endif
---- a/src/forward.c
-+++ b/src/forward.c
-@@ -508,6 +508,10 @@ static int forward_query(int udpfd, unio
- 	    
- 	      if (errno == 0)
- 		{
-+#ifdef HAVE_DUMPFILE
-+		  dump_packet(DUMP_UP_QUERY, (void *)header, plen, NULL, &start->addr);
-+#endif
-+		  
- 		  /* Keep info in case we want to re-send this packet */
- 		  daemon->srv_save = start;
- 		  daemon->packet_len = plen;
-@@ -769,7 +773,7 @@ void reply_query(int fd, int family, tim
- #endif
-   
-   header = (struct dns_header *)daemon->packet;
--  
-+
-   if (n < (int)sizeof(struct dns_header) || !(header->hb3 & HB3_QR))
-     return;
-   
-@@ -796,6 +800,12 @@ void reply_query(int fd, int family, tim
-   if (!(forward = lookup_frec(ntohs(header->id), hash)))
-     return;
-   
-+#ifdef HAVE_DUMPFILE
-+  dump_packet((forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY)) ? DUMP_SEC_REPLY : DUMP_UP_REPLY,
-+	      (void *)header, n, &serveraddr, NULL);
-+#endif
-+  
-+  
-   /* log_query gets called indirectly all over the place, so 
-      pass these in global variables - sorry. */
-   daemon->log_display_id = forward->log_id;
-@@ -934,6 +944,11 @@ void reply_query(int fd, int family, tim
- 		    status = dnssec_validate_reply(now, header, n, daemon->namebuff, daemon->keyname, &forward->class, 
- 						   !option_bool(OPT_DNSSEC_IGN_NS) && (server->flags & SERV_DO_DNSSEC),
- 						   NULL, NULL);
-+#ifdef HAVE_DUMPFILE
-+		  if (status == STAT_BOGUS)
-+		    dump_packet((forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY)) ? DUMP_SEC_BOGUS : DUMP_BOGUS,
-+				header, (size_t)n, &serveraddr, NULL);
-+#endif
- 		}
- 	      
- 	      /* Can't validate, as we're missing key data. Put this
-@@ -1060,6 +1075,11 @@ void reply_query(int fd, int family, tim
- 				setsockopt(fd, SOL_SOCKET, SO_MARK, &mark, sizeof(unsigned int));
- 			    }
- #endif
-+			  
-+#ifdef HAVE_DUMPFILE
-+			  dump_packet(DUMP_SEC_QUERY, (void *)header, (size_t)nn, NULL, &server->addr);
-+#endif
-+			  
- 			  while (retry_send(sendto(fd, (char *)header, nn, 0, 
- 						   &server->addr.sa, 
- 						   sa_len(&server->addr)))); 
-@@ -1114,8 +1134,8 @@ void reply_query(int fd, int family, tim
- 	      bogusanswer = 1;
- 	    }
- 	}
--#endif     
--      
-+#endif
-+
-       /* restore CD bit to the value in the query */
-       if (forward->flags & FREC_CHECKING_DISABLED)
- 	header->hb4 |= HB4_CD;
-@@ -1141,6 +1161,11 @@ void reply_query(int fd, int family, tim
- 	      nn = resize_packet(header, nn, NULL, 0);
- 	    }
- #endif
-+
-+#ifdef HAVE_DUMPFILE
-+	  dump_packet(DUMP_REPLY, daemon->packet, (size_t)nn, NULL, &forward->source);
-+#endif
-+	  
- 	  send_from(forward->fd, option_bool(OPT_NOWILD) || option_bool (OPT_CLEVERBIND), daemon->packet, nn, 
- 		    &forward->source, &forward->dest, forward->iface);
- 	}
-@@ -1394,7 +1419,11 @@ void receive_query(struct listener *list
-      pass these in global variables - sorry. */
-   daemon->log_display_id = ++daemon->log_id;
-   daemon->log_source_addr = &source_addr;
--  
-+
-+#ifdef HAVE_DUMPFILE
-+  dump_packet(DUMP_QUERY, daemon->packet, (size_t)n, &source_addr, NULL);
-+#endif
-+	  
-   if (extract_request(header, (size_t)n, daemon->namebuff, &type))
-     {
- #ifdef HAVE_AUTH
---- a/src/option.c
-+++ b/src/option.c
-@@ -161,6 +161,8 @@ struct myoption {
- #define LOPT_TFTP_MTU      349
- #define LOPT_REPLY_DELAY   350
- #define LOPT_RAPID_COMMIT  351
-+#define LOPT_DUMPFILE      352
-+#define LOPT_DUMPMASK      353
-  
- #ifdef HAVE_GETOPT_LONG
- static const struct option opts[] =  
-@@ -327,6 +329,8 @@ static const struct myoption opts[] =
-     { "dhcp-ttl", 1, 0 , LOPT_DHCPTTL },
-     { "dhcp-reply-delay", 1, 0, LOPT_REPLY_DELAY },
-     { "dhcp-rapid-commit", 0, 0, LOPT_RAPID_COMMIT },
-+    { "dumpfile", 1, 0, LOPT_DUMPFILE },
-+    { "dumpmask", 1, 0, LOPT_DUMPMASK },
-     { NULL, 0, 0, 0 }
-   };
- 
-@@ -500,6 +504,8 @@ static struct {
-   { LOPT_DHCPTTL, ARG_ONE, "<ttl>", gettext_noop("Set TTL in DNS responses with DHCP-derived addresses."), NULL }, 
-   { LOPT_REPLY_DELAY, ARG_ONE, "<integer>", gettext_noop("Delay DHCP replies for at least number of seconds."), NULL },
-   { LOPT_RAPID_COMMIT, OPT_RAPID_COMMIT, NULL, gettext_noop("Enables DHCPv4 Rapid Commit option."), NULL },
-+  { LOPT_DUMPFILE, ARG_ONE, "<path>", gettext_noop("Path to debug packet dump file"), NULL },
-+  { LOPT_DUMPMASK, ARG_ONE, "<hex>", gettext_noop("Mask which packets to dump"), NULL },
-   { 0, 0, NULL, NULL, NULL }
- }; 
- 
-@@ -1811,6 +1817,14 @@ static int one_opt(int option, char *arg
- 	ret_err(_("bad MX target"));
-       break;
- 
-+    case LOPT_DUMPFILE:  /* --dumpfile */
-+      daemon->dump_file = opt_string_alloc(arg);
-+      break;
-+
-+    case LOPT_DUMPMASK:  /* --dumpmask */
-+      daemon->dump_mask = strtol(arg, NULL, 0);
-+      break;
-+      
- #ifdef HAVE_DHCP      
-     case 'l':  /* --dhcp-leasefile */
-       daemon->lease_file = opt_string_alloc(arg);

package/network/services/dnsmasq/patches/0005-Retry-query-to-other-servers-on-receipt-of-SERVFAIL-.patch

@@ -1,22 +0,0 @@
-From 34e26e14c5e0fb2d5f05f67858319c9db2058333 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Thu, 10 May 2018 20:54:57 +0100
-Subject: [PATCH 05/10] Retry query to other servers on receipt of SERVFAIL
- rcode.
-
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- src/forward.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/src/forward.c
-+++ b/src/forward.c
-@@ -817,7 +817,7 @@ void reply_query(int fd, int family, tim
- 
-   /* Note: if we send extra options in the EDNS0 header, we can't recreate
-      the query from the reply. */
--  if (RCODE(header) == REFUSED &&
-+  if ((RCODE(header) == REFUSED || RCODE(header) == SERVFAIL) &&
-       forward->forwardall == 0 &&
-       !(forward->flags & FREC_HAS_EXTRADATA))
-     /* for broken servers, attempt to send to another one. */

package/network/services/dnsmasq/patches/0006-Handle-query-retry-on-REFUSED-or-SERVFAIL-for-DNSSEC.patch

@@ -1,87 +0,0 @@
-From a0088e83640d7d1544127dd668660462e9f78e52 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Thu, 10 May 2018 21:43:14 +0100
-Subject: [PATCH 06/10] Handle query retry on REFUSED or SERVFAIL for
- DNSSEC-generated queries.
-
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- src/forward.c | 46 ++++++++++++++++++++++++++++++++++++++++------
- 1 file changed, 40 insertions(+), 6 deletions(-)
-
---- a/src/forward.c
-+++ b/src/forward.c
-@@ -298,9 +298,9 @@ static int forward_query(int udpfd, unio
- 		fd = forward->rfd4->fd;
- 	    }
- 	  
--	  while (retry_send( sendto(fd, (char *)header, plen, 0,
--				    &forward->sentto->addr.sa,
--				    sa_len(&forward->sentto->addr))));
-+	  while (retry_send(sendto(fd, (char *)header, plen, 0,
-+				   &forward->sentto->addr.sa,
-+				   sa_len(&forward->sentto->addr))));
- 	  
- 	  return 1;
- 	}
-@@ -804,8 +804,7 @@ void reply_query(int fd, int family, tim
-   dump_packet((forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY)) ? DUMP_SEC_REPLY : DUMP_UP_REPLY,
- 	      (void *)header, n, &serveraddr, NULL);
- #endif
--  
--  
-+
-   /* log_query gets called indirectly all over the place, so 
-      pass these in global variables - sorry. */
-   daemon->log_display_id = forward->log_id;
-@@ -826,6 +825,40 @@ void reply_query(int fd, int family, tim
-       size_t plen;
-       int is_sign;
- 
-+      /* For DNSSEC originated queries, just retry the query to the same server. */
-+      if (forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY))
-+	{
-+	  blockdata_retrieve(forward->stash, forward->stash_len, (void *)header);
-+	  plen = forward->stash_len;
-+
-+	  forward->forwardall = 2; /* only retry once */
-+	  
-+	  if (forward->sentto->addr.sa.sa_family == AF_INET) 
-+	    log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (struct all_addr *)&forward->sentto->addr.in.sin_addr, "dnssec");
-+#ifdef HAVE_IPV6
-+	  else
-+	    log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (struct all_addr *)&forward->sentto->addr.in6.sin6_addr, "dnssec");
-+#endif
-+  
-+	  if (forward->sentto->sfd)
-+	    fd = forward->sentto->sfd->fd;
-+	  else
-+	    {
-+#ifdef HAVE_IPV6
-+	      if (forward->sentto->addr.sa.sa_family == AF_INET6)
-+		fd = forward->rfd6->fd;
-+	      else
-+#endif
-+		fd = forward->rfd4->fd;
-+	    }
-+	  
-+	  while (retry_send(sendto(fd, (char *)header, plen, 0,
-+				   &forward->sentto->addr.sa,
-+				   sa_len(&forward->sentto->addr))));
-+	  
-+	  return;
-+	}
-+	  
-       /* In strict order mode, there must be a server later in the chain
- 	 left to send to, otherwise without the forwardall mechanism,
- 	 code further on will cycle around the list forwever if they
-@@ -1017,7 +1050,8 @@ void reply_query(int fd, int family, tim
- #ifdef HAVE_IPV6
- 		      new->rfd6 = NULL;
- #endif
--		      new->flags &= ~(FREC_DNSKEY_QUERY | FREC_DS_QUERY);
-+		      new->flags &= ~(FREC_DNSKEY_QUERY | FREC_DS_QUERY | FREC_HAS_EXTRADATA);
-+		      new->forwardall = 0;
- 		      
- 		      new->dependent = forward; /* to find query awaiting new one. */
- 		      forward->blocking_query = new; /* for garbage cleaning */

package/network/services/dnsmasq/patches/0007-Retry-SERVFAIL-DNSSEC-queries-to-a-different-server-.patch

@@ -1,100 +0,0 @@
-From 1f60a18ea1c64beb8b6cffa0650a2bfad95ac352 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Fri, 11 May 2018 16:44:16 +0100
-Subject: [PATCH 07/10] Retry SERVFAIL DNSSEC queries to a different server, if
- possible.
-
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- src/forward.c | 53 ++++++++++++++++++++++++++++++++++++++++++-----------
- 1 file changed, 42 insertions(+), 11 deletions(-)
-
---- a/src/forward.c
-+++ b/src/forward.c
-@@ -825,9 +825,12 @@ void reply_query(int fd, int family, tim
-       size_t plen;
-       int is_sign;
- 
-+#ifdef HAVE_DNSSEC
-       /* For DNSSEC originated queries, just retry the query to the same server. */
-       if (forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY))
- 	{
-+	  struct server *start;
-+	  
- 	  blockdata_retrieve(forward->stash, forward->stash_len, (void *)header);
- 	  plen = forward->stash_len;
- 
-@@ -839,26 +842,54 @@ void reply_query(int fd, int family, tim
- 	  else
- 	    log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (struct all_addr *)&forward->sentto->addr.in6.sin6_addr, "dnssec");
- #endif
--  
--	  if (forward->sentto->sfd)
--	    fd = forward->sentto->sfd->fd;
-+
-+	  start = forward->sentto;
-+
-+	  /* for non-domain specific servers, see if we can find another to try. */
-+	  if ((forward->sentto->flags & SERV_TYPE) == 0)
-+	    while (1)
-+	      {
-+		if (!(start = start->next))
-+		  start = daemon->servers;
-+		if (start == forward->sentto)
-+		  break;
-+		
-+		if ((start->flags & SERV_TYPE) == 0 &&
-+		    (start->flags & SERV_DO_DNSSEC))
-+		  break;
-+	      }
-+	    
-+	  
-+	  if (start->sfd)
-+	    fd = start->sfd->fd;
- 	  else
- 	    {
- #ifdef HAVE_IPV6
--	      if (forward->sentto->addr.sa.sa_family == AF_INET6)
--		fd = forward->rfd6->fd;
-+	      if (start->addr.sa.sa_family == AF_INET6)
-+		{
-+		  /* may have changed family */
-+		  if (!forward->rfd6)
-+		    forward->rfd6 = allocate_rfd(AF_INET6);
-+		  fd = forward->rfd6->fd;
-+		}
- 	      else
- #endif
--		fd = forward->rfd4->fd;
-+		{
-+		  /* may have changed family */
-+		  if (!forward->rfd4)
-+		    forward->rfd4 = allocate_rfd(AF_INET);
-+		  fd = forward->rfd4->fd;
-+		}
- 	    }
--	  
-+	
- 	  while (retry_send(sendto(fd, (char *)header, plen, 0,
--				   &forward->sentto->addr.sa,
--				   sa_len(&forward->sentto->addr))));
-+				   &start->addr.sa,
-+				   sa_len(&start->addr))));
- 	  
- 	  return;
- 	}
--	  
-+#endif
-+      
-       /* In strict order mode, there must be a server later in the chain
- 	 left to send to, otherwise without the forwardall mechanism,
- 	 code further on will cycle around the list forwever if they
-@@ -1024,7 +1055,7 @@ void reply_query(int fd, int family, tim
- 			  while (1)
- 			    {
- 			      if (type == (start->flags & (SERV_TYPE | SERV_DO_DNSSEC)) &&
--				  (type != SERV_HAS_DOMAIN || hostname_isequal(domain, start->domain)) &&
-+				  ((type & SERV_TYPE) != SERV_HAS_DOMAIN || hostname_isequal(domain, start->domain)) &&
- 				  !(start->flags & (SERV_LITERAL_ADDRESS | SERV_LOOP)))
- 				{
- 				  new_server = start;

package/network/services/dnsmasq/patches/0008-Fix-logging-in-previous.patch

@@ -1,41 +0,0 @@
-From e27825b0ef1e79ab05b1752c8c838cb43ad39d79 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Fri, 11 May 2018 17:20:47 +0100
-Subject: [PATCH 08/10] Fix logging in previous.
-
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- src/forward.c | 15 +++++++--------
- 1 file changed, 7 insertions(+), 8 deletions(-)
-
---- a/src/forward.c
-+++ b/src/forward.c
-@@ -835,14 +835,6 @@ void reply_query(int fd, int family, tim
- 	  plen = forward->stash_len;
- 
- 	  forward->forwardall = 2; /* only retry once */
--	  
--	  if (forward->sentto->addr.sa.sa_family == AF_INET) 
--	    log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (struct all_addr *)&forward->sentto->addr.in.sin_addr, "dnssec");
--#ifdef HAVE_IPV6
--	  else
--	    log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (struct all_addr *)&forward->sentto->addr.in6.sin6_addr, "dnssec");
--#endif
--
- 	  start = forward->sentto;
- 
- 	  /* for non-domain specific servers, see if we can find another to try. */
-@@ -886,6 +878,13 @@ void reply_query(int fd, int family, tim
- 				   &start->addr.sa,
- 				   sa_len(&start->addr))));
- 	  
-+	  if (start->addr.sa.sa_family == AF_INET) 
-+	    log_query(F_NOEXTRA | F_DNSSEC | F_IPV4, "retry", (struct all_addr *)&start->addr.in.sin_addr, "dnssec");
-+#ifdef HAVE_IPV6
-+	  else
-+	    log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, "retry", (struct all_addr *)&start->addr.in6.sin6_addr, "dnssec");
-+#endif
-+	  
- 	  return;
- 	}
- #endif

package/network/services/dnsmasq/patches/0009-Do-unsolicited-RAs-for-interfaces-which-appear-after.patch

@@ -1,44 +0,0 @@
-From 0a496f059c1e9d75c33cce4c1211d58422ba4f62 Mon Sep 17 00:00:00 2001
-From: Maarten de Vries <maarten+dnsmasq@m.de-vri.es>
-Date: Fri, 11 May 2018 23:20:58 +0100
-Subject: [PATCH 09/10] Do unsolicited RAs for interfaces which appear after
- dnsmasq startup.
-
-I noticed that dnsmasq often wasn't sending any unsolicited RAs for me.
-
-This turned out to happen when the interface (a bridge interface) wasn't
-created yet at the time dnsmasq started. When dnsmasq is started after
-the interface is created, it sends RAs as expected. I assume this also
-extends to other types of virtual interfaces that are created after
-dnsmasq starts.
-
-Digging into the source, it seems to be caused by a missing call to
-ra_start_unsolicited for non-template contexts in construct_worker from
-src/dhcp6.c. The attached patch adds that call, but only if the
-interface index or address changed to prevent doing fast RAs for no reason.
-
-I tested it on my own server and it appears to work as expected. When
-the interface is created and configured, dnsmasq does fast RAs for a
-while and then settles into slow RAs.
-
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- src/dhcp6.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
---- a/src/dhcp6.c
-+++ b/src/dhcp6.c
-@@ -647,6 +647,13 @@ static int construct_worker(struct in6_a
- 	    is_same_net6(local, &template->start6, template->prefix) &&
- 	    is_same_net6(local, &template->end6, template->prefix))
- 	  {
-+	    /* First time found, do fast RA. */
-+	    if (template->if_index != if_index || !IN6_ARE_ADDR_EQUAL(&template->local6, local))
-+	      {
-+		ra_start_unsolicited(param->now, template);
-+		param->newone = 1;
-+	      }
-+	    
- 	    template->if_index = if_index;
- 	    template->local6 = *local;
- 	  }

package/network/services/dnsmasq/patches/0010-Log-warning-on-very-large-cachesize-config-instead-o.patch

@@ -1,38 +0,0 @@
-From 1f1873aadd092a0fab505dd278a484d887ba0ec3 Mon Sep 17 00:00:00 2001
-From: Simon Kelley <simon@thekelleys.org.uk>
-Date: Fri, 11 May 2018 23:38:23 +0100
-Subject: [PATCH 10/10] Log warning on very large cachesize config, instead of
- truncating it.
-
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- src/dnsmasq.c | 6 +++++-
- src/option.c  | 2 --
- 2 files changed, 5 insertions(+), 3 deletions(-)
-
---- a/src/dnsmasq.c
-+++ b/src/dnsmasq.c
-@@ -740,7 +740,11 @@ int main (int argc, char **argv)
-   else 
-     {
-       if (daemon->cachesize != 0)
--	my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
-+	{
-+	  my_syslog(LOG_INFO, _("started, version %s cachesize %d"), VERSION, daemon->cachesize);
-+	  if (daemon->cachesize > 10000)
-+	    my_syslog(LOG_WARNING, _("cache size greater than 10000 may cause performance issues, and is unlikely to be useful."));
-+	}
-       else
- 	my_syslog(LOG_INFO, _("started, version %s cache disabled"), VERSION);
- 
---- a/src/option.c
-+++ b/src/option.c
-@@ -2603,8 +2603,6 @@ static int one_opt(int option, char *arg
- 	    
- 	    if (size < 0)
- 	      size = 0;
--	    else if (size > 10000)
--	      size = 10000;
- 	    
- 	    daemon->cachesize = size;
- 	  }

package/network/services/dnsmasq/patches/240-ubus.patch

@@ -74,7 +74,7 @@
  int main (int argc, char **argv)
  {
    int bind_fallback = 0;
-@@ -944,6 +1004,7 @@ int main (int argc, char **argv)
+@@ -949,6 +1009,7 @@ int main (int argc, char **argv)
        set_dbus_listeners();
  #endif	
    
@@ -82,7 +82,7 @@
  #ifdef HAVE_DHCP
        if (daemon->dhcp || daemon->relay4)
  	{
-@@ -1074,6 +1135,8 @@ int main (int argc, char **argv)
+@@ -1079,6 +1140,8 @@ int main (int argc, char **argv)
        check_dbus_listeners();
  #endif
        
@@ -104,7 +104,7 @@
  mostly_clean :
 --- a/src/dnsmasq.h
 +++ b/src/dnsmasq.h
-@@ -1440,6 +1440,8 @@ void emit_dbus_signal(int action, struct
+@@ -1445,6 +1445,8 @@ void emit_dbus_signal(int action, struct
  #  endif
  #endif
  

package/network/services/dropbear/files/dropbear.init

@@ -148,6 +148,11 @@ service_triggers()
 	procd_add_validation validate_section_dropbear
 }
 
+shutdown() {
+	# close all open connections
+	killall dropbear
+}
+
 killclients()
 {
 	local ignore=''

package/network/services/hostapd/patches/0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch

@@ -0,0 +1,48 @@
+From 3e34cfdff6b192fe337c6fb3f487f73e96582961 Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Sun, 15 Jul 2018 01:25:53 +0200
+Subject: [PATCH] WPA: Ignore unauthenticated encrypted EAPOL-Key data
+
+Ignore unauthenticated encrypted EAPOL-Key data in supplicant
+processing. When using WPA2, these are frames that have the Encrypted
+flag set, but not the MIC flag.
+
+When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
+not the MIC flag, had their data field decrypted without first verifying
+the MIC. In case the data field was encrypted using RC4 (i.e., when
+negotiating TKIP as the pairwise cipher), this meant that
+unauthenticated but decrypted data would then be processed. An adversary
+could abuse this as a decryption oracle to recover sensitive information
+in the data field of EAPOL-Key messages (e.g., the group key).
+(CVE-2018-14526)
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/rsn_supp/wpa.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 56f3af7..db94a49 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -2215,6 +2215,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
+ 
+ 	if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
+ 	    (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) && mic_len) {
++		/*
++		 * Only decrypt the Key Data field if the frame's authenticity
++		 * was verified. When using AES-SIV (FILS), the MIC flag is not
++		 * set, so this check should only be performed if mic_len != 0
++		 * which is the case in this code branch.
++		 */
++		if (!(key_info & WPA_KEY_INFO_MIC)) {
++			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++				"WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
++			goto out;
++		}
+ 		if (wpa_supplicant_decrypt_key_data(sm, key, mic_len,
+ 						    ver, key_data,
+ 						    &key_data_len))
+-- 
+2.7.4
+

package/network/services/igmpproxy/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=igmpproxy
 PKG_VERSION:=0.2.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/pali/igmpproxy/releases/download/${PKG_VERSION}/

package/network/services/igmpproxy/files/igmpproxy.init

@@ -114,7 +114,7 @@ start_service() {
 	[ -n "$has_upstream" ] || return
 
 	procd_open_instance
-	procd_set_param command $PROG
+	procd_set_param command $PROG '-n'
 	[ -n "$logopts" ] && procd_append_param command $logopts
 	procd_append_param command $CONFIGFILE
 	procd_set_param file $CONFIGFILE

package/network/services/odhcpd/Makefile

@@ -9,13 +9,13 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=odhcpd
 PKG_RELEASE:=1
-PKG_VERSION:=1.7
+PKG_VERSION:=1.10
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/odhcpd.git
-PKG_SOURCE_DATE:=2018-04-23
-PKG_SOURCE_VERSION:=413652910234f44e11d6550abf6871621474b8cb
-PKG_MIRROR_HASH:=2245eea8764e40b518e40633eeabd30eb8cc4d01574a351a3d6b0aef27f654ca
+PKG_SOURCE_DATE:=2018-07-26
+PKG_SOURCE_VERSION:=44cce3169a961727b1f046b786e7995ffb26a957
+PKG_MIRROR_HASH:=f068ddad6e4c630a5baf7369a6deaebd1ec3f7e5c0aa4826496451da425e40dc
 
 PKG_MAINTAINER:=Hans Dedecker <dedeckeh@gmail.com>
 PKG_LICENSE:=GPL-2.0

package/network/services/openvpn/Makefile

@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=openvpn
 
 PKG_VERSION:=2.4.5
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE_URL:=\
 	https://build.openvpn.net/downloads/releases/ \

package/network/services/wireguard/Makefile

@@ -11,12 +11,12 @@ include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=wireguard
 
-PKG_VERSION:=0.0.20180625
-PKG_RELEASE:=1
+PKG_VERSION:=0.0.20180718
+PKG_RELEASE:=2
 
 PKG_SOURCE:=WireGuard-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://git.zx2c4.com/WireGuard/snapshot/
-PKG_HASH:=d9bedeb22b1f83d48581608a6521fea1d429fbeb8809419d08703ef2ec570020
+PKG_HASH:=083c093a6948c8d38f92e7ea5533f9ff926019f24dc2612ea974851ed3e24705
 
 PKG_LICENSE:=GPL-2.0 Apache-2.0
 PKG_LICENSE_FILES:=COPYING
@@ -84,12 +84,13 @@ define Package/wireguard-tools/description
   $(call Package/wireguard/Default/description)
 
   This package provides the userspace control program for WireGuard,
-  `wg(8)`, and a netifd protocol helper.
+  `wg(8)`, a netifd protocol helper, and a re-resolve watchdog script.
 endef
 
 define Package/wireguard-tools/install
 	$(INSTALL_DIR) $(1)/usr/bin/
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/tools/wg $(1)/usr/bin/
+	$(INSTALL_BIN) ./files/wireguard_watchdog $(1)/usr/bin/
 	$(INSTALL_DIR) $(1)/lib/netifd/proto/
 	$(INSTALL_BIN) ./files/wireguard.sh $(1)/lib/netifd/proto/
 endef

package/network/services/wireguard/files/wireguard_watchdog

@@ -0,0 +1,60 @@
+#!/bin/sh
+# SPDX-License-Identifier: GPL-2.0
+#
+# Copyright (C) 2018 Aleksandr V. Piskunov <aleksandr.v.piskunov@gmail.com>.
+# Copyright (C) 2015-2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
+#
+# This watchdog script tries to re-resolve hostnames for inactive WireGuard peers.
+# Use it for peers with a frequently changing dynamic IP.
+# persistent_keepalive must be set, recommended value is 25 seconds.
+#
+# Run this script from cron every minute:
+# echo '* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root
+
+
+. /lib/functions.sh
+
+check_peer_activity() {
+  local cfg=$1
+  local iface=$2
+  local public_key
+  local endpoint_host
+  local endpoint_port
+  local persistent_keepalive
+  local last_handshake
+  local idle_seconds
+
+  config_get public_key "${cfg}" "public_key"
+  config_get endpoint_host "${cfg}" "endpoint_host"
+  config_get endpoint_port "${cfg}" "endpoint_port"
+  persistent_keepalive=`wg show ${iface} persistent-keepalive | grep ${public_key} | awk '{print $2}'`
+
+  # only process peers with endpoints and keepalive set
+  [ -z ${endpoint_host} ] && return 0;
+  [ -z ${persistent_keepalive} -o ${persistent_keepalive} = "off" ] && return 0;
+
+  # skip IP addresses
+  # check taken from packages/net/ddns-scripts/files/dynamic_dns_functions.sh
+  local IPV4_REGEX="[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}"
+  local IPV6_REGEX="\(\([0-9A-Fa-f]\{1,4\}:\)\{1,\}\)\(\([0-9A-Fa-f]\{1,4\}\)\{0,1\}\)\(\(:[0-9A-Fa-f]\{1,4\}\)\{1,\}\)"
+  local IPV4=$(echo ${endpoint_host} | grep -m 1 -o "$IPV4_REGEX$")    # do not detect ip in 0.0.0.0.example.com
+  local IPV6=$(echo ${endpoint_host} | grep -m 1 -o "$IPV6_REGEX")
+  [ -n "${IPV4}" -o -n "${IPV6}" ] && return 0;
+
+  # re-resolve endpoint hostname if not responding for too long
+  last_handshake=`wg show ${iface} latest-handshakes | grep ${public_key} | awk '{print $2}'`
+  [ -z ${last_handshake} ] && return 0;
+  idle_seconds=$((`date +%s`-${last_handshake}))
+  [ ${idle_seconds} -lt 150 ] && return 0;
+  logger -t "wireguard_monitor" "${iface} endpoint ${endpoint_host}:${endpoint_port} is not responding for ${idle_seconds} seconds, trying to re-resolve hostname"
+  wg set ${iface} peer ${public_key} endpoint "${endpoint_host}:${endpoint_port}"
+}
+
+# query ubus for all active wireguard interfaces
+wg_ifaces=`ubus -S call network.interface dump | jsonfilter -e '@.interface[@.up=true]' | jsonfilter -a -e '@[@.proto="wireguard"].interface' | tr "\n" " "`
+
+# check every peer in every active wireguard interface
+config_load network
+for iface in $wg_ifaces; do
+  config_foreach check_peer_activity "wireguard_${iface}" "${iface}"
+done

package/network/utils/curl/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=curl
 PKG_VERSION:=7.60.0
-PKG_RELEASE:=1
+PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://dl.uxnr.de/mirror/curl/ \

package/network/utils/curl/patches/400-CVE-2018-0500.patch

@@ -0,0 +1,32 @@
+From ba1dbd78e5f1ed67c1b8d37ac89d90e5e330b628 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 13 Jun 2018 12:24:40 +0200
+Subject: [PATCH] smtp: use the upload buffer size for scratch buffer malloc
+
+... not the read buffer size, as that can be set smaller and thus cause
+a buffer overflow! CVE-2018-0500
+
+Reported-by: Peter Wu
+Bug: https://curl.haxx.se/docs/adv_2018-70a2.html
+---
+ lib/smtp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/lib/smtp.c
++++ b/lib/smtp.c
+@@ -1563,13 +1563,14 @@ CURLcode Curl_smtp_escape_eob(struct con
+   if(!scratch || data->set.crlf) {
+     oldscratch = scratch;
+ 
+-    scratch = newscratch = malloc(2 * data->set.buffer_size);
++    scratch = newscratch = malloc(2 * UPLOAD_BUFSIZE);
+     if(!newscratch) {
+       failf(data, "Failed to alloc scratch buffer!");
+ 
+       return CURLE_OUT_OF_MEMORY;
+     }
+   }
++  DEBUGASSERT(UPLOAD_BUFSIZE >= nread);
+ 
+   /* Have we already sent part of the EOB? */
+   eob_sent = smtp->eob;

package/network/utils/iperf/Makefile

@@ -8,11 +8,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=iperf
-PKG_VERSION:=2.0.10
+PKG_VERSION:=2.0.12
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=7fe4348dcca313b74e0aa9c34a8ccd713b84a5615b8578f4aa94cedce9891ef2
+PKG_HASH:=367f651fb1264b13f6518e41b8a7e08ce3e41b2a1c80e99ff0347561eed32646
 PKG_SOURCE_URL:=@SF/iperf2
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>

package/network/utils/iproute2/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=iproute2
 PKG_VERSION:=4.16.0
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@KERNEL/linux/utils/net/iproute2

package/network/utils/iproute2/patches/950-add-cake-to-tc.patch

@@ -122,7 +122,7 @@
 --- /dev/null
 +++ b/man/man8/tc-cake.8
 @@ -0,0 +1,632 @@
-+.TH CAKE 8 "23 November 2017" "iproute2" "Linux"
++.TH CAKE 8 "19 July 2018" "iproute2" "Linux"
 +.SH NAME
 +CAKE \- Common Applications Kept Enhanced (CAKE)
 +.SH SYNOPSIS
@@ -133,7 +133,7 @@
 +RATE |
 +.BR unlimited*
 +|
-+.BR autorate_ingress
++.BR autorate-ingress
 +]
 +.br
 +[
@@ -273,7 +273,7 @@
 +.BR tc(8)
 +or examples below for details of the RATE value.
 +.PP
-+.B autorate_ingress
++.B autorate-ingress
 +.br
 +	Automatic capacity estimation based on traffic arriving at this qdisc.
 +This is most likely to be useful with cellular links, which tend to change
@@ -522,7 +522,7 @@
 +.br
 +	So named because Jupiter is about 1 light-hour from Earth.  Use this to
 +(almost) completely disable AQM actions.  Equivalent to
-+.B rtt 1000s.
++.B rtt 3600s.
 +
 +.SH FLOW ISOLATION PARAMETERS
 +With flow isolation enabled, CAKE places packets from different flows into
@@ -677,14 +677,14 @@
 +.br
 +# tc -s qdisc show dev eth0
 +.br
-+qdisc cake 1: dev eth0 root refcnt 2 bandwidth 100Mbit diffserv3 triple-isolate rtt 100.0ms noatm overhead 38 mpu 84 
-+ Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) 
++qdisc cake 1: root refcnt 2 bandwidth 100Mbit diffserv3 triple-isolate rtt 100.0ms noatm overhead 38 mpu 84
++ Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
 + backlog 0b 0p requeues 0
 + memory used: 0b of 5000000b
 + capacity estimate: 100Mbit
 + min/max network layer size:        65535 /       0
 + min/max overhead-adjusted size:    65535 /       0
-+ average network hdr offset:          0
++ average network hdr offset:            0
 +
 +                   Bulk  Best Effort        Voice
 +  thresh       6250Kbit      100Mbit       25Mbit
@@ -711,14 +711,14 @@
 +.br
 +# tc -s qdisc show dev eth0
 +
-+qdisc cake 1: root refcnt 2 bandwidth 100Mbit diffserv3 triple-isolate rtt 100.0ms noatm overhead 38 mpu 84 
-+ Sent 44709231 bytes 31931 pkt (dropped 45, overlimits 93782 requeues 0) 
++qdisc cake 1: root refcnt 2 bandwidth 100Mbit diffserv3 triple-isolate rtt 100.0ms noatm overhead 38 mpu 84
++ Sent 44709231 bytes 31931 pkt (dropped 45, overlimits 93782 requeues 0)
 + backlog 33308b 22p requeues 0
 + memory used: 292352b of 5000000b
 + capacity estimate: 100Mbit
 + min/max network layer size:           28 /    1500
 + min/max overhead-adjusted size:       84 /    1538
-+ average network hdr offset:         14
++ average network hdr offset:           14
 +
 +                   Bulk  Best Effort        Voice
 +  thresh       6250Kbit      100Mbit       25Mbit
@@ -745,7 +745,7 @@
 +.BR tc (8),
 +.BR tc-codel (8),
 +.BR tc-fq_codel (8),
-+.BR tc-red (8)
++.BR tc-htb (8)
 +
 +.SH AUTHORS
 +Cake's principal author is Jonathan Morton, with contributions from
@@ -754,20 +754,31 @@
 +
 +This manual page was written by Loganaden Velvindron. Please report corrections
 +to the Linux Networking mailing list <netdev@vger.kernel.org>.
+--- a/man/man8/tc.8
++++ b/man/man8/tc.8
+@@ -776,6 +776,7 @@ was written by Alexey N. Kuznetsov and a
+ .BR tc-basic (8),
+ .BR tc-bfifo (8),
+ .BR tc-bpf (8),
++.BR tc-cake (8),
+ .BR tc-cbq (8),
+ .BR tc-cgroup (8),
+ .BR tc-choke (8),
 --- a/tc/Makefile
 +++ b/tc/Makefile
-@@ -64,6 +64,7 @@ TCMODULES += em_meta.o
- TCMODULES += q_mqprio.o
- TCMODULES += q_codel.o
+@@ -66,6 +66,7 @@ TCMODULES += q_codel.o
  TCMODULES += q_fq_codel.o
-+TCMODULES += q_cake.o
  TCMODULES += q_fq.o
  TCMODULES += q_pie.o
++TCMODULES += q_cake.o
  TCMODULES += q_hhf.o
+ TCMODULES += q_clsact.o
+ TCMODULES += e_bpf.o
 --- /dev/null
 +++ b/tc/q_cake.c
-@@ -0,0 +1,796 @@
-+/* SPDX-License-Identifier: (GPL-2.0 OR BSD-3-Clause) */
+@@ -0,0 +1,790 @@
++// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
++
 +/*
 + * Common Applications Kept Enhanced  --  CAKE
 + *
@@ -785,6 +796,7 @@
 +#include <netinet/in.h>
 +#include <arpa/inet.h>
 +#include <string.h>
++#include <inttypes.h>
 +
 +#include "utils.h"
 +#include "tc_util.h"
@@ -806,6 +818,24 @@
 +	{"interplanetary",	50000000,	1000000000},
 +};
 +
++static const char * diffserv_names[CAKE_DIFFSERV_MAX] = {
++	[CAKE_DIFFSERV_DIFFSERV3] = "diffserv3",
++	[CAKE_DIFFSERV_DIFFSERV4] = "diffserv4",
++	[CAKE_DIFFSERV_DIFFSERV8] = "diffserv8",
++	[CAKE_DIFFSERV_BESTEFFORT] = "besteffort",
++	[CAKE_DIFFSERV_PRECEDENCE] = "precedence",
++};
++
++static const char * flowmode_names[CAKE_FLOW_MAX] = {
++	[CAKE_FLOW_NONE] = "flowblind",
++	[CAKE_FLOW_SRC_IP] = "srchost",
++	[CAKE_FLOW_DST_IP] = "dsthost",
++	[CAKE_FLOW_HOSTS] = "hosts",
++	[CAKE_FLOW_FLOWS] = "flows",
++	[CAKE_FLOW_DUAL_SRC] = "dual-srchost",
++	[CAKE_FLOW_DUAL_DST] = "dual-dsthost",
++	[CAKE_FLOW_TRIPLE] = "triple-isolate",
++};
 +
 +static struct cake_preset *find_preset(char *argv)
 +{
@@ -820,7 +850,7 @@
 +static void explain(void)
 +{
 +	fprintf(stderr,
-+"Usage: ... cake [ bandwidth RATE | unlimited* | autorate_ingress ]\n"
++"Usage: ... cake [ bandwidth RATE | unlimited* | autorate-ingress ]\n"
 +"                [ rtt TIME | datacentre | lan | metro | regional |\n"
 +"                  internet* | oceanic | satellite | interplanetary ]\n"
 +"                [ besteffort | diffserv8 | diffserv4 | diffserv3* ]\n"
@@ -838,25 +868,25 @@
 +static int cake_parse_opt(struct qdisc_util *qu, int argc, char **argv,
 +			  struct nlmsghdr *n, const char *dev)
 +{
-+	int unlimited = 0;
-+	__u64 bandwidth = 0;
-+	unsigned interval = 0;
-+	unsigned target = 0;
-+	unsigned diffserv = 0;
-+	unsigned memlimit = 0;
-+	int  overhead = 0;
-+	bool overhead_set = false;
++	struct cake_preset *preset, *preset_set = NULL;
 +	bool overhead_override = false;
-+	int mpu = 0;
-+	int flowmode = -1;
-+	int nat = -1;
-+	int atm = -1;
-+	int autorate = -1;
-+	int wash = -1;
-+	int ingress = -1;
++	bool overhead_set = false;
++	unsigned int interval = 0;
++	unsigned int diffserv = 0;
++	unsigned int memlimit = 0;
++	unsigned int target = 0;
++	__u64 bandwidth = 0;
 +	int ack_filter = -1;
 +	struct rtattr *tail;
-+	struct cake_preset *preset, *preset_set = NULL;
++	int unlimited = 0;
++	int flowmode = -1;
++	int autorate = -1;
++	int ingress = -1;
++	int overhead = 0;
++	int wash = -1;
++	int nat = -1;
++	int atm = -1;
++	int mpu = 0;
 +
 +	while (argc > 0) {
 +		if (strcmp(*argv, "bandwidth") == 0) {
@@ -871,9 +901,8 @@
 +			bandwidth = 0;
 +			unlimited = 1;
 +			autorate = 0;
-+		} else if (strcmp(*argv, "autorate_ingress") == 0) {
++		} else if (strcmp(*argv, "autorate-ingress") == 0) {
 +			autorate = 1;
-+
 +		} else if (strcmp(*argv, "rtt") == 0) {
 +			NEXT_ARG();
 +			if (get_time(&interval, *argv)) {
@@ -881,7 +910,7 @@
 +				return -1;
 +			}
 +			target = interval / 20;
-+			if(!target)
++			if (!target)
 +				target = 1;
 +		} else if ((preset = find_preset(*argv))) {
 +			if (preset_set)
@@ -889,7 +918,6 @@
 +			preset_set = preset;
 +			target = preset->target;
 +			interval = preset->interval;
-+
 +		} else if (strcmp(*argv, "besteffort") == 0) {
 +			diffserv = CAKE_DIFFSERV_BESTEFFORT;
 +		} else if (strcmp(*argv, "precedence") == 0) {
@@ -902,12 +930,10 @@
 +			diffserv = CAKE_DIFFSERV_DIFFSERV4;
 +		} else if (strcmp(*argv, "diffserv3") == 0) {
 +			diffserv = CAKE_DIFFSERV_DIFFSERV3;
-+
 +		} else if (strcmp(*argv, "nowash") == 0) {
 +			wash = 0;
 +		} else if (strcmp(*argv, "wash") == 0) {
 +			wash = 1;
-+
 +		} else if (strcmp(*argv, "flowblind") == 0) {
 +			flowmode = CAKE_FLOW_NONE;
 +		} else if (strcmp(*argv, "srchost") == 0) {
@@ -924,19 +950,16 @@
 +			flowmode = CAKE_FLOW_DUAL_DST;
 +		} else if (strcmp(*argv, "triple-isolate") == 0) {
 +			flowmode = CAKE_FLOW_TRIPLE;
-+
 +		} else if (strcmp(*argv, "nat") == 0) {
 +			nat = 1;
 +		} else if (strcmp(*argv, "nonat") == 0) {
 +			nat = 0;
-+
 +		} else if (strcmp(*argv, "ptm") == 0) {
 +			atm = CAKE_ATM_PTM;
 +		} else if (strcmp(*argv, "atm") == 0) {
 +			atm = CAKE_ATM_ATM;
 +		} else if (strcmp(*argv, "noatm") == 0) {
 +			atm = CAKE_ATM_NONE;
-+
 +		} else if (strcmp(*argv, "raw") == 0) {
 +			atm = CAKE_ATM_NONE;
 +			overhead = 0;
@@ -1006,7 +1029,6 @@
 +			atm = CAKE_ATM_PTM;
 +			overhead += 22;
 +			overhead_set = true;
-+
 +		} else if (strcmp(*argv, "via-ethernet") == 0) {
 +			/*
 +			 * We used to use this flag to manually compensate for
@@ -1020,10 +1042,10 @@
 +			 * stats output when the automatic compensation is
 +			 * active.
 +			 */
-+
 +		} else if (strcmp(*argv, "ethernet") == 0) {
 +			/* ethernet pre-amble & interframe gap & FCS
-+			 * you may need to add vlan tag */
++			 * you may need to add vlan tag
++			 */
 +			overhead += 38;
 +			overhead_set = true;
 +			mpu = 84;
@@ -1043,45 +1065,46 @@
 +			overhead += 18;
 +			overhead_set = true;
 +			mpu = 64;
-+
 +		} else if (strcmp(*argv, "overhead") == 0) {
-+			char* p = NULL;
++			char *p = NULL;
++
 +			NEXT_ARG();
 +			overhead = strtol(*argv, &p, 10);
-+			if(!p || *p || !*argv || overhead < -64 || overhead > 256) {
-+				fprintf(stderr, "Illegal \"overhead\", valid range is -64 to 256\\n");
++			if (!p || *p || !*argv ||
++			    overhead < -64 || overhead > 256) {
++				fprintf(stderr,
++					"Illegal \"overhead\", valid range is -64 to 256\\n");
 +				return -1;
 +			}
 +			overhead_set = true;
 +
 +		} else if (strcmp(*argv, "mpu") == 0) {
-+			char* p = NULL;
++			char *p = NULL;
++
 +			NEXT_ARG();
 +			mpu = strtol(*argv, &p, 10);
-+			if(!p || *p || !*argv || mpu < 0 || mpu > 256) {
-+				fprintf(stderr, "Illegal \"mpu\", valid range is 0 to 256\\n");
++			if (!p || *p || !*argv || mpu < 0 || mpu > 256) {
++				fprintf(stderr,
++					"Illegal \"mpu\", valid range is 0 to 256\\n");
 +				return -1;
 +			}
-+
 +		} else if (strcmp(*argv, "ingress") == 0) {
 +			ingress = 1;
 +		} else if (strcmp(*argv, "egress") == 0) {
 +			ingress = 0;
-+
 +		} else if (strcmp(*argv, "no-ack-filter") == 0) {
 +			ack_filter = CAKE_ACK_NONE;
 +		} else if (strcmp(*argv, "ack-filter") == 0) {
 +			ack_filter = CAKE_ACK_FILTER;
 +		} else if (strcmp(*argv, "ack-filter-aggressive") == 0) {
 +			ack_filter = CAKE_ACK_AGGRESSIVE;
-+
 +		} else if (strcmp(*argv, "memlimit") == 0) {
 +			NEXT_ARG();
-+			if(get_size(&memlimit, *argv)) {
-+				fprintf(stderr, "Illegal value for \"memlimit\": \"%s\"\n", *argv);
++			if (get_size(&memlimit, *argv)) {
++				fprintf(stderr,
++					"Illegal value for \"memlimit\": \"%s\"\n", *argv);
 +				return -1;
 +			}
-+
 +		} else if (strcmp(*argv, "help") == 0) {
 +			explain();
 +			return -1;
@@ -1096,17 +1119,22 @@
 +	tail = NLMSG_TAIL(n);
 +	addattr_l(n, 1024, TCA_OPTIONS, NULL, 0);
 +	if (bandwidth || unlimited)
-+		addattr_l(n, 1024, TCA_CAKE_BASE_RATE64, &bandwidth, sizeof(bandwidth));
++		addattr_l(n, 1024, TCA_CAKE_BASE_RATE64, &bandwidth,
++			  sizeof(bandwidth));
 +	if (diffserv)
-+		addattr_l(n, 1024, TCA_CAKE_DIFFSERV_MODE, &diffserv, sizeof(diffserv));
++		addattr_l(n, 1024, TCA_CAKE_DIFFSERV_MODE, &diffserv,
++			  sizeof(diffserv));
 +	if (atm != -1)
 +		addattr_l(n, 1024, TCA_CAKE_ATM, &atm, sizeof(atm));
 +	if (flowmode != -1)
-+		addattr_l(n, 1024, TCA_CAKE_FLOW_MODE, &flowmode, sizeof(flowmode));
++		addattr_l(n, 1024, TCA_CAKE_FLOW_MODE, &flowmode,
++			  sizeof(flowmode));
 +	if (overhead_set)
-+		addattr_l(n, 1024, TCA_CAKE_OVERHEAD, &overhead, sizeof(overhead));
++		addattr_l(n, 1024, TCA_CAKE_OVERHEAD, &overhead,
++			  sizeof(overhead));
 +	if (overhead_override) {
-+		unsigned zero = 0;
++		unsigned int zero = 0;
++
 +		addattr_l(n, 1024, TCA_CAKE_RAW, &zero, sizeof(zero));
 +	}
 +	if (mpu > 0)
@@ -1116,9 +1144,11 @@
 +	if (target)
 +		addattr_l(n, 1024, TCA_CAKE_TARGET, &target, sizeof(target));
 +	if (autorate != -1)
-+		addattr_l(n, 1024, TCA_CAKE_AUTORATE, &autorate, sizeof(autorate));
++		addattr_l(n, 1024, TCA_CAKE_AUTORATE, &autorate,
++			  sizeof(autorate));
 +	if (memlimit)
-+		addattr_l(n, 1024, TCA_CAKE_MEMORY, &memlimit, sizeof(memlimit));
++		addattr_l(n, 1024, TCA_CAKE_MEMORY, &memlimit,
++			  sizeof(memlimit));
 +	if (nat != -1)
 +		addattr_l(n, 1024, TCA_CAKE_NAT, &nat, sizeof(nat));
 +	if (wash != -1)
@@ -1126,31 +1156,41 @@
 +	if (ingress != -1)
 +		addattr_l(n, 1024, TCA_CAKE_INGRESS, &ingress, sizeof(ingress));
 +	if (ack_filter != -1)
-+		addattr_l(n, 1024, TCA_CAKE_ACK_FILTER, &ack_filter, sizeof(ack_filter));
++		addattr_l(n, 1024, TCA_CAKE_ACK_FILTER, &ack_filter,
++			  sizeof(ack_filter));
 +
 +	tail->rta_len = (void *) NLMSG_TAIL(n) - (void *) tail;
 +	return 0;
 +}
 +
++static void cake_print_mode(unsigned int value, unsigned int max,
++			    const char *key, const char **table)
++{
++	if (value < max && table[value]) {
++		print_string(PRINT_ANY, key, "%s ", table[value]);
++	} else {
++		print_string(PRINT_JSON, key, NULL, "unknown");
++		print_string(PRINT_FP, NULL, "(?%s?)", key);
++	}
++}
 +
 +static int cake_print_opt(struct qdisc_util *qu, FILE *f, struct rtattr *opt)
 +{
 +	struct rtattr *tb[TCA_CAKE_MAX + 1];
++	unsigned int interval = 0;
++	unsigned int memlimit = 0;
 +	__u64 bandwidth = 0;
-+	unsigned diffserv = 0;
-+	unsigned flowmode = 0;
-+	unsigned interval = 0;
-+	unsigned memlimit = 0;
++	int ack_filter = 0;
++	int split_gso = 0;
 +	int overhead = 0;
++	int autorate = 0;
++	int ingress = 0;
++	int wash = 0;
 +	int raw = 0;
 +	int mpu = 0;
 +	int atm = 0;
 +	int nat = 0;
-+	int autorate = 0;
-+	int wash = 0;
-+	int ingress = 0;
-+	int ack_filter = 0;
-+	int split_gso = 0;
++
 +	SPRINT_BUF(b1);
 +	SPRINT_BUF(b2);
 +
@@ -1162,85 +1202,41 @@
 +	if (tb[TCA_CAKE_BASE_RATE64] &&
 +	    RTA_PAYLOAD(tb[TCA_CAKE_BASE_RATE64]) >= sizeof(bandwidth)) {
 +		bandwidth = rta_getattr_u64(tb[TCA_CAKE_BASE_RATE64]);
-+		if(bandwidth) {
++		if (bandwidth) {
 +			print_uint(PRINT_JSON, "bandwidth", NULL, bandwidth);
-+			print_string(PRINT_FP, NULL, "bandwidth %s ", sprint_rate(bandwidth, b1));
++			print_string(PRINT_FP, NULL, "bandwidth %s ",
++				     sprint_rate(bandwidth, b1));
 +		} else
-+			print_string(PRINT_ANY, "bandwidth", "bandwidth %s ", "unlimited");
++			print_string(PRINT_ANY, "bandwidth", "bandwidth %s ",
++				     "unlimited");
 +	}
 +	if (tb[TCA_CAKE_AUTORATE] &&
 +		RTA_PAYLOAD(tb[TCA_CAKE_AUTORATE]) >= sizeof(__u32)) {
 +		autorate = rta_getattr_u32(tb[TCA_CAKE_AUTORATE]);
-+		if(autorate == 1)
-+			print_string(PRINT_ANY, "autorate", "autorate_%s ", "ingress");
-+		else if(autorate)
-+			print_string(PRINT_ANY, "autorate", "(?autorate?) ", "unknown");
++		if (autorate == 1)
++			print_string(PRINT_ANY, "autorate", "%s ",
++				     "autorate-ingress");
++		else if (autorate)
++			print_string(PRINT_ANY, "autorate", "(?autorate?) ",
++				     "unknown");
 +	}
 +	if (tb[TCA_CAKE_DIFFSERV_MODE] &&
 +	    RTA_PAYLOAD(tb[TCA_CAKE_DIFFSERV_MODE]) >= sizeof(__u32)) {
-+		diffserv = rta_getattr_u32(tb[TCA_CAKE_DIFFSERV_MODE]);
-+		switch(diffserv) {
-+		case CAKE_DIFFSERV_DIFFSERV3:
-+			print_string(PRINT_ANY, "diffserv", "%s ", "diffserv3");
-+			break;
-+		case CAKE_DIFFSERV_DIFFSERV4:
-+			print_string(PRINT_ANY, "diffserv", "%s ", "diffserv4");
-+			break;
-+		case CAKE_DIFFSERV_DIFFSERV8:
-+			print_string(PRINT_ANY, "diffserv", "%s ", "diffserv8");
-+			break;
-+		case CAKE_DIFFSERV_BESTEFFORT:
-+			print_string(PRINT_ANY, "diffserv", "%s ", "besteffort");
-+			break;
-+		case CAKE_DIFFSERV_PRECEDENCE:
-+			print_string(PRINT_ANY, "diffserv", "%s ", "precedence");
-+			break;
-+		default:
-+			print_string(PRINT_ANY, "diffserv", "(?diffserv?) ", "unknown");
-+			break;
-+		};
++		cake_print_mode(rta_getattr_u32(tb[TCA_CAKE_DIFFSERV_MODE]),
++				CAKE_DIFFSERV_MAX, "diffserv", diffserv_names);
 +	}
 +	if (tb[TCA_CAKE_FLOW_MODE] &&
 +	    RTA_PAYLOAD(tb[TCA_CAKE_FLOW_MODE]) >= sizeof(__u32)) {
-+		flowmode = rta_getattr_u32(tb[TCA_CAKE_FLOW_MODE]);
-+		switch(flowmode) {
-+		case CAKE_FLOW_NONE:
-+			print_string(PRINT_ANY, "flowmode", "%s ", "flowblind");
-+			break;
-+		case CAKE_FLOW_SRC_IP:
-+			print_string(PRINT_ANY, "flowmode", "%s ", "srchost");
-+			break;
-+		case CAKE_FLOW_DST_IP:
-+			print_string(PRINT_ANY, "flowmode", "%s ", "dsthost");
-+			break;
-+		case CAKE_FLOW_HOSTS:
-+			print_string(PRINT_ANY, "flowmode", "%s ", "hosts");
-+			break;
-+		case CAKE_FLOW_FLOWS:
-+			print_string(PRINT_ANY, "flowmode", "%s ", "flows");
-+			break;
-+		case CAKE_FLOW_DUAL_SRC:
-+			print_string(PRINT_ANY, "flowmode", "%s ", "dual-srchost");
-+			break;
-+		case CAKE_FLOW_DUAL_DST:
-+			print_string(PRINT_ANY, "flowmode", "%s ", "dual-dsthost");
-+			break;
-+		case CAKE_FLOW_TRIPLE:
-+			print_string(PRINT_ANY, "flowmode", "%s ", "triple-isolate");
-+			break;
-+		default:
-+			print_string(PRINT_ANY, "flowmode", "(?flowmode?) ", "unknown");
-+			break;
-+		};
-+
++		cake_print_mode(rta_getattr_u32(tb[TCA_CAKE_FLOW_MODE]),
++				CAKE_FLOW_MAX, "flowmode", flowmode_names);
 +	}
 +
 +	if (tb[TCA_CAKE_NAT] &&
 +	    RTA_PAYLOAD(tb[TCA_CAKE_NAT]) >= sizeof(__u32)) {
-+	    nat = rta_getattr_u32(tb[TCA_CAKE_NAT]);
++		nat = rta_getattr_u32(tb[TCA_CAKE_NAT]);
 +	}
 +
-+	if(nat)
++	if (nat)
 +		print_string(PRINT_FP, NULL, "nat ", NULL);
 +	print_bool(PRINT_JSON, "nat", NULL, nat);
 +
@@ -1289,7 +1285,8 @@
 +	print_bool(PRINT_JSON, "ingress", NULL, ingress);
 +
 +	if (ack_filter == CAKE_ACK_AGGRESSIVE)
-+		print_string(PRINT_ANY, "ack-filter", "ack-filter-%s ", "aggressive");
++		print_string(PRINT_ANY, "ack-filter", "ack-filter-%s ",
++			     "aggressive");
 +	else if (ack_filter == CAKE_ACK_FILTER)
 +		print_string(PRINT_ANY, "ack-filter", "ack-filter ", "enabled");
 +	else
@@ -1300,7 +1297,8 @@
 +	print_bool(PRINT_JSON, "split_gso", NULL, split_gso);
 +
 +	if (interval)
-+		print_string(PRINT_FP, NULL, "rtt %s ", sprint_time(interval, b2));
++		print_string(PRINT_FP, NULL, "rtt %s ",
++			     sprint_time(interval, b2));
 +	print_uint(PRINT_JSON, "rtt", NULL, interval);
 +
 +	if (raw)
@@ -1321,7 +1319,8 @@
 +
 +	if (memlimit) {
 +		print_uint(PRINT_JSON, "memlimit", NULL, memlimit);
-+		print_string(PRINT_FP, NULL, "memlimit %s", sprint_size(memlimit, b1));
++		print_string(PRINT_FP, NULL, "memlimit %s",
++			     sprint_size(memlimit, b1));
 +	}
 +
 +	return 0;
@@ -1331,7 +1330,8 @@
 +{
 +#define PRINT_TSTAT_JSON(type, name, attr) if (tstat[TCA_CAKE_TIN_STATS_ ## attr]) \
 +		print_u64(PRINT_JSON, name, NULL,			\
-+			rta_getattr_ ## type((struct rtattr *)tstat[TCA_CAKE_TIN_STATS_ ## attr]))
++			rta_getattr_ ## type((struct rtattr *)		\
++					     tstat[TCA_CAKE_TIN_STATS_ ## attr]))
 +
 +	open_json_object(NULL);
 +	PRINT_TSTAT_JSON(u64, "threshold_rate", THRESHOLD_RATE64);
@@ -1362,15 +1362,15 @@
 +static int cake_print_xstats(struct qdisc_util *qu, FILE *f,
 +			     struct rtattr *xstats)
 +{
-+	SPRINT_BUF(b1);
 +	struct rtattr *st[TCA_CAKE_STATS_MAX + 1];
++	SPRINT_BUF(b1);
 +	int i;
 +
 +	if (xstats == NULL)
 +		return 0;
 +
 +#define GET_STAT_U32(attr) rta_getattr_u32(st[TCA_CAKE_STATS_ ## attr])
-+#define GET_STAT_S32(attr) (*(__s32*)RTA_DATA(st[TCA_CAKE_STATS_ ## attr]))
++#define GET_STAT_S32(attr) (*(__s32 *)RTA_DATA(st[TCA_CAKE_STATS_ ## attr]))
 +#define GET_STAT_U64(attr) rta_getattr_u64(st[TCA_CAKE_STATS_ ## attr])
 +
 +	parse_rtattr_nested(st, TCA_CAKE_STATS_MAX, xstats);
@@ -1399,7 +1399,7 @@
 +	if (st[TCA_CAKE_STATS_MIN_NETLEN] &&
 +	    st[TCA_CAKE_STATS_MAX_NETLEN]) {
 +		print_uint(PRINT_ANY, "min_network_size",
-+			   " min/max network layer size:     %8u",
++			   " min/max network layer size: %12u",
 +			   GET_STAT_U32(MIN_NETLEN));
 +		print_uint(PRINT_ANY, "max_network_size",
 +			   " /%8u\n", GET_STAT_U32(MAX_NETLEN));
@@ -1416,7 +1416,7 @@
 +
 +	if (st[TCA_CAKE_STATS_AVG_NETOFF])
 +		print_uint(PRINT_ANY, "avg_hdr_offset",
-+			   " average network hdr offset:     %8u\n\n",
++			   " average network hdr offset: %12u\n\n",
 +			   GET_STAT_U32(AVG_NETOFF));
 +
 +	/* class stats */
@@ -1431,6 +1431,7 @@
 +		print_bool(PRINT_ANY, "dropping", " dropping", true);
 +		if (st[TCA_CAKE_STATS_DROP_NEXT_US]) {
 +			int drop_next = GET_STAT_S32(DROP_NEXT_US);
++
 +			if (drop_next < 0) {
 +				print_string(PRINT_FP, NULL, " drop_next -%s",
 +					sprint_time(drop_next, b1));
@@ -1448,6 +1449,7 @@
 +			   GET_STAT_U32(P_DROP));
 +		if (st[TCA_CAKE_STATS_BLUE_TIMER_US]) {
 +			int blue_timer = GET_STAT_S32(BLUE_TIMER_US);
++
 +			if (blue_timer < 0) {
 +				print_string(PRINT_FP, NULL, " blue_timer -%s",
 +					sprint_time(blue_timer, b1));
@@ -1465,14 +1467,16 @@
 +#undef GET_STAT_U64
 +
 +	if (st[TCA_CAKE_STATS_TIN_STATS]) {
-+		struct rtattr *tins[TC_CAKE_MAX_TINS + 1];
 +		struct rtattr *tstat[TC_CAKE_MAX_TINS][TCA_CAKE_TIN_STATS_MAX + 1];
++		struct rtattr *tins[TC_CAKE_MAX_TINS + 1];
 +		int num_tins = 0;
 +
-+		parse_rtattr_nested(tins, TC_CAKE_MAX_TINS, st[TCA_CAKE_STATS_TIN_STATS]);
++		parse_rtattr_nested(tins, TC_CAKE_MAX_TINS,
++				    st[TCA_CAKE_STATS_TIN_STATS]);
 +
 +		for (i = 1; i <= TC_CAKE_MAX_TINS && tins[i]; i++) {
-+			parse_rtattr_nested(tstat[i-1], TCA_CAKE_TIN_STATS_MAX, tins[i]);
++			parse_rtattr_nested(tstat[i-1], TCA_CAKE_TIN_STATS_MAX,
++					    tins[i]);
 +			num_tins++;
 +		}
 +
@@ -1489,7 +1493,7 @@
 +		}
 +
 +
-+		switch(num_tins) {
++		switch (num_tins) {
 +		case 3:
 +			fprintf(f, "                   Bulk  Best Effort        Voice\n");
 +			break;
@@ -1500,7 +1504,7 @@
 +
 +		default:
 +			fprintf(f, "          ");
-+			for(i=0; i < num_tins; i++)
++			for (i = 0; i < num_tins; i++)
 +				fprintf(f, "        Tin %u", i);
 +			fprintf(f, "\n");
 +		};

package/network/utils/iwinfo/Makefile

@@ -11,9 +11,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/iwinfo.git
-PKG_SOURCE_DATE:=2018-02-15
-PKG_SOURCE_VERSION:=223e09bf3f180797aeea0f6dc1721e5a55215e66
-PKG_MIRROR_HASH:=cbf90b6dcc9765c03814f1c99363efef073c030bc5e5456a0674d2748e2eeed8
+PKG_SOURCE_DATE:=2018-07-24
+PKG_SOURCE_VERSION:=94b1366de313c4d1c0c1ea8f0b859bc44d0b231a
+PKG_MIRROR_HASH:=6fe4b76b24b9df0ced458d821df1f84818ca1647ae4d3c4439f486b5d35c986e
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=GPL-2.0
 
@@ -32,7 +32,7 @@ define Package/libiwinfo
   SECTION:=libs
   CATEGORY:=Libraries
   TITLE:=Generalized Wireless Information Library (iwinfo)
-  DEPENDS:=+PACKAGE_kmod-cfg80211:libnl-tiny +libuci
+  DEPENDS:=+PACKAGE_kmod-cfg80211:libnl-tiny +libuci +libubus
   ABI_VERSION:=$(PKG_RELEASE)
 endef
 

package/network/utils/wwan/files/wwan.sh

@@ -110,7 +110,7 @@ proto_wwan_teardown() {
 	case $driver in
 	qmi_wwan)		proto_qmi_teardown $@ ;;
 	cdc_mbim)		proto_mbim_teardown $@ ;;
-	sierra_net)		proto_mbim_teardown $@ ;;
+	sierra_net)		proto_directip_teardown $@ ;;
 	comgt)			proto_3g_teardown $@ ;;
 	cdc_ether|*cdc_ncm)	proto_ncm_teardown $@ ;;
 	esac

package/system/ca-certificates/Makefile

@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ca-certificates
 PKG_VERSION:=20180409
-PKG_MAINTAINER:=Christian Schoenebeck <christian.schoenebeck@gmail.com>
+PKG_MAINTAINER:=
 
 PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/c/ca-certificates

package/system/mtd/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=mtd
-PKG_RELEASE:=21
+PKG_RELEASE:=23
 
 PKG_BUILD_DIR := $(KERNEL_BUILD_DIR)/$(PKG_NAME)
 STAMP_PREPARED := $(STAMP_PREPARED)_$(call confvar,CONFIG_MTD_REDBOOT_PARTS)

package/system/mtd/src/trx.c

@@ -46,6 +46,12 @@ struct trx_header {
 	uint32_t offsets[3];    /* Offsets of partitions from start of header */
 };
 
+#define min(x,y) ({		\
+	typeof(x) _x = (x);	\
+	typeof(y) _y = (y);	\
+	(void) (&_x == &_y);	\
+	_x < _y ? _x : _y; })
+
 #if __BYTE_ORDER == __BIG_ENDIAN
 #define STORE32_LE(X)           ((((X) & 0x000000FF) << 24) | (((X) & 0x0000FF00) << 8) | (((X) & 0x00FF0000) >> 8) | (((X) & 0xFF000000) >> 24))
 #elif __BYTE_ORDER == __LITTLE_ENDIAN
@@ -156,7 +162,7 @@ mtd_fixtrx(const char *mtd, size_t offset, size_t data_size)
 	int fd;
 	struct trx_header *trx;
 	char *first_block;
-	char *buf;
+	char *buf, *to;
 	ssize_t res;
 	size_t block_offset;
 
@@ -201,23 +207,41 @@ mtd_fixtrx(const char *mtd, size_t offset, size_t data_size)
 		exit(1);
 	}
 
-	if (trx->len == STORE32_LE(data_size + TRX_CRC32_DATA_OFFSET)) {
-		if (quiet < 2)
-			fprintf(stderr, "Header already fixed, exiting\n");
-		close(fd);
-		return 0;
-	}
-
 	buf = malloc(data_size);
 	if (!buf) {
 		perror("malloc");
 		exit(1);
 	}
 
-	res = pread(fd, buf, data_size, data_offset);
-	if (res != data_size) {
-		perror("pread");
-		exit(1);
+	to = buf;
+	while (data_size) {
+		size_t read_block_offset = data_offset & ~(erasesize - 1);
+		size_t read_chunk;
+
+		read_chunk = erasesize - (data_offset & (erasesize - 1));
+		read_chunk = min(read_chunk, data_size);
+
+		/* Read from good blocks only to match CFE behavior */
+		if (!mtd_block_is_bad(fd, read_block_offset)) {
+			res = pread(fd, to, read_chunk, data_offset);
+			if (res != read_chunk) {
+				perror("pread");
+				exit(1);
+			}
+			to += read_chunk;
+		}
+
+		data_offset += read_chunk;
+		data_size -= read_chunk;
+	}
+	data_size = to - buf;
+
+	if (trx->len == STORE32_LE(data_size + TRX_CRC32_DATA_OFFSET) &&
+	    trx->crc32 == STORE32_LE(crc32buf(buf, data_size))) {
+		if (quiet < 2)
+			fprintf(stderr, "Header already fixed, exiting\n");
+		close(fd);
+		return 0;
 	}
 
 	trx->len = STORE32_LE(data_size + offsetof(struct trx_header, flag_version));
@@ -244,4 +268,3 @@ mtd_fixtrx(const char *mtd, size_t offset, size_t data_size)
 	return 0;
 
 }
-

package/system/rpcd/Makefile

@@ -12,10 +12,10 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/rpcd.git
-PKG_SOURCE_DATE:=2018-05-13
-PKG_SOURCE_VERSION:=820621952d537c49deba470c6f61c40df93f4ba8
+PKG_SOURCE_DATE:=2018-08-16
+PKG_SOURCE_VERSION:=41333abee4c57e3de2bcfa08972954e2af20705a
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
-PKG_MIRROR_HASH:=24322b547cb062e9676da51d09de19d1cb9fb07df9e82b2b63fc0f714ec1c14b
+PKG_MIRROR_HASH:=a6d3c2228836a738919dfbd57a9e3ae5d427d5f94607b7e78b92b03f09f59731
 
 PKG_LICENSE:=ISC
 PKG_LICENSE_FILES:=

package/system/ubus/Makefile

@@ -5,9 +5,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/ubus.git
-PKG_SOURCE_DATE:=2018-01-16
-PKG_SOURCE_VERSION:=5bae22eb5472c9c7cc30caa9a84004bba19940d3
-PKG_MIRROR_HASH:=6f46398279339dcc597965306275fe1272af384f8cb253ee8de2c68e366eed55
+PKG_SOURCE_DATE:=2018-07-26
+PKG_SOURCE_VERSION:=40e0931e70bfe198690a7dac43b32fad06f46ef9
+PKG_MIRROR_HASH:=ddf8a42ff9a88a81b87058887d79a4eea6f2d606a29f168422d41112702793e5
 CMAKE_INSTALL:=1
 
 PKG_LICENSE:=LGPL-2.1

package/system/uci/Makefile

@@ -13,9 +13,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/uci.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE=2018-03-24
-PKG_SOURCE_VERSION:=5d2bf09ec594d97eb9284b8c721dbfe10b81a6f6
-PKG_MIRROR_HASH:=61f8cf52950edae851892ed0914dea8e1ab796bcefc095aa5dab28f672dc3301
+PKG_SOURCE_DATE=2018-08-11
+PKG_SOURCE_VERSION:=4c8b4d6efc8302b508d261573351fffb75bd98c2
+PKG_MIRROR_HASH:=c1f0f565921c71ff9231508c7c249baacad4c3ae1a3fade25c37bcb2bf7a7b5f
 
 PKG_LICENSE:=LGPL-2.1
 PKG_LICENSE_FILES:=

package/utils/px5g/Makefile

@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=px5g
-PKG_RELEASE:=5
+PKG_RELEASE:=6
 PKG_LICENSE:=LGPL-2.1
 PKG_BUILD_DIR:=$(BUILD_DIR)/px5g-$(BUILD_VARIANT)
 

target/imagebuilder/files/Makefile

@@ -45,6 +45,14 @@ Building images:
 	make image FILES="<path>" # include extra files from <path>
 	make image BIN_DIR="<path>" # alternative output directory for the images
 	make image EXTRA_IMAGE_NAME="<string>" # Add this to the output image filename (sanitized)
+
+Print manifest:
+	List "all" packages which get installed into the image.
+	You can use the following parameters:
+
+	make manifest PROFILE="<profilename>" # override the default target profile
+	make manifest PACKAGES="<pkg1> [<pkg2> [<pkg3> ...]]" # include extra packages
+
 endef
 $(eval $(call shexport,Helptext))
 
@@ -108,6 +116,13 @@ _call_image: staging_dir/host/.prereq-build
 	$(MAKE) -s build_image
 	$(MAKE) -s checksum
 
+_call_manifest: FORCE
+	rm -rf $(TARGET_DIR)
+	mkdir -p $(TARGET_DIR) $(BIN_DIR) $(TMP_DIR) $(DL_DIR)
+	$(MAKE) package_reload >/dev/null 2>/dev/null
+	$(MAKE) package_install >/dev/null 2>/dev/null
+	$(OPKG) list-installed
+
 package_index: FORCE
 	@echo >&2
 	@echo Building package index... >&2
@@ -164,7 +179,7 @@ info:
 
 PROFILE_FILTER = $(filter DEVICE_$(PROFILE) $(PROFILE),$(PROFILE_NAMES))
 
-image:
+_check_profile: FORCE
 ifneq ($(PROFILE),)
   ifeq ($(PROFILE_FILTER),)
 	@echo 'Profile "$(PROFILE)" does not exist!'
@@ -172,6 +187,9 @@ ifneq ($(PROFILE),)
 	@exit 1
   endif
 endif
+
+image:
+	$(MAKE) -s _check_profile
 	(unset PROFILE FILES PACKAGES MAKEFLAGS; \
 	$(MAKE) -s _call_image \
 		$(if $(PROFILE),USER_PROFILE="$(PROFILE_FILTER)") \
@@ -179,4 +197,11 @@ endif
 		$(if $(PACKAGES),USER_PACKAGES="$(PACKAGES)") \
 		$(if $(BIN_DIR),BIN_DIR="$(BIN_DIR)"))
 
-.SILENT: help info image
+manifest: FORCE
+	$(MAKE) -s _check_profile
+	(unset PROFILE FILES PACKAGES MAKEFLAGS; \
+	$(MAKE) -s _call_manifest \
+		$(if $(PROFILE),USER_PROFILE="$(PROFILE_FILTER)") \
+		$(if $(PACKAGES),USER_PACKAGES="$(PACKAGES)"))
+
+.SILENT: help info image manifest

target/linux/apm821xx/dts/apm82181.dtsi

@@ -248,7 +248,7 @@
 		};
 
 		USBOTG0: usbotg@bff80000 {
-			compatible = "amcc,usb-otg-405ex";
+			compatible = "amcc,dwc-otg";
 			reg = <4 0xbff80000 0x10000>;
 			interrupt-parent = <&USBOTG0>;
 			interrupts = <0 1 2>;

target/linux/apm821xx/patches-4.14/020-0001-crypto-crypto4xx-remove-bad-list_del.patch

@@ -1,32 +0,0 @@
-From a728a196d253530f17da5c86dc7dfbe58c5f7094 Mon Sep 17 00:00:00 2001
-From: Christian Lamparter <chunkeey@googlemail.com>
-Date: Fri, 25 Aug 2017 15:47:14 +0200
-Subject: [PATCH 01/25] crypto: crypto4xx - remove bad list_del
-
-alg entries are only added to the list, after the registration
-was successful. If the registration failed, it was never added
-to the list in the first place.
-
-Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
-Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
----
- drivers/crypto/amcc/crypto4xx_core.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
---- a/drivers/crypto/amcc/crypto4xx_core.c
-+++ b/drivers/crypto/amcc/crypto4xx_core.c
-@@ -1033,12 +1033,10 @@ int crypto4xx_register_alg(struct crypto
- 			break;
- 		}
- 
--		if (rc) {
--			list_del(&alg->entry);
-+		if (rc)
- 			kfree(alg);
--		} else {
-+		else
- 			list_add_tail(&alg->entry, &sec_dev->alg_list);
--		}
- 	}
- 
- 	return 0;

target/linux/apm821xx/patches-4.14/020-0002-crypto-crypto4xx-remove-unused-definitions-and-write.patch

@@ -67,7 +67,7 @@ Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
  
 --- a/drivers/crypto/amcc/crypto4xx_core.c
 +++ b/drivers/crypto/amcc/crypto4xx_core.c
-@@ -962,7 +962,7 @@ u32 crypto4xx_build_pd(struct crypto_asy
+@@ -964,7 +964,7 @@ u32 crypto4xx_build_pd(struct crypto_asy
  
  	sa->sa_command_1.bf.hash_crypto_offset = 0;
  	pd->pd_ctl.w = ctx->pd_ctl;

target/linux/apm821xx/patches-4.14/020-0003-crypto-crypto4xx-set-CRYPTO_ALG_KERN_DRIVER_ONLY-fla.patch

@@ -18,7 +18,7 @@ Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
 
 --- a/drivers/crypto/amcc/crypto4xx_core.c
 +++ b/drivers/crypto/amcc/crypto4xx_core.c
-@@ -1114,7 +1114,9 @@ struct crypto4xx_alg_common crypto4xx_al
+@@ -1116,7 +1116,9 @@ struct crypto4xx_alg_common crypto4xx_al
  		.cra_name 	= "cbc(aes)",
  		.cra_driver_name = "cbc-aes-ppc4xx",
  		.cra_priority 	= CRYPTO4XX_CRYPTO_PRIORITY,

target/linux/apm821xx/patches-4.14/020-0005-crypto-crypto4xx-remove-double-assignment-of-pd_uinf.patch

@@ -14,7 +14,7 @@ Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
 
 --- a/drivers/crypto/amcc/crypto4xx_core.c
 +++ b/drivers/crypto/amcc/crypto4xx_core.c
-@@ -1079,7 +1079,6 @@ static void crypto4xx_bh_tasklet_cb(unsi
+@@ -1081,7 +1081,6 @@ static void crypto4xx_bh_tasklet_cb(unsi
  			pd->pd_ctl.bf.pe_done = 0;
  			crypto4xx_pd_done(core_dev->dev, tail);
  			crypto4xx_put_pd_to_pdr(core_dev->dev, tail);

target/linux/apm821xx/patches-4.14/020-0008-crypto-crypto4xx-enable-AES-RFC3686-ECB-CFB-and-OFB-.patch

@@ -109,7 +109,7 @@ Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
  #include <crypto/sha.h>
  #include "crypto4xx_reg_def.h"
  #include "crypto4xx_core.h"
-@@ -1133,6 +1134,103 @@ struct crypto4xx_alg_common crypto4xx_al
+@@ -1135,6 +1136,103 @@ struct crypto4xx_alg_common crypto4xx_al
  			}
  		}
  	}},

target/linux/apm821xx/patches-4.14/020-0009-crypto-crypto4xx-refactor-crypto4xx_copy_pkt_to_dst.patch

@@ -27,7 +27,7 @@ Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
  #include "crypto4xx_reg_def.h"
  #include "crypto4xx_core.h"
  #include "crypto4xx_sa.h"
-@@ -481,111 +482,44 @@ static inline struct ce_sd *crypto4xx_ge
+@@ -483,111 +484,44 @@ static inline struct ce_sd *crypto4xx_ge
  	return  (struct ce_sd *)(dev->sdr + sizeof(struct ce_sd) * idx);
  }
  

target/linux/apm821xx/patches-4.14/020-0010-crypto-crypto4xx-replace-crypto4xx_dev-s-scatter_buf.patch

@@ -17,7 +17,7 @@ Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
 
 --- a/drivers/crypto/amcc/crypto4xx_core.c
 +++ b/drivers/crypto/amcc/crypto4xx_core.c
-@@ -394,10 +394,9 @@ static u32 crypto4xx_build_sdr(struct cr
+@@ -396,10 +396,9 @@ static u32 crypto4xx_build_sdr(struct cr
  	if (!dev->sdr)
  		return -ENOMEM;
  
@@ -29,7 +29,7 @@ Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
  			&dev->scatter_buffer_pa, GFP_ATOMIC);
  	if (!dev->scatter_buffer_va) {
  		dma_free_coherent(dev->core_dev->device,
-@@ -410,7 +409,7 @@ static u32 crypto4xx_build_sdr(struct cr
+@@ -412,7 +411,7 @@ static u32 crypto4xx_build_sdr(struct cr
  
  	for (i = 0; i < PPC4XX_NUM_SD; i++) {
  		sd_array[i].ptr = dev->scatter_buffer_pa +
@@ -38,9 +38,9 @@ Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
  	}
  
  	return 0;
-@@ -425,7 +424,7 @@ static void crypto4xx_destroy_sdr(struct
+@@ -427,7 +426,7 @@ static void crypto4xx_destroy_sdr(struct
  
- 	if (dev->scatter_buffer_va != NULL)
+ 	if (dev->scatter_buffer_va)
  		dma_free_coherent(dev->core_dev->device,
 -				  dev->scatter_buffer_size * PPC4XX_NUM_SD,
 +				  PPC4XX_SD_BUFFER_SIZE * PPC4XX_NUM_SD,

target/linux/apm821xx/patches-4.14/020-0011-crypto-crypto4xx-fix-crypto4xx_build_pdr-crypto4xx_b.patch

@@ -1,84 +0,0 @@
-From 5d59ad6eea82ef8df92b4109615a0dde9d8093e9 Mon Sep 17 00:00:00 2001
-From: Christian Lamparter <chunkeey@googlemail.com>
-Date: Fri, 25 Aug 2017 15:47:24 +0200
-Subject: [PATCH 11/25] crypto: crypto4xx - fix crypto4xx_build_pdr,
- crypto4xx_build_sdr leak
-
-If one of the later memory allocations in rypto4xx_build_pdr()
-fails: dev->pdr (and/or) dev->pdr_uinfo wouldn't be freed.
-
-crypto4xx_build_sdr() has the same issue with dev->sdr.
-
-Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
-Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
----
- drivers/crypto/amcc/crypto4xx_core.c | 17 +++++++++--------
- 1 file changed, 9 insertions(+), 8 deletions(-)
-
---- a/drivers/crypto/amcc/crypto4xx_core.c
-+++ b/drivers/crypto/amcc/crypto4xx_core.c
-@@ -209,7 +209,7 @@ static u32 crypto4xx_build_pdr(struct cr
- 				  dev->pdr_pa);
- 		return -ENOMEM;
- 	}
--	memset(dev->pdr, 0,  sizeof(struct ce_pd) * PPC4XX_NUM_PD);
-+	memset(dev->pdr, 0, sizeof(struct ce_pd) * PPC4XX_NUM_PD);
- 	dev->shadow_sa_pool = dma_alloc_coherent(dev->core_dev->device,
- 				   256 * PPC4XX_NUM_PD,
- 				   &dev->shadow_sa_pool_pa,
-@@ -242,13 +242,15 @@ static u32 crypto4xx_build_pdr(struct cr
- 
- static void crypto4xx_destroy_pdr(struct crypto4xx_device *dev)
- {
--	if (dev->pdr != NULL)
-+	if (dev->pdr)
- 		dma_free_coherent(dev->core_dev->device,
- 				  sizeof(struct ce_pd) * PPC4XX_NUM_PD,
- 				  dev->pdr, dev->pdr_pa);
-+
- 	if (dev->shadow_sa_pool)
- 		dma_free_coherent(dev->core_dev->device, 256 * PPC4XX_NUM_PD,
- 				  dev->shadow_sa_pool, dev->shadow_sa_pool_pa);
-+
- 	if (dev->shadow_sr_pool)
- 		dma_free_coherent(dev->core_dev->device,
- 			sizeof(struct sa_state_record) * PPC4XX_NUM_PD,
-@@ -417,12 +419,12 @@ static u32 crypto4xx_build_sdr(struct cr
- 
- static void crypto4xx_destroy_sdr(struct crypto4xx_device *dev)
- {
--	if (dev->sdr != NULL)
-+	if (dev->sdr)
- 		dma_free_coherent(dev->core_dev->device,
- 				  sizeof(struct ce_sd) * PPC4XX_NUM_SD,
- 				  dev->sdr, dev->sdr_pa);
- 
--	if (dev->scatter_buffer_va != NULL)
-+	if (dev->scatter_buffer_va)
- 		dma_free_coherent(dev->core_dev->device,
- 				  PPC4XX_SD_BUFFER_SIZE * PPC4XX_NUM_SD,
- 				  dev->scatter_buffer_va,
-@@ -1223,7 +1225,7 @@ static int crypto4xx_probe(struct platfo
- 
- 	rc = crypto4xx_build_gdr(core_dev->dev);
- 	if (rc)
--		goto err_build_gdr;
-+		goto err_build_pdr;
- 
- 	rc = crypto4xx_build_sdr(core_dev->dev);
- 	if (rc)
-@@ -1266,12 +1268,11 @@ err_iomap:
- err_request_irq:
- 	irq_dispose_mapping(core_dev->irq);
- 	tasklet_kill(&core_dev->tasklet);
--	crypto4xx_destroy_sdr(core_dev->dev);
- err_build_sdr:
-+	crypto4xx_destroy_sdr(core_dev->dev);
- 	crypto4xx_destroy_gdr(core_dev->dev);
--err_build_gdr:
--	crypto4xx_destroy_pdr(core_dev->dev);
- err_build_pdr:
-+	crypto4xx_destroy_pdr(core_dev->dev);
- 	kfree(core_dev->dev);
- err_alloc_dev:
- 	kfree(core_dev);

target/linux/apm821xx/patches-4.14/302-dw-dma-hprot-fix-and-equal-priortiy.patch

@@ -0,0 +1,25 @@
+--- a/drivers/dma/dw/core.c
++++ b/drivers/dma/dw/core.c
+@@ -167,6 +167,8 @@ static void dwc_initialize_chan_dw(struc
+ 	cfghi |= DWC_CFGH_DST_PER(dwc->dws.dst_id);
+ 	cfghi |= DWC_CFGH_SRC_PER(dwc->dws.src_id);
+ 
++	cfghi |= DWC_CFGH_PROTCTL(3); /* bufferable + privileged access */
++
+ 	/* Set polarity of handshake interface */
+ 	cfglo |= hs_polarity ? DWC_CFGL_HS_DST_POL | DWC_CFGL_HS_SRC_POL : 0;
+ 
+@@ -1293,11 +1295,8 @@ int dw_dma_probe(struct dw_dma_chip *chi
+ 		else
+ 			list_add(&dwc->chan.device_node, &dw->dma.channels);
+ 
+-		/* 7 is highest priority & 0 is lowest. */
+-		if (pdata->chan_priority == CHAN_PRIORITY_ASCENDING)
+-			dwc->priority = pdata->nr_channels - i - 1;
+-		else
+-			dwc->priority = i;
++		/* set all channels to the same priority */
++		dwc->priority = pdata->nr_channels - 1;
+ 
+ 		dwc->ch_regs = &__dw_regs(dw)->CHAN[i];
+ 		spin_lock_init(&dwc->lock);

target/linux/apm821xx/patches-4.14/802-usb-xhci-force-msi-renesas-xhci.patch

@@ -44,7 +44,7 @@ produce a noisy warning.
  		hcd->msi_enabled = 1;
 --- a/drivers/usb/host/xhci.h
 +++ b/drivers/usb/host/xhci.h
-@@ -1850,6 +1850,7 @@ struct xhci_hcd {
+@@ -1854,6 +1854,7 @@ struct xhci_hcd {
  	/* support xHCI 0.96 spec USB2 software LPM */
  	unsigned		sw_lpm_support:1;
  	/* support xHCI 1.0 spec USB2 hardware LPM */

target/linux/ar7/config-3.18

@@ -1,129 +0,0 @@
-CONFIG_ADM6996_PHY=y
-CONFIG_AR7=y
-CONFIG_AR7_TI=y
-# CONFIG_AR7_TYPE_AC49X is not set
-CONFIG_AR7_TYPE_TI=y
-CONFIG_AR7_WDT=y
-CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE=y
-CONFIG_ARCH_DISCARD_MEMBLOCK=y
-CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y
-CONFIG_ARCH_HAVE_CUSTOM_GPIO_H=y
-CONFIG_ARCH_HIBERNATION_POSSIBLE=y
-CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y
-CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y
-CONFIG_ARCH_REQUIRE_GPIOLIB=y
-CONFIG_ARCH_SUSPEND_POSSIBLE=y
-CONFIG_ARCH_WANT_IPC_PARSE_VERSION=y
-CONFIG_BOOT_ELF32=y
-CONFIG_CEVT_R4K=y
-CONFIG_CLONE_BACKWARDS=y
-CONFIG_CMDLINE="rootfstype=squashfs,jffs2"
-CONFIG_CMDLINE_BOOL=y
-# CONFIG_CMDLINE_OVERRIDE is not set
-CONFIG_CPMAC=y
-CONFIG_CPU_GENERIC_DUMP_TLB=y
-CONFIG_CPU_HAS_PREFETCH=y
-CONFIG_CPU_HAS_SYNC=y
-CONFIG_CPU_LITTLE_ENDIAN=y
-CONFIG_CPU_MIPS32=y
-CONFIG_CPU_MIPS32_R1=y
-CONFIG_CPU_MIPSR1=y
-CONFIG_CPU_R4K_CACHE_TLB=y
-CONFIG_CPU_R4K_FPU=y
-CONFIG_CPU_SUPPORTS_32BIT_KERNEL=y
-CONFIG_CPU_SUPPORTS_HIGHMEM=y
-CONFIG_CSRC_R4K=y
-CONFIG_DMA_NONCOHERENT=y
-CONFIG_EARLY_PRINTK=y
-CONFIG_ETHERNET_PACKET_MANGLE=y
-CONFIG_FIXED_PHY=y
-CONFIG_GENERIC_ATOMIC64=y
-CONFIG_GENERIC_CLOCKEVENTS=y
-CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
-CONFIG_GENERIC_CMOS_UPDATE=y
-CONFIG_GENERIC_IO=y
-CONFIG_GENERIC_IRQ_SHOW=y
-CONFIG_GENERIC_PCI_IOMAP=y
-CONFIG_GENERIC_SMP_IDLE_THREAD=y
-CONFIG_GPIOLIB=y
-CONFIG_GPIO_DEVRES=y
-CONFIG_HARDWARE_WATCHPOINTS=y
-CONFIG_HAS_DMA=y
-CONFIG_HAS_IOMEM=y
-CONFIG_HAS_IOPORT=y
-# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set
-CONFIG_HAVE_ARCH_JUMP_LABEL=y
-CONFIG_HAVE_ARCH_KGDB=y
-CONFIG_HAVE_ARCH_TRACEHOOK=y
-# CONFIG_HAVE_BOOTMEM_INFO_NODE is not set
-CONFIG_HAVE_CC_STACKPROTECTOR=y
-CONFIG_HAVE_CLK=y
-CONFIG_HAVE_CONTEXT_TRACKING=y
-CONFIG_HAVE_C_RECORDMCOUNT=y
-CONFIG_HAVE_DEBUG_KMEMLEAK=y
-CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
-CONFIG_HAVE_DMA_API_DEBUG=y
-CONFIG_HAVE_DMA_ATTRS=y
-CONFIG_HAVE_DYNAMIC_FTRACE=y
-CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
-CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
-CONFIG_HAVE_FUNCTION_TRACER=y
-CONFIG_HAVE_FUNCTION_TRACE_MCOUNT_TEST=y
-CONFIG_HAVE_GENERIC_DMA_COHERENT=y
-CONFIG_HAVE_IDE=y
-CONFIG_HAVE_KERNEL_BZIP2=y
-CONFIG_HAVE_KERNEL_GZIP=y
-CONFIG_HAVE_KERNEL_LZ4=y
-CONFIG_HAVE_KERNEL_LZMA=y
-CONFIG_HAVE_KERNEL_LZO=y
-CONFIG_HAVE_KERNEL_XZ=y
-CONFIG_HAVE_MEMBLOCK=y
-CONFIG_HAVE_MEMBLOCK_NODE_MAP=y
-CONFIG_HAVE_MOD_ARCH_SPECIFIC=y
-CONFIG_HAVE_NET_DSA=y
-CONFIG_HAVE_OPROFILE=y
-CONFIG_HAVE_PERF_EVENTS=y
-CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
-CONFIG_HW_RANDOM=y
-CONFIG_HZ_PERIODIC=y
-CONFIG_INITRAMFS_SOURCE=""
-CONFIG_IP17XX_PHY=y
-CONFIG_IRQ_CPU=y
-CONFIG_IRQ_FORCED_THREADING=y
-CONFIG_IRQ_WORK=y
-CONFIG_KALLSYMS=y
-CONFIG_LEDS_GPIO=y
-CONFIG_LEDS_TRIGGER_HEARTBEAT=y
-CONFIG_MDIO_BOARDINFO=y
-CONFIG_MIPS=y
-# CONFIG_MIPS_HUGE_TLB_SUPPORT is not set
-CONFIG_MIPS_L1_CACHE_SHIFT=5
-# CONFIG_MIPS_MACHINE is not set
-CONFIG_MIPS_MT_DISABLED=y
-CONFIG_MODULES_USE_ELF_REL=y
-# CONFIG_MTD_AC49X_PARTS is not set
-CONFIG_MTD_CFI_STAA=y
-CONFIG_MTD_PHYSMAP=y
-CONFIG_MVSWITCH_PHY=y
-CONFIG_NEED_DMA_MAP_STATE=y
-CONFIG_NEED_PER_CPU_KM=y
-CONFIG_NO_EXCEPT_FILL=y
-CONFIG_PAGEFLAGS_EXTENDED=y
-CONFIG_PERF_USE_VMALLOC=y
-CONFIG_PHYLIB=y
-# CONFIG_PREEMPT_RCU is not set
-# CONFIG_RCU_STALL_COMMON is not set
-# CONFIG_SCSI_DMA is not set
-CONFIG_SWAP_IO_SPACE=y
-CONFIG_SWCONFIG=y
-CONFIG_SYS_HAS_CPU_MIPS32_R1=y
-CONFIG_SYS_HAS_EARLY_PRINTK=y
-CONFIG_SYS_SUPPORTS_32BIT_KERNEL=y
-CONFIG_SYS_SUPPORTS_ARBIT_HZ=y
-CONFIG_SYS_SUPPORTS_LITTLE_ENDIAN=y
-CONFIG_SYS_SUPPORTS_ZBOOT=y
-CONFIG_SYS_SUPPORTS_ZBOOT_UART16550=y
-CONFIG_TICK_CPU_ACCOUNTING=y
-CONFIG_VLYNQ=y
-# CONFIG_VLYNQ_DEBUG is not set
-CONFIG_ZONE_DMA_FLAG=0

target/linux/ar7/patches-3.18/001-mips-ar7-fix-serial.patch

@@ -1,23 +0,0 @@
-From 443ab715a40881d6c9ba11b027ba154bac904cb0 Mon Sep 17 00:00:00 2001
-From: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
-Date: Sat, 10 May 2014 23:19:08 +0200
-Subject: [PATCH] MIPS/AR7: ensure that serial ports are properly set up
-
-without UPF_FIXED_TYPE, the data from the PORT_AR7 uart_config entry is
-never copied, resulting in a dead port.
-
-Signed-off-by: Oswald Buddenhagen <oswald.buddenhagen@gmx.de>
----
- arch/mips/ar7/platform.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/arch/mips/ar7/platform.c
-+++ b/arch/mips/ar7/platform.c
-@@ -581,6 +581,7 @@ static int __init ar7_register_uarts(voi
- 	uart_port.type		= PORT_AR7;
- 	uart_port.uartclk	= clk_get_rate(bus_clk) / 2;
- 	uart_port.iotype	= UPIO_MEM32;
-+	uart_port.flags		= UPF_FIXED_TYPE;
- 	uart_port.regshift	= 2;
- 
- 	uart_port.line		= 0;

target/linux/ar7/patches-3.18/002-MIPS-AR7-ensure-the-port-type-s-FCR-value-is-used.patch

@@ -1,48 +0,0 @@
-From ee6c9d41de084b2cefd90e5e0c9f30a35f6d3967 Mon Sep 17 00:00:00 2001
-From: Jonas Gorski <jonas.gorski@gmail.com>
-Date: Sun, 29 Oct 2017 15:50:42 +0100
-Subject: [PATCH RFC 3/3] MIPS: AR7: ensure the port type's FCR value is used
-
-Since commit aef9a7bd9b67 ("serial/uart/8250: Add tunable RX interrupt
-trigger I/F of FIFO buffers"), the port's default FCR value isn't used
-in serial8250_do_set_termios anymore, but copied over once in
-serial8250_config_port and then modified as needed.
-
-Unfortunately, serial8250_config_port will never be called if the port
-is shared between kernel and userspace, and the port's flag doesn't have
-UPF_BOOT_AUTOCONF, which would trigger a serial8250_config_port as well.
-
-This causes garbled output from userspace:
-
-[    5.220000] random: procd urandom read with 49 bits of entropy available
-ers
-   [kee
-
-Fix this by forcing it to be configured on boot, resulting in the
-expected output:
-
-[    5.250000] random: procd urandom read with 50 bits of entropy available
-Press the [f] key and hit [enter] to enter failsafe mode
-Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level
-
-Fixes: aef9a7bd9b67 ("serial/uart/8250: Add tunable RX interrupt trigger I/F of FIFO buffers")
-Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
----
-I'm not sure if this is just AR7's issue, or if this points to a general
-issue for UARTs used as kernel console and login console with the "fixed"
-commit.
-
- arch/mips/ar7/platform.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/arch/mips/ar7/platform.c
-+++ b/arch/mips/ar7/platform.c
-@@ -581,7 +581,7 @@ static int __init ar7_register_uarts(voi
- 	uart_port.type		= PORT_AR7;
- 	uart_port.uartclk	= clk_get_rate(bus_clk) / 2;
- 	uart_port.iotype	= UPIO_MEM32;
--	uart_port.flags		= UPF_FIXED_TYPE;
-+	uart_port.flags		= UPF_FIXED_TYPE | UPF_BOOT_AUTOCONF;
- 	uart_port.regshift	= 2;
- 
- 	uart_port.line		= 0;

target/linux/ar7/patches-3.18/100-fix-highmem-offset.patch

@@ -1,11 +0,0 @@
---- a/arch/mips/include/asm/mach-ar7/spaces.h
-+++ b/arch/mips/include/asm/mach-ar7/spaces.h
-@@ -20,6 +20,8 @@
- #define UNCAC_BASE	_AC(0xb4000000, UL)	/* 0xa0000000 + PHYS_OFFSET */
- #define IO_BASE		UNCAC_BASE
- 
-+#define HIGHMEM_START	_AC(0x20000000, UL)
-+
- #include <asm/mach-generic/spaces.h>
- 
- #endif /* __ASM_AR7_SPACES_H */

target/linux/ar7/patches-3.18/101-MIPS-AR7-allow-NULL-clock-for-clk_get_rate.patch

@@ -1,45 +0,0 @@
-From patchwork Tue Jul 18 10:17:26 2017
-Content-Type: text/plain; charset="utf-8"
-MIME-Version: 1.0
-Content-Transfer-Encoding: 7bit
-Subject: [5/9] MIPS: AR7: allow NULL clock for clk_get_rate
-X-Patchwork-Submitter: Jonas Gorski <jonas.gorski@gmail.com>
-X-Patchwork-Id: 16775
-Message-Id: <20170718101730.2541-6-jonas.gorski@gmail.com>
-To: unlisted-recipients:; (no To-header on input)
-Cc: Ralf Baechle <ralf@linux-mips.org>,
- Paul Gortmaker <paul.gortmaker@windriver.com>,
- James Hogan <james.hogan@imgtec.com>,
- linux-mips@linux-mips.org, linux-kernel@vger.kernel.org
-Date: Tue, 18 Jul 2017 12:17:26 +0200
-From: Jonas Gorski <jonas.gorski@gmail.com>
-List-Id: linux-mips <linux-mips.eddie.linux-mips.org>
-
-Make the behaviour of clk_get_rate consistent with common clk's
-clk_get_rate by accepting NULL clocks as parameter. Some device
-drivers rely on this, and will cause an OOPS otherwise.
-
-Fixes: 780019ddf02f ("MIPS: AR7: Implement clock API")
-Cc: Ralf Baechle <ralf@linux-mips.org>
-Cc: Paul Gortmaker <paul.gortmaker@windriver.com>
-Cc: James Hogan <james.hogan@imgtec.com>
-Cc: linux-mips@linux-mips.org
-Cc: linux-kernel@vger.kernel.org
-Reported-by: Mathias Kresin <dev@kresin.me>
-Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
----
- arch/mips/ar7/clock.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/arch/mips/ar7/clock.c
-+++ b/arch/mips/ar7/clock.c
-@@ -430,6 +430,9 @@ EXPORT_SYMBOL(clk_disable);
- 
- unsigned long clk_get_rate(struct clk *clk)
- {
-+	if (!clk)
-+		return 0;
-+
- 	return clk->rate;
- }
- EXPORT_SYMBOL(clk_get_rate);

target/linux/ar7/patches-3.18/110-flash.patch

@@ -1,22 +0,0 @@
---- a/drivers/mtd/Makefile
-+++ b/drivers/mtd/Makefile
-@@ -12,7 +12,7 @@ obj-$(CONFIG_MTD_OF_PARTS)	+= ofpart.o
- obj-$(CONFIG_MTD_REDBOOT_PARTS) += redboot.o
- obj-$(CONFIG_MTD_CMDLINE_PARTS) += cmdlinepart.o
- obj-$(CONFIG_MTD_AFS_PARTS)	+= afs.o
--obj-$(CONFIG_MTD_AR7_PARTS)	+= ar7part.o
-+obj-$(CONFIG_MTD_AR7_PARTS)	+= ar7part.o titanpart.o
- obj-$(CONFIG_MTD_BCM63XX_PARTS)	+= bcm63xxpart.o
- obj-$(CONFIG_MTD_BCM47XX_PARTS)	+= bcm47xxpart.o
- obj-$(CONFIG_MTD_MYLOADER_PARTS) += myloader.o
---- a/arch/mips/ar7/platform.c
-+++ b/arch/mips/ar7/platform.c
-@@ -199,7 +199,7 @@ static struct resource physmap_flash_res
- 	.name	= "mem",
- 	.flags	= IORESOURCE_MEM,
- 	.start	= 0x10000000,
--	.end	= 0x107fffff,
-+	.end	= 0x11ffffff,
- };
- 
- static const char *ar7_probe_types[] = { "ar7part", NULL };