OpenWrt v21.02.0-rc1: adjust config defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

.gitignore

@@ -29,3 +29,4 @@ git-src
 .project
 .cproject
 .ccache
+.vscode

Makefile

@@ -14,7 +14,7 @@ $(if $(findstring $(space),$(TOPDIR)),$(error ERROR: The path to the OpenWrt dir
 
 world:
 
-DISTRO_PKG_CONFIG:=$(shell command -pv pkg-config | grep -E '\/usr' | head -n 1)
+DISTRO_PKG_CONFIG:=$(shell which -a pkg-config | grep -E '\/usr' | head -n 1)
 export PATH:=$(TOPDIR)/staging_dir/host/bin:$(PATH)
 
 ifneq ($(OPENWRT_BUILD),1)

README.md

@@ -26,7 +26,7 @@ documentation.
 
 ```
 gcc binutils bzip2 flex python3 perl make find grep diff unzip gawk getopt
-subversion libz-dev libc-dev rsync
+subversion libz-dev libc-dev rsync which
 ```
 
 ### Quickstart

feeds.conf.default

@@ -1,10 +1,4 @@
-src-git packages https://git.openwrt.org/feed/packages.git
-src-git luci https://git.openwrt.org/project/luci.git
-src-git routing https://git.openwrt.org/feed/routing.git
-src-git telephony https://git.openwrt.org/feed/telephony.git
-src-git freifunk https://github.com/freifunk/openwrt-packages.git
-#src-git video https://github.com/openwrt/video.git
-#src-git targets https://github.com/openwrt/targets.git
-#src-git management https://github.com/openwrt-management/packages.git
-#src-git oldpackages http://git.openwrt.org/packages.git
-#src-link custom /usr/src/openwrt/custom-feed
+src-git packages https://git.openwrt.org/feed/packages.git^4ceeb8fc90ed2c2e650ddddc855e7ed1df071c22
+src-git luci https://git.openwrt.org/project/luci.git^7d913b997601d533cca187cfc1b3057c3c98effc
+src-git routing https://git.openwrt.org/feed/routing.git^5b4d4c7fb6a97cac68c7d8b156fd0ab27bab4dcc
+src-git telephony https://git.openwrt.org/feed/telephony.git^178822957123b821407e1216e9e7314161512ac6

include/cmake.mk

@@ -15,7 +15,7 @@ MAKE_PATH = $(firstword $(CMAKE_BINARY_SUBDIR) .)
 ifeq ($(CONFIG_EXTERNAL_TOOLCHAIN),)
   cmake_tool=$(TOOLCHAIN_DIR)/bin/$(1)
 else
-  cmake_tool=$(shell command -v $(1))
+  cmake_tool=$(shell which $(1))
 endif
 
 ifeq ($(CONFIG_CCACHE),)

include/image-commands.mk

@@ -3,6 +3,10 @@
 IMAGE_KERNEL = $(word 1,$^)
 IMAGE_ROOTFS = $(word 2,$^)
 
+define ModelNameLimit16
+$(shell expr substr "$(word 2, $(subst _, ,$(1)))" 1 16)
+endef
+
 define rootfs_align
 $(patsubst %-256k,0x40000,$(patsubst %-128k,0x20000,$(patsubst %-64k,0x10000,$(patsubst squashfs%,0x4,$(patsubst root.%,%,$(1))))))
 endef

include/kernel-version.mk

@@ -6,9 +6,9 @@ ifdef CONFIG_TESTING_KERNEL
   KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER)
 endif
 
-LINUX_VERSION-5.4 = .98
+LINUX_VERSION-5.4 = .111
 
-LINUX_KERNEL_HASH-5.4.98 = 83a248d6fbe388f133769d736f36b754767abc9d66f1c034b537ad778fbd46b1
+LINUX_KERNEL_HASH-5.4.111 = 21626132658dc34cb41b7aa7b80ecf83751890a71ac1a63d77aea9d488271a03
 
 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
 sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))

include/kernel.mk

@@ -118,6 +118,9 @@ KERNEL_MAKE_FLAGS = \
 	cmd_syscalls= \
 	$(if $(__package_mk),KBUILD_EXTRA_SYMBOLS="$(wildcard $(PKG_SYMVERS_DIR)/*.symvers)")
 
+KERNEL_NOSTDINC_FLAGS = \
+	-nostdinc $(if $(DUMP),, -isystem $(shell $(TARGET_CC) -print-file-name=include))
+
 ifeq ($(call qstrip,$(CONFIG_EXTERNAL_KERNEL_TREE))$(call qstrip,$(CONFIG_KERNEL_GIT_CLONE_URI)),)
   KERNEL_MAKE_FLAGS += \
 	KERNELRELEASE=$(LINUX_VERSION)

include/package-ipkg.mk

@@ -175,7 +175,7 @@ Package: $(1)$$(ABIV_$(1))
 Version: $(VERSION)
 $$(call addfield,Depends,$$(Package/$(1)/DEPENDS)
 )$$(call addfield,Conflicts,$$(call mergelist,$(CONFLICTS))
-)$$(call addfield,Provides,$$(call mergelist,$$(filter-out $(1)$$(ABIV_$(1)),$(PROVIDES)$$(if $$(ABIV_$(1)), $(1) $(foreach provide,$(PROVIDES),$(provide)$$(call GetABISuffix,$(provide))))))
+)$$(call addfield,Provides,$$(call mergelist,$$(filter-out $(1)$$(ABIV_$(1)),$(PROVIDES)$$(if $$(ABIV_$(1)), $(1) $(foreach provide,$(PROVIDES),$(provide)$$(ABIV_$(1))))))
 )$$(call addfield,Alternatives,$$(call mergelist,$(ALTERNATIVES))
 )$$(call addfield,Source,$(SOURCE)
 )$$(call addfield,SourceName,$(1)
@@ -184,6 +184,7 @@ $$(call addfield,Depends,$$(Package/$(1)/DEPENDS)
 )$$(call addfield,Section,$(SECTION)
 )$$(call addfield,Require-User,$(USERID)
 )$$(call addfield,SourceDateEpoch,$(PKG_SOURCE_DATE_EPOCH)
+)$$(if $$(ABIV_$(1)),ABIVersion: $$(ABIV_$(1))
 )$(if $(PKG_CPE_ID),CPE-ID: $(PKG_CPE_ID)
 )$(if $(filter hold,$(PKG_FLAGS)),Status: unknown hold not-installed
 )$(if $(filter essential,$(PKG_FLAGS)),Essential: yes

include/prereq-build.mk

@@ -26,8 +26,8 @@ $(eval $(call TestHostCommand,proper-umask, \
 ifndef IB
 $(eval $(call SetupHostCommand,gcc, \
 	Please install the GNU C Compiler (gcc) 4.8 or later, \
-	$(CC) -dumpversion | grep -E '^(4\.[8-9]|[5-9]\.?|10\.?)', \
-	gcc -dumpversion | grep -E '^(4\.[8-9]|[5-9]\.?|10\.?)', \
+	$(CC) -dumpversion | grep -E '^(4\.[8-9]|[5-9]\.?|1[0-9]\.?)', \
+	gcc -dumpversion | grep -E '^(4\.[8-9]|[5-9]\.?|1[0-9]\.?)', \
 	gcc --version | grep -E 'Apple.(LLVM|clang)' ))
 
 $(eval $(call TestHostCommand,working-gcc, \
@@ -38,8 +38,8 @@ $(eval $(call TestHostCommand,working-gcc, \
 
 $(eval $(call SetupHostCommand,g++, \
 	Please install the GNU C++ Compiler (g++) 4.8 or later, \
-	$(CXX) -dumpversion | grep -E '^(4\.[8-9]|[5-9]\.?|10\.?)', \
-	g++ -dumpversion | grep -E '^(4\.[8-9]|[5-9]\.?|10\.?)', \
+	$(CXX) -dumpversion | grep -E '^(4\.[8-9]|[5-9]\.?|1[0-9]\.?)', \
+	g++ -dumpversion | grep -E '^(4\.[8-9]|[5-9]\.?|1[0-9]\.?)', \
 	g++ --version | grep -E 'Apple.(LLVM|clang)' ))
 
 $(eval $(call TestHostCommand,working-g++, \
@@ -166,6 +166,9 @@ $(eval $(call SetupHostCommand,file,Please install the 'file' package, \
 $(eval $(call SetupHostCommand,rsync,Please install 'rsync', \
 	rsync --version </dev/null))
 
+$(eval $(call SetupHostCommand,which,Please install 'which', \
+	which which | grep which))
+
 $(STAGING_DIR_HOST)/bin/mkhash: $(SCRIPT_DIR)/mkhash.c
 	mkdir -p $(dir $@)
 	$(CC) -O2 -I$(TOPDIR)/tools/include -o $@ $<

include/prereq.mk

@@ -49,7 +49,7 @@ endef
 
 define RequireCommand
   define Require/$(1)
-    command -pv $(1)
+    which $(1)
   endef
 
   $$(eval $$(call Require,$(1),$(2)))
@@ -103,7 +103,7 @@ define SetupHostCommand
 	           $(call QuoteHostCommand,$(11)) $(call QuoteHostCommand,$(12)); do \
 		if [ -n "$$$$$$$$cmd" ]; then \
 			bin="$$$$$$$$(PATH="$(subst $(space),:,$(filter-out $(STAGING_DIR_HOST)/%,$(subst :,$(space),$(PATH))))" \
-				command -pv "$$$$$$$${cmd%% *}")"; \
+				which "$$$$$$$${cmd%% *}")"; \
 			if [ -x "$$$$$$$$bin" ] && eval "$$$$$$$$cmd" >/dev/null 2>/dev/null; then \
 				mkdir -p "$(STAGING_DIR_HOST)/bin"; \
 				ln -sf "$$$$$$$$bin" "$(STAGING_DIR_HOST)/bin/$(strip $(1))"; \

include/version.mk

@@ -23,13 +23,13 @@ PKG_CONFIG_DEPENDS += \
 sanitize = $(call tolower,$(subst _,-,$(subst $(space),-,$(1))))
 
 VERSION_NUMBER:=$(call qstrip,$(CONFIG_VERSION_NUMBER))
-VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),SNAPSHOT)
+VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),21.02.0-rc1)
 
 VERSION_CODE:=$(call qstrip,$(CONFIG_VERSION_CODE))
-VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),$(REVISION))
+VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r16046-59980f7aaf)
 
 VERSION_REPO:=$(call qstrip,$(CONFIG_VERSION_REPO))
-VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/snapshots)
+VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/releases/21.02.0-rc1)
 
 VERSION_DIST:=$(call qstrip,$(CONFIG_VERSION_DIST))
 VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),OpenWrt)

package/base-files/files/etc/shinit

@@ -22,7 +22,7 @@ service() {
 			printf "%-30s\t%10s\t%10s\n"  "$F" \
 			$( $($F enabled) && echo "enabled" || echo "disabled" ) \
 			$( [ "$(ubus call service list "{ 'verbose': true, 'name': '$(basename $F)' }" \
-			| jsonfilter -q -e "@.$(basename $F).instances[*].running")" = "true" ] \
+			| jsonfilter -q -e "@.$(basename $F).instances[*].running" | uniq)" = "true" ] \
 			&& echo "running" || echo "stopped" )
 		done;
 		return 1

package/base-files/files/sbin/sysupgrade

@@ -287,6 +287,7 @@ if [ -n "$CONF_RESTORE" ]; then
 	fi
 
 	[ "$VERBOSE" -gt 1 ] && TAR_V="v" || TAR_V=""
+	v "Restoring config files..."
 	tar -C / -x${TAR_V}zf "$CONF_RESTORE"
 	exit $?
 fi

package/base-files/image-config.in

@@ -183,7 +183,7 @@ if VERSIONOPT
 	config VERSION_REPO
 		string
 		prompt "Release repository"
-		default "https://downloads.openwrt.org/snapshots"
+		default "https://downloads.openwrt.org/releases/21.02.0-rc1"
 		help
 			This is the repository address embedded in the image, it defaults
 			to the trunk snapshot repo; the url may contain the following placeholders:
@@ -259,7 +259,7 @@ if VERSIONOPT
 	config VERSION_CODE_FILENAMES
 		bool
 		prompt "Revision code in filenames"
-		default y
+		default n
 		help
 			Enable this to include the revision identifier or the configured
 			version code into the firmware image, SDK- and Image Builder archive

package/boot/arm-trusted-firmware-mediatek/Makefile

@@ -1,6 +1,6 @@
 #
 # Copyright (C) 2017 Hauke Mehrtens
-# Copyright (C) 2020 Daniel Golle
+# Copyright (C) 2021 Daniel Golle
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -19,9 +19,23 @@ PKG_MIRROR_HASH:=b211b2f9143d4debc7ad8dc959cb606888af20af790855dd66c87e451b6a1bc
 
 PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
 
+PKG_LICENSE_FILES:=LICENCE.mediatek
+
+BLOBS_TARBALL:=tfa-mtk-files-for-2020-11-09.tgz
+BROMIMAGE_EXEC:=bromimage-x64
+
 include $(INCLUDE_DIR)/trusted-firmware-a.mk
 include $(INCLUDE_DIR)/package.mk
 
+PKG_LICENSE+=proprietary
+
+define Download/tfa-files
+  URL:=@OPENWRT
+  URL_FILE:=$(BLOBS_TARBALL)
+  FILE:=$(BLOBS_TARBALL)
+  HASH:=689b097e4531d3eeca0c477675ab3dc3cace6ba4ed8a339116a9ede6537839d7
+endef
+
 define Download/mt7622-header-emmc
   URL:=https://raw.githubusercontent.com/frank-w/BPI-R64-ATF/a36efa5f7435b8079479d13b562fedc0aa0d42f0
   URL_FILE:=header_emmc.bin
@@ -36,74 +50,112 @@ define Download/mt7622-header-sdmmc
   HASH:=242908c04e25289d25ba9fab61a1930425af173051c43d275d1ac9877d6accb1
 endef
 
-define Package/arm-trusted-firmware-mt7622/Default
-  SECTION:=boot
-  CATEGORY:=Boot Loaders
-  TITLE:=ARM Trusted Firmware for MT7622
-  DEPENDS:=@TARGET_mediatek_mt7622 @BROKEN
-# wait until bromimage gets replace by static build
-# libcrypto.so.1.1: version `OPENSSL_1_1_1' not found (required by tools/mediatek/bromimage/bromimage)
+define Trusted-Firmware-A/Default
+  BUILD_TARGET:=mediatek
+  BUILD_SUBTARGET:=mt7622
+  PLAT:=mt7622
+  TFA_IMAGE:=bl2.img bl31.bin
+  BOOT_DEVICE:=
+  DDR_BLOB:=
 endef
 
-define Package/arm-trusted-firmware-mt7622-nor
-  $(call Package/arm-trusted-firmware-mt7622/Default)
-  VARIANT:=nor
+define Trusted-Firmware-A/mt7622-nor-1ddr
+  NAME:=MediaTek MT7622 (SPI-NOR, 1x DDR3)
+  BOOT_DEVICE:=nor
+  DDR_BLOB:=1
 endef
 
-define Package/arm-trusted-firmware-mt7622-snand
-  $(call Package/arm-trusted-firmware-mt7622/Default)
-  VARIANT:=snand
+define Trusted-Firmware-A/mt7622-nor-2ddr
+  NAME:=MediaTek MT7622 (SPI-NOR, 2x DDR3)
+  BOOT_DEVICE:=nor
+  DDR_BLOB:=2
 endef
 
-define Package/arm-trusted-firmware-mt7622-emmc
-  $(call Package/arm-trusted-firmware-mt7622/Default)
-  VARIANT:=emmc
+define Trusted-Firmware-A/mt7622-snand-1ddr
+  NAME:=MediaTek MT7622 (SPI-NAND, 1x DDR3)
+  BOOT_DEVICE:=snand
+  DDR_BLOB:=1
 endef
 
-define Package/arm-trusted-firmware-mt7622-sdmmc
-  $(call Package/arm-trusted-firmware-mt7622/Default)
-  VARIANT:=sdmmc
+define Trusted-Firmware-A/mt7622-snand-2ddr
+  NAME:=MediaTek MT7622 (SPI-SNAND, 2x DDR3)
+  BOOT_DEVICE:=snand
+  DDR_BLOB:=2
 endef
 
-MAKE_VARS = \
-	CROSS_COMPILE="$(TARGET_CROSS)"
+define Trusted-Firmware-A/mt7622-emmc-1ddr
+  NAME:=MediaTek MT7622 (eMMC, 1x DDR3)
+  BOOT_DEVICE:=emmc
+  DDR_BLOB:=1
+endef
 
-MAKE_FLAGS += \
-	PLAT=mt7622 \
-	BOOT_DEVICE=$(BUILD_VARIANT) \
-	all
+define Trusted-Firmware-A/mt7622-emmc-2ddr
+  NAME:=MediaTek MT7622 (eMMC, 2x DDR3)
+  BOOT_DEVICE:=emmc
+  DDR_BLOB:=2
+endef
+
+define Trusted-Firmware-A/mt7622-sdmmc-1ddr
+  NAME:=MediaTek MT7622 (SDcard, 1x DDR3)
+  BOOT_DEVICE:=sdmmc
+  DDR_BLOB:=1
+endef
+
+define Trusted-Firmware-A/mt7622-sdmmc-2ddr
+  NAME:=MediaTek MT7622 (SDcard, 2x DDR3)
+  BOOT_DEVICE:=sdmmc
+  DDR_BLOB:=2
+endef
+
+TFA_TARGETS:= \
+        mt7622-nor-1ddr \
+        mt7622-nor-2ddr \
+        mt7622-snand-1ddr \
+        mt7622-snand-2ddr \
+        mt7622-emmc-1ddr \
+        mt7622-emmc-2ddr \
+        mt7622-sdmmc-1ddr \
+        mt7622-sdmmc-2ddr
+
+TFA_MAKE_FLAGS += BOOT_DEVICE=$(BOOT_DEVICE) all
 
 define Build/Prepare
 	$(call Build/Prepare/Default)
-ifeq ($(BUILD_VARIANT),emmc)
+ifeq ($(BOOT_DEVICE),emmc)
 	$(eval $(call Download,mt7622-header-emmc))
 endif
-ifeq ($(BUILD_VARIANT),sdmmc)
+ifeq ($(BOOT_DEVICE),sdmmc)
 	$(eval $(call Download,mt7622-header-sdmmc))
 endif
+	$(eval $(call Download,tfa-files))
+# replace 'bromimage' tool by static version
+	$(TAR) -vxzf $(DL_DIR)/$(BLOBS_TARBALL) --wildcards \
+		-O "*/$(BROMIMAGE_EXEC)" > $(PKG_BUILD_DIR)/tools/mediatek/bromimage/bromimage
+	$(TAR) -vxzf $(DL_DIR)/$(BLOBS_TARBALL) --wildcards \
+		-C $(PKG_BUILD_DIR) \
+		--strip-components=1 */LICENCE.mediatek
 endef
 
-define Build/InstallDev
+define Build/Configure
+	$(call Build/Configure/Default)
+# replace DRAM calib blobs if needed (variant '2' is shipped upstream)
+ifeq ($(DDR_BLOB),1)
+	$(TAR) -vxzf $(DL_DIR)/$(BLOBS_TARBALL) --wildcards \
+		-C $(PKG_BUILD_DIR)/plat/mediatek/mt7622/drivers/dram/release \
+		--strip-components=1 */*.o
+endif
+endef
+
+define Package/trusted-firmware-a/install
 	$(INSTALL_DIR) $(STAGING_DIR_IMAGE)
-	$(CP) $(PKG_BUILD_DIR)/build/mt7622/release/bl2.bin $(STAGING_DIR_IMAGE)/mt7622-bl2-$(BUILD_VARIANT).bin
-	$(CP) $(PKG_BUILD_DIR)/build/mt7622/release/bl2.img $(STAGING_DIR_IMAGE)/mt7622-bl2-$(BUILD_VARIANT).img
-# bl31.bin turns out to be identical for all build variants
-	$(CP) $(PKG_BUILD_DIR)/build/mt7622/release/bl31.bin $(STAGING_DIR_IMAGE)/mt7622-bl31.bin
-ifeq ($(BUILD_VARIANT),emmc)
-	$(CP) $(DL_DIR)/mt7622-header_emmc.bin $(STAGING_DIR_IMAGE)
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/build/mt7622/release/bl2.img $(STAGING_DIR_IMAGE)/$(BUILD_VARIANT)-bl2.img
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/build/mt7622/release/bl31.bin $(STAGING_DIR_IMAGE)/$(BUILD_VARIANT)-bl31.bin
+ifeq ($(BOOT_DEVICE),emmc)
+	$(INSTALL_DATA) $(DL_DIR)/mt7622-header_emmc.bin $(STAGING_DIR_IMAGE)/
 endif
-ifeq ($(BUILD_VARIANT),sdmmc)
-	$(CP) $(DL_DIR)/mt7622-header_sdmmc.bin $(STAGING_DIR_IMAGE)
+ifeq ($(BOOT_DEVICE),sdmmc)
+	$(INSTALL_DATA) $(DL_DIR)/mt7622-header_sdmmc.bin $(STAGING_DIR_IMAGE)/
 endif
 endef
 
-define Package/arm-trusted-firmware-mt7622-nor/install
-endef
-Package/arm-trusted-firmware-mt7622-snand/install = $(Package/arm-trusted-firmware-mt7622-nor/install)
-Package/arm-trusted-firmware-mt7622-emmc/install = $(Package/arm-trusted-firmware-mt7622-nor/install)
-Package/arm-trusted-firmware-mt7622-sdmmc/install = $(Package/arm-trusted-firmware-mt7622-nor/install)
-
-$(eval $(call BuildPackage,arm-trusted-firmware-mt7622-nor))
-$(eval $(call BuildPackage,arm-trusted-firmware-mt7622-snand))
-$(eval $(call BuildPackage,arm-trusted-firmware-mt7622-emmc))
-$(eval $(call BuildPackage,arm-trusted-firmware-mt7622-sdmmc))
+$(eval $(call BuildPackage/Trusted-Firmware-A))

package/boot/tfa-layerscape/Makefile

@@ -9,25 +9,30 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=tfa-layerscape
 PKG_VERSION:=LSDK-20.04-update-290520
-PKG_RELEASE:=2
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://source.codeaurora.org/external/qoriq/qoriq-components/atf
 PKG_SOURCE_VERSION:=7d748e6f0ec652ba7c43733dc67a3d0b0217390a
 PKG_MIRROR_HASH:=d209c9ad18aac9f18375450b98b8dab00f0382ccb485df14623bf9b72ea1dd9b
-PKG_BUILD_DEPENDS:=arm-trusted-firmware-tools/host tfa-layerscape/host
+PKG_BUILD_DEPENDS:=tfa-layerscape/host
 
 include $(INCLUDE_DIR)/host-build.mk
 include $(INCLUDE_DIR)/package.mk
 
 HOST_CFLAGS += -Wall -Werror -pedantic -std=c99
 define Host/Compile
+	$(MAKE) -C \
+		$(HOST_BUILD_DIR)/tools/fiptool \
+		CFLAGS="$(HOST_CFLAGS)" \
+		LDFLAGS="$(HOST_LDFLAGS)"
 	$(MAKE) -C \
 		$(HOST_BUILD_DIR)/plat/nxp/tools \
 		CFLAGS="$(HOST_CFLAGS)"
 endef
 
 define Host/Install
+	$(INSTALL_BIN) $(HOST_BUILD_DIR)/tools/fiptool/fiptool $(STAGING_DIR_HOST)/bin/fiptool-layerscape
 	$(INSTALL_BIN) $(HOST_BUILD_DIR)/plat/nxp/tools/create_pbl $(STAGING_DIR_HOST)/bin/tfa-create-pbl
 	$(INSTALL_BIN) $(HOST_BUILD_DIR)/plat/nxp/tools/byte_swap $(STAGING_DIR_HOST)/bin/tfa-byte-swap
 endef
@@ -74,6 +79,20 @@ define Package/tfa-ls1043a-rdb-sdboot
   BOOT_MODE:=sd
 endef
 
+define Package/tfa-ls1046a-frwy
+  $(Package/tfa-generic)
+  TITLE:=NXP LS1046AFRWY Trusted Firmware
+  PLAT:=ls1046afrwy
+  BOOT_MODE:=qspi
+endef
+
+define Package/tfa-ls1046a-frwy-sdboot
+  $(Package/tfa-generic)
+  TITLE:=NXP LS1046AFRWY SD Boot Trusted Firmware
+  PLAT:=ls1046afrwy
+  BOOT_MODE:=sd
+endef
+
 define Package/tfa-ls1046a-rdb
   $(Package/tfa-generic)
   TITLE:=NXP LS1046ARDB Trusted Firmware
@@ -109,6 +128,20 @@ define Package/tfa-ls2088a-rdb
   BOOT_MODE:=nor
 endef
 
+define Package/tfa-lx2160a-rdb
+  $(Package/tfa-generic)
+  TITLE:=NXP LX2160ARDB Trusted Firmware
+  PLAT:=lx2160ardb
+  BOOT_MODE:=flexspi_nor
+endef
+
+define Package/tfa-lx2160a-rdb-sdboot
+  $(Package/tfa-generic)
+  TITLE:=NXP LX2160ARDB SD Boot Trusted Firmware
+  PLAT:=lx2160ardb
+  BOOT_MODE:=sd
+endef
+
 define Build/InstallDev
 	$(INSTALL_DIR) $(STAGING_DIR_IMAGE)
 	$(CP) $(PKG_BUILD_DIR)/build/$(PLAT)/release/bl2_$(BOOT_MODE).pbl \
@@ -123,7 +156,7 @@ define Build/Compile
 		fip pbl PLAT=$(PLAT) BOOT_MODE=$(BOOT_MODE) \
 		RCW=$(STAGING_DIR_IMAGE)/fsl_$(BUILD_VARIANT)-rcw.bin \
 		BL33=$(STAGING_DIR_IMAGE)/fsl_$(BUILD_VARIANT)-uboot.bin \
-		FIPTOOL=$(STAGING_DIR_HOST)/bin/fiptool \
+		FIPTOOL=$(STAGING_DIR_HOST)/bin/fiptool-layerscape \
 		CREATE_PBL=$(STAGING_DIR_HOST)/bin/tfa-create-pbl \
 		BYTE_SWAP=$(STAGING_DIR_HOST)/bin/tfa-byte-swap
 endef
@@ -134,11 +167,15 @@ TFAS := \
   ls1012a-frwy-sdboot \
   ls1043a-rdb \
   ls1043a-rdb-sdboot \
+  ls1046a-frwy \
+  ls1046a-frwy-sdboot \
   ls1046a-rdb \
   ls1046a-rdb-sdboot \
   ls1088a-rdb \
   ls1088a-rdb-sdboot \
-  ls2088a-rdb
+  ls2088a-rdb \
+  lx2160a-rdb \
+  lx2160a-rdb-sdboot
 
 $(eval $(call HostBuild))
 $(foreach tfa,$(TFAS), \

package/boot/uboot-envtools/files/mvebu

@@ -14,6 +14,9 @@ touch /etc/config/ubootenv
 board=$(board_name)
 
 case "$board" in
+buffalo,ls421de)
+	ubootenv_add_uci_config "/dev/mtd3" "0x0" "0x10000"
+	;;
 cznic,turris-omnia)
 	if grep -q 'U-Boot 2015.10-rc2' /dev/mtd0; then
 		ubootenv_add_uci_config "/dev/mtd0" "0xc0000" "0x10000" "0x40000"

package/boot/uboot-envtools/files/realtek

@@ -11,6 +11,9 @@ case "$board" in
 d-link,dgs-1210-16|\
 d-link,dgs-1210-28|\
 d-link,dgs-1210-10p|\
+zyxel,gs1900-8|\
+zyxel,gs1900-8hp-v1|\
+zyxel,gs1900-8hp-v2|\
 zyxel,gs1900-10hp)
 	idx="$(find_mtd_index u-boot-env)"
 	[ -n "$idx" ] && \

package/boot/uboot-envtools/patches/001-compile.patch

@@ -5,10 +5,10 @@
  override HOSTCC = $(CC)
  
 +ifneq ($(TARGET_CFLAGS),)
-+HOSTCFLAGS = $(TARGET_CFLAGS)
++KBUILD_HOSTCFLAGS = $(TARGET_CFLAGS)
 +endif
 +ifneq ($(TARGET_LDFLAGS),)
-+HOSTLDFLAGS = $(TARGET_LDFLAGS)
++KBUILD_HOSTLDFLAGS = $(TARGET_LDFLAGS)
 +endif
 +
  # Compile for a hosted environment on the target

package/boot/uboot-imx6/Makefile

@@ -24,6 +24,7 @@ define U-Boot/apalis_imx6
   NAME:=Toradex Apalis
   UBOOT_IMAGE:=SPL u-boot.img u-boot-with-spl.imx
   UBOOT_MAKE_FLAGS:=SPL u-boot.img u-boot-with-spl.imx
+  BUILD_DEVICES:=apalis
 endef
 
 define U-Boot/mx6cuboxi

package/boot/uboot-layerscape/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=uboot-layerscape
 PKG_VERSION:=LSDK-20.04-update-290520
-PKG_RELEASE:=2
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://source.codeaurora.org/external/qoriq/qoriq-components/u-boot
@@ -55,6 +55,16 @@ define U-Boot/fsl_ls1043a-rdb-sdboot
   UBOOT_CONFIG:=ls1043ardb_tfa
 endef
 
+define U-Boot/fsl_ls1046a-frwy
+  NAME:=NXP LS1046AFRWY
+  UBOOT_CONFIG:=ls1046afrwy_tfa
+endef
+
+define U-Boot/fsl_ls1046a-frwy-sdboot
+  NAME:=NXP LS1046AFRWY SD Card Boot
+  UBOOT_CONFIG:=ls1046afrwy_tfa
+endef
+
 define U-Boot/fsl_ls1046a-rdb
   NAME:=NXP LS1046ARDB
   UBOOT_CONFIG:=ls1046ardb_tfa
@@ -80,6 +90,16 @@ define U-Boot/fsl_ls2088a-rdb
   UBOOT_CONFIG:=ls2088ardb_tfa
 endef
 
+define U-Boot/fsl_lx2160a-rdb
+  NAME:=NXP LX2160ARDB
+  UBOOT_CONFIG:=lx2160ardb_tfa
+endef
+
+define U-Boot/fsl_lx2160a-rdb-sdboot
+  NAME:=NXP LX2160ARDB SD Card Boot
+  UBOOT_CONFIG:=lx2160ardb_tfa
+endef
+
 define U-Boot/fsl_ls1021a-twr
   NAME:=NXP LS1021ATWR
   BUILD_SUBTARGET:=armv7
@@ -109,11 +129,15 @@ UBOOT_TARGETS := \
   fsl_ls1012a-frwy-sdboot \
   fsl_ls1043a-rdb \
   fsl_ls1043a-rdb-sdboot \
+  fsl_ls1046a-frwy \
+  fsl_ls1046a-frwy-sdboot \
   fsl_ls1046a-rdb \
   fsl_ls1046a-rdb-sdboot \
   fsl_ls1088a-rdb \
   fsl_ls1088a-rdb-sdboot \
   fsl_ls2088a-rdb \
+  fsl_lx2160a-rdb \
+  fsl_lx2160a-rdb-sdboot \
   fsl_ls1021a-twr \
   fsl_ls1021a-twr-sdboot \
   fsl_ls1021a-iot-sdboot

package/boot/uboot-layerscape/files/fsl_ls1046a-frwy-sdboot-uEnv.txt

@@ -0,0 +1,8 @@
+fdtaddr=0x8f000000
+loadaddr=0x81000000
+bootm_size=0x10000000
+hwconfig=fsl_ddr:bank_intlv=auto
+sd_boot=ext4load mmc 0:1 ${loadaddr} fitImage;bootm ${loadaddr}
+bootargs=root=/dev/mmcblk0p2 rw rootwait rootfstype=squashfs,f2fs noinitrd earlycon=uart8250,mmio,0x21c0500 console=ttyS0,115200
+bootcmd=echo starting openwrt ...;run sd_boot
+bootdelay=3

package/boot/uboot-layerscape/files/fsl_ls1046a-frwy-uEnv.txt

@@ -0,0 +1,8 @@
+fdtaddr=0x8f000000
+loadaddr=0x81000000
+bootm_size=0x10000000
+hwconfig=fsl_ddr:bank_intlv=auto
+qspi_boot=sf probe 0:0;sf read $fdtaddr f00000 100000;sf read $loadaddr 1000000 1000000;bootm $loadaddr - $fdtaddr
+bootargs=root=/dev/mtdblock9 rootfstype=squashfs,jffs2 noinitrd earlycon=uart8250,mmio,0x21c0500 console=ttyS0,115200 mtdparts=1550000.spi:1m(bl2),4m(fip),1m(u-boot-env),3m(reserved-1),256k(fman),5888k(reserved-2),1m(dtb),16m(kernel),32m(rootfs),49m@0xf00000(firmware)
+bootcmd=echo starting openwrt ...;run qspi_boot
+bootdelay=3

package/boot/uboot-layerscape/files/fsl_lx2160a-rdb-sdboot-uEnv.txt

@@ -0,0 +1,9 @@
+fdtaddr=0x8f000000
+loadaddr=0x81000000
+bootm_size=0x10000000
+hwconfig=fsl_ddr:bank_intlv=auto
+mc_init=mmc read 80000000 5000 1800;mmc read 80300000 7000 800;fsl_mc start mc 80000000 80300000;mmc read 80400000 6800 800;fsl_mc apply dpl 80400000
+sd_boot=ext4load mmc 0:1 ${loadaddr} fitImage;bootm ${loadaddr}
+bootargs=root=/dev/mmcblk0p2 rw rootwait rootfstype=squashfs,f2fs noinitrd earlycon=pl011,mmio32,0x21c0000 console=ttyAMA0,115200
+bootcmd=echo starting openwrt ...;run mc_init;run sd_boot
+bootdelay=3

package/boot/uboot-layerscape/files/fsl_lx2160a-rdb-uEnv.txt

@@ -0,0 +1,9 @@
+fdtaddr=0x8f000000
+loadaddr=0x81000000
+bootm_size=0x10000000
+hwconfig=fsl_ddr:bank_intlv=auto
+mc_init=sf probe 0:0;sf read 80000000 a00000 300000;sf read 80300000 e00000 100000;fsl_mc start mc 80000000 80300000;sf read 80400000 d00000 100000;fsl_mc apply dpl 80400000
+xspi_boot=sf probe 0:0;sf read $fdtaddr f00000 100000;sf read $loadaddr 1000000 1000000;bootm $loadaddr - $fdtaddr
+bootargs=root=/dev/mtdblock9 rootfstype=squashfs,jffs2 noinitrd earlycon=pl011,mmio32,0x21c0000 console=ttyAMA0,115200 mtdparts=20c0000.spi-0:1m(bl2),4m(fip),1m(u-boot-env),4m(reserved-1),3m(mc),1m(dpl),1m(dpc),1m(dtb),16m(kernel),32m(rootfs),49m@0xf00000(firmware)
+bootcmd=echo starting openwrt ...;run mc_init;run xspi_boot
+bootdelay=3

package/boot/uboot-sunxi/patches/260-add-missing-type-u64.patch

@@ -0,0 +1,10 @@
+--- a/include/linux/types.h
++++ b/include/linux/types.h
+@@ -1,6 +1,7 @@
+ #ifndef _LINUX_TYPES_H
+ #define _LINUX_TYPES_H
+ 
++typedef unsigned long long __u64;
+ #include <linux/posix_types.h>
+ #include <asm/types.h>
+ #include <stdbool.h>

package/devel/binutils/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=binutils
 PKG_VERSION:=2.35.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_URL:=@GNU/binutils
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
@@ -34,7 +34,7 @@ define Package/libbfd
   SECTION:=libs
   CATEGORY:=Libraries
   TITLE:=libbfd
-  DEPENDS:=+zlib $(ICONV_DEPENDS) $(INTL_DEPENDS)
+  DEPENDS:=+zlib $(INTL_DEPENDS)
 endef
 
 define Package/libctf
@@ -79,6 +79,8 @@ endef
 
 TARGET_CFLAGS += $(FPIC) -Wno-unused-value
 
+TARGET_LDFLAGS += $(if $(INTL_FULL),-lintl)
+
 CONFIGURE_ARGS += \
 	--host=$(REAL_GNU_TARGET_NAME) \
 	--target=$(REAL_GNU_TARGET_NAME) \

package/firmware/cypress-firmware/Makefile

@@ -15,7 +15,7 @@ PKG_RELEASE:=3
 
 PKG_SOURCE_UNZIP:=cypress-firmware-$(PKG_VERSION).tar.gz
 PKG_SOURCE:=cypress-fmac-$(PKG_VERSION).zip
-PKG_SOURCE_URL:=https://community.cypress.com/servlet/JiveServlet/download/19375-1-53475/
+PKG_SOURCE_URL:=https://community.cypress.com/gfawx74859/attachments/gfawx74859/resourcelibrary/1016/1/
 PKG_HASH:=b12b0570f462c2f3c26dde98b10235a845a7109037def1e7e51af728bcc1a958
 
 PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>

package/firmware/layerscape/ls-ddr-phy/Makefile

@@ -0,0 +1,50 @@
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+# Copyright 2020 NXP
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=ls-ddr-phy
+PKG_VERSION:=LSDK-20.04-update-290520
+PKG_RELEASE:=$(AUTORELEASE)
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/NXP/ddr-phy-binary.git
+PKG_SOURCE_VERSION:=fbc036b88acb6c06ffed02c898cbae9856ec75ba
+PKG_MIRROR_HASH:=84e2bdea99384211971bb23ba9ed18b5839628ff2aa0738d2978bbdf841638cb
+PKG_BUILD_DEPENDS:=tfa-layerscape/host
+
+PKG_LICENSE:=EULA
+PKG_LICENSE_FILES:=NXP-Binary-EULA.txt
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/layerscape-ddr-phy
+  SECTION:=firmware
+  CATEGORY:=Firmware
+  TITLE:=NXP Layerscape DDR PHY firmware
+  DEPENDS:=@TARGET_layerscape
+endef
+
+define Build/Compile
+	cd $(PKG_BUILD_DIR)/lx2160a/ && \
+	fiptool-layerscape create \
+		--ddr-immem-udimm-1d ddr4_pmu_train_imem.bin \
+		--ddr-immem-udimm-2d ddr4_2d_pmu_train_imem.bin \
+		--ddr-dmmem-udimm-1d ddr4_pmu_train_dmem.bin \
+		--ddr-dmmem-udimm-2d ddr4_2d_pmu_train_dmem.bin \
+		--ddr-immem-rdimm-1d ddr4_rdimm_pmu_train_imem.bin \
+		--ddr-immem-rdimm-2d ddr4_rdimm2d_pmu_train_imem.bin \
+		--ddr-dmmem-rdimm-1d ddr4_rdimm_pmu_train_dmem.bin \
+		--ddr-dmmem-rdimm-2d ddr4_rdimm2d_pmu_train_dmem.bin \
+		fip_ddr_all.bin
+endef
+
+define Build/InstallDev
+	$(INSTALL_DIR) $(STAGING_DIR_IMAGE)
+	$(CP) $(PKG_BUILD_DIR)/lx2160a/fip_ddr_all.bin \
+		$(STAGING_DIR_IMAGE)/fsl_lx2160a-rdb-fip_ddr_all.bin
+endef
+
+$(eval $(call BuildPackage,layerscape-ddr-phy))

package/firmware/layerscape/ls-dpl/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ls-dpl
 PKG_VERSION:=LSDK-20.04
-PKG_RELEASE:=2
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://source.codeaurora.org/external/qoriq/qoriq-components/mc-utils
@@ -40,6 +40,10 @@ define Build/InstallDev
 		$(STAGING_DIR_IMAGE)/fsl_ls2088a-rdb-dpl.dtb
 	$(CP) $(PKG_BUILD_DIR)/config/ls2088a/RDB/dpc.0x2A_0x41.dtb \
 		$(STAGING_DIR_IMAGE)/fsl_ls2088a-rdb-dpc.dtb
+	$(CP) $(PKG_BUILD_DIR)/config/lx2160a/RDB/dpl-eth.19.dtb \
+		$(STAGING_DIR_IMAGE)/fsl_lx2160a-rdb-dpl.dtb
+	$(CP) $(PKG_BUILD_DIR)/config/lx2160a/RDB/dpc-usxgmii.dtb \
+		$(STAGING_DIR_IMAGE)/fsl_lx2160a-rdb-dpc.dtb
 endef
 
 $(eval $(call BuildPackage,layerscape-dpl))

package/firmware/layerscape/ls-mc/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ls-mc
 PKG_VERSION:=LSDK-20.04
-PKG_RELEASE:=2
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/NXP/qoriq-mc-binary.git
@@ -34,6 +34,8 @@ define Build/InstallDev
 		$(STAGING_DIR_IMAGE)/fsl_ls1088a-rdb-mc.itb
 	$(CP) $(PKG_BUILD_DIR)/ls2088a/mc_10.20.4_ls2088a.itb \
 		$(STAGING_DIR_IMAGE)/fsl_ls2088a-rdb-mc.itb
+	$(CP) $(PKG_BUILD_DIR)/lx2160a/mc_10.20.4_lx2160a.itb \
+		$(STAGING_DIR_IMAGE)/fsl_lx2160a-rdb-mc.itb
 endef
 
 $(eval $(call BuildPackage,layerscape-mc))

package/firmware/layerscape/ls-rcw/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ls-rcw
 PKG_VERSION:=LSDK-20.04-update-290520
-PKG_RELEASE:=2
+PKG_RELEASE:=$(AUTORELEASE)
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://source.codeaurora.org/external/qoriq/qoriq-components/rcw
@@ -31,11 +31,15 @@ BOARDS := \
   ls1012a-frwy-sdboot \
   ls1043a-rdb \
   ls1043a-rdb-sdboot \
+  ls1046a-frwy \
+  ls1046a-frwy-sdboot \
   ls1046a-rdb \
   ls1046a-rdb-sdboot \
   ls1088a-rdb \
   ls1088a-rdb-sdboot \
   ls2088a-rdb \
+  lx2160a-rdb \
+  lx2160a-rdb-sdboot \
   ls1021a-twr
 
 RCW_ls1012a-rdb         :=ls1012ardb/R_SPNH_3508/rcw_1000_default.bin
@@ -43,11 +47,15 @@ RCW_ls1012a-frdm        :=ls1012afrdm/N_SSNP_3305/rcw_800.bin
 RCW_ls1012a-frwy-sdboot :=ls1012afrwy/N_SSNP_3305/rcw_1000_default.bin
 RCW_ls1043a-rdb         :=ls1043ardb/RR_FQPP_1455/rcw_1600.bin
 RCW_ls1043a-rdb-sdboot  :=ls1043ardb/RR_FQPP_1455/rcw_1600_sdboot.bin
+RCW_ls1046a-frwy        :=ls1046afrwy/NN_NNQNNPNP_3040_0506/rcw_1600_qspiboot.bin
+RCW_ls1046a-frwy-sdboot :=ls1046afrwy/NN_NNQNNPNP_3040_0506/rcw_1600_sdboot.bin
 RCW_ls1046a-rdb         :=ls1046ardb/RR_FFSSPPPH_1133_5559/rcw_1800_qspiboot.bin
 RCW_ls1046a-rdb-sdboot  :=ls1046ardb/RR_FFSSPPPH_1133_5559/rcw_1800_sdboot.bin
 RCW_ls1088a-rdb         :=ls1088ardb/FCQQQQQQQQ_PPP_H_0x1d_0x0d/rcw_1600_qspi.bin
 RCW_ls1088a-rdb-sdboot  :=ls1088ardb/FCQQQQQQQQ_PPP_H_0x1d_0x0d/rcw_1600_sd.bin
 RCW_ls2088a-rdb         :=ls2088ardb/FFFFFFFF_PP_HH_0x2a_0x41/rcw_1800.bin
+RCW_lx2160a-rdb         :=lx2160ardb_rev2/XGGFF_PP_HHHH_RR_19_5_2/rcw_2000_700_2900_19_5_2.bin
+RCW_lx2160a-rdb-sdboot  :=lx2160ardb_rev2/XGGFF_PP_HHHH_RR_19_5_2/rcw_2000_700_2900_19_5_2.bin
 RCW_ls1021a-twr         :=ls1021atwr/SSR_PNS_30/rcw_1200.bin
 
 define Build/InstallDev

package/kernel/ath10k-ct/Makefile

@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ath10k-ct
-PKG_RELEASE=1
+PKG_RELEASE=2
 
 PKG_LICENSE:=GPLv2
 PKG_LICENSE_FILES:=
@@ -12,10 +12,10 @@ PKG_SOURCE_DATE:=2021-01-11
 PKG_SOURCE_VERSION:=9fe1df7d4f783b6b0cd1c99d11979e5a6e6fc40b
 PKG_MIRROR_HASH:=4e30e256716611045e930b95eadaa8bfcadd5bdd8bbe3869cfe0f377920e812b
 
-# Build the 5.8 ath10k-ct driver version.
+# Build the 5.10 ath10k-ct driver version.
 # Probably this should match as closely as
 # possible to whatever mac80211 backports version is being used.
-CT_KVER="-5.8"
+CT_KVER="-5.10"
 
 PKG_MAINTAINER:=Ben Greear <greearb@candelatech.com>
 PKG_BUILD_PARALLEL:=1
@@ -52,7 +52,8 @@ $(call KernelPackage/ath10k-ct)
   VARIANT:=smallbuffers
 endef
 
-NOSTDINC_FLAGS = \
+NOSTDINC_FLAGS := \
+	$(KERNEL_NOSTDINC_FLAGS) \
 	-I$(PKG_BUILD_DIR) \
 	-I$(STAGING_DIR)/usr/include/mac80211-backport/uapi \
 	-I$(STAGING_DIR)/usr/include/mac80211-backport \

package/kernel/ath10k-ct/patches/164-ath10k-commit-rates-from-mac80211.patch

@@ -9,9 +9,9 @@ mcast_rate set for a wifi-iface.
 
 Signed-off-by: Sven Eckelmann <sven@narfation.org>
 
---- a/ath10k-5.8/mac.c
-+++ b/ath10k-5.8/mac.c
-@@ -6691,6 +6691,7 @@ static void ath10k_recalculate_mgmt_rate
+--- a/ath10k-5.10/mac.c
++++ b/ath10k-5.10/mac.c
+@@ -6774,6 +6774,7 @@ static void ath10k_recalculate_mgmt_rate
  		return;
  	}
  
@@ -19,7 +19,7 @@ Signed-off-by: Sven Eckelmann <sven@narfation.org>
  	vdev_param = ar->wmi.vdev_param->mgmt_rate;
  	ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id, vdev_param,
  					hw_rate_code);
-@@ -6917,6 +6918,7 @@ static void ath10k_bss_info_changed(stru
+@@ -7000,6 +7001,7 @@ static void ath10k_bss_info_changed(stru
  			   "mac vdev %d mcast_rate %x\n",
  			   arvif->vdev_id, rate);
  
@@ -27,7 +27,7 @@ Signed-off-by: Sven Eckelmann <sven@narfation.org>
  		vdev_param = ar->wmi.vdev_param->mcast_data_rate;
  		ret = ath10k_wmi_vdev_set_param(ar, arvif->vdev_id,
  						vdev_param, rate);
-@@ -6925,6 +6927,7 @@ static void ath10k_bss_info_changed(stru
+@@ -7008,6 +7010,7 @@ static void ath10k_bss_info_changed(stru
  				    "failed to set mcast rate on vdev %i: %d\n",
  				    arvif->vdev_id,  ret);
  

package/kernel/ath10k-ct/patches/201-ath10k-add-LED-and-GPIO-controlling-support-for-various-chipsets.patch

@@ -66,24 +66,24 @@ v13:
 
 * cleanup includes
 
- ath10k-5.8/Kconfig   |  10 +++
- ath10k-5.8/Makefile  |   1 +
- ath10k-5.8/core.c    |  22 +++++++
- ath10k-5.8/core.h    |   9 ++-
- ath10k-5.8/hw.h      |   1 +
- ath10k-5.8/leds.c    | 103 ++++++++++++++++++++++++++++++
- ath10k-5.8/leds.h    |  45 +++++++++++++
- ath10k-5.8/mac.c     |   1 +
- ath10k-5.8/wmi-ops.h |  32 ++++++++++
- ath10k-5.8/wmi-tlv.c |   2 +
- ath10k-5.8/wmi.c     |  54 ++++++++++++++++
- ath10k-5.8/wmi.h     |  35 ++++++++++
+ ath10k-5.10/Kconfig   |  10 +++
+ ath10k-5.10/Makefile  |   1 +
+ ath10k-5.10/core.c    |  22 +++++++
+ ath10k-5.10/core.h    |   9 ++-
+ ath10k-5.10/hw.h      |   1 +
+ ath10k-5.10/leds.c    | 103 ++++++++++++++++++++++++++++++
+ ath10k-5.10/leds.h    |  45 +++++++++++++
+ ath10k-5.10/mac.c     |   1 +
+ ath10k-5.10/wmi-ops.h |  32 ++++++++++
+ ath10k-5.10/wmi-tlv.c |   2 +
+ ath10k-5.10/wmi.c     |  54 ++++++++++++++++
+ ath10k-5.10/wmi.h     |  35 ++++++++++
  12 files changed, 314 insertions(+), 1 deletion(-)
- create mode 100644 ath10k-5.8/leds.c
- create mode 100644 ath10k-5.8/leds.h
+ create mode 100644 ath10k-5.10/leds.c
+ create mode 100644 ath10k-5.10/leds.h
 
---- a/ath10k-5.8/Kconfig
-+++ b/ath10k-5.8/Kconfig
+--- a/ath10k-5.10/Kconfig
++++ b/ath10k-5.10/Kconfig
 @@ -65,6 +65,16 @@ config ATH10K_DEBUGFS
  
  	  If unsure, say Y to make it easier to debug problems.
@@ -101,8 +101,8 @@ v13:
  config ATH10K_SPECTRAL
  	bool "Atheros ath10k spectral scan support"
  	depends on ATH10K_DEBUGFS
---- a/ath10k-5.8/Makefile
-+++ b/ath10k-5.8/Makefile
+--- a/ath10k-5.10/Makefile
++++ b/ath10k-5.10/Makefile
 @@ -20,6 +20,7 @@ ath10k_core-$(CONFIG_ATH10K_SPECTRAL) +=
  ath10k_core-$(CONFIG_NL80211_TESTMODE) += testmode.o
  ath10k_core-$(CONFIG_ATH10K_TRACING) += trace.o
@@ -111,8 +111,8 @@ v13:
  ath10k_core-$(CONFIG_MAC80211_DEBUGFS) += debugfs_sta.o
  ath10k_core-$(CONFIG_PM) += wow.o
  ath10k_core-$(CONFIG_ATH10K_CE) += ce.o
---- a/ath10k-5.8/core.c
-+++ b/ath10k-5.8/core.c
+--- a/ath10k-5.10/core.c
++++ b/ath10k-5.10/core.c
 @@ -26,6 +26,7 @@
  #include "testmode.h"
  #include "wmi-ops.h"
@@ -129,7 +129,7 @@ v13:
  		.patch_load_addr = QCA988X_HW_2_0_PATCH_LOAD_ADDR,
  		.uart_pin = 7,
  		.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_ALL,
-@@ -138,6 +140,7 @@ static const struct ath10k_hw_params ath
+@@ -137,6 +139,7 @@ static const struct ath10k_hw_params ath
  		.dev_id = QCA9887_1_0_DEVICE_ID,
  		.bus = ATH10K_BUS_PCI,
  		.name = "qca9887 hw1.0",
@@ -137,7 +137,7 @@ v13:
  		.patch_load_addr = QCA9887_HW_1_0_PATCH_LOAD_ADDR,
  		.uart_pin = 7,
  		.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_ALL,
-@@ -347,6 +350,7 @@ static const struct ath10k_hw_params ath
+@@ -342,6 +345,7 @@ static const struct ath10k_hw_params ath
  		.dev_id = QCA99X0_2_0_DEVICE_ID,
  		.bus = ATH10K_BUS_PCI,
  		.name = "qca99x0 hw2.0",
@@ -145,7 +145,7 @@ v13:
  		.patch_load_addr = QCA99X0_HW_2_0_PATCH_LOAD_ADDR,
  		.uart_pin = 7,
  		.otp_exe_param = 0x00000700,
-@@ -388,6 +392,7 @@ static const struct ath10k_hw_params ath
+@@ -382,6 +386,7 @@ static const struct ath10k_hw_params ath
  		.dev_id = QCA9984_1_0_DEVICE_ID,
  		.bus = ATH10K_BUS_PCI,
  		.name = "qca9984/qca9994 hw1.0",
@@ -153,7 +153,7 @@ v13:
  		.patch_load_addr = QCA9984_HW_1_0_PATCH_LOAD_ADDR,
  		.uart_pin = 7,
  		.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_EACH,
-@@ -436,6 +441,7 @@ static const struct ath10k_hw_params ath
+@@ -429,6 +434,7 @@ static const struct ath10k_hw_params ath
  		.dev_id = QCA9888_2_0_DEVICE_ID,
  		.bus = ATH10K_BUS_PCI,
  		.name = "qca9888 hw2.0",
@@ -161,7 +161,7 @@ v13:
  		.patch_load_addr = QCA9888_HW_2_0_PATCH_LOAD_ADDR,
  		.uart_pin = 7,
  		.cc_wraparound_type = ATH10K_HW_CC_WRAP_SHIFTED_EACH,
-@@ -3688,6 +3694,10 @@ int ath10k_core_start(struct ath10k *ar,
+@@ -3705,6 +3711,10 @@ int ath10k_core_start(struct ath10k *ar,
  			ath10k_wmi_check_apply_board_power_ctl_table(ar);
  	}
  
@@ -172,7 +172,7 @@ v13:
  	return 0;
  
  err_hif_stop:
-@@ -3946,9 +3956,18 @@ static void ath10k_core_register_work(st
+@@ -3963,9 +3973,18 @@ static void ath10k_core_register_work(st
  		goto err_spectral_destroy;
  	}
  
@@ -191,7 +191,7 @@ v13:
  err_spectral_destroy:
  	ath10k_spectral_destroy(ar);
  err_debug_destroy:
-@@ -4008,6 +4027,8 @@ void ath10k_core_unregister(struct ath10
+@@ -4025,6 +4044,8 @@ void ath10k_core_unregister(struct ath10
  	if (!test_bit(ATH10K_FLAG_CORE_REGISTERED, &ar->dev_flags))
  		return;
  
@@ -200,8 +200,8 @@ v13:
  	ath10k_thermal_unregister(ar);
  	/* Stop spectral before unregistering from mac80211 to remove the
  	 * relayfs debugfs file cleanly. Otherwise the parent debugfs tree
---- a/ath10k-5.8/core.h
-+++ b/ath10k-5.8/core.h
+--- a/ath10k-5.10/core.h
++++ b/ath10k-5.10/core.h
 @@ -14,6 +14,7 @@
  #include <linux/pci.h>
  #include <linux/uuid.h>
@@ -210,7 +210,7 @@ v13:
  
  #include "htt.h"
  #include "htc.h"
-@@ -1530,6 +1531,13 @@ struct ath10k {
+@@ -1551,6 +1552,13 @@ struct ath10k {
  	} testmode;
  
  	struct {
@@ -224,8 +224,8 @@ v13:
  		/* protected by data_lock */
  		u32 rx_crc_err_drop;
  		u32 fw_crash_counter;
---- a/ath10k-5.8/hw.h
-+++ b/ath10k-5.8/hw.h
+--- a/ath10k-5.10/hw.h
++++ b/ath10k-5.10/hw.h
 @@ -521,6 +521,7 @@ struct ath10k_hw_params {
  	const char *name;
  	u32 patch_load_addr;
@@ -235,7 +235,7 @@ v13:
  
  	/* Type of hw cycle counter wraparound logic, for more info
 --- /dev/null
-+++ b/ath10k-5.8/leds.c
++++ b/ath10k-5.10/leds.c
 @@ -0,0 +1,103 @@
 +/*
 + * Copyright (c) 2005-2011 Atheros Communications Inc.
@@ -341,7 +341,7 @@ v13:
 +}
 +
 --- /dev/null
-+++ b/ath10k-5.8/leds.h
++++ b/ath10k-5.10/leds.h
 @@ -0,0 +1,41 @@
 +/*
 + * Copyright (c) 2018, The Linux Foundation. All rights reserved.
@@ -384,8 +384,8 @@ v13:
 +
 +#endif
 +#endif /* _LEDS_H_ */
---- a/ath10k-5.8/mac.c
-+++ b/ath10k-5.8/mac.c
+--- a/ath10k-5.10/mac.c
++++ b/ath10k-5.10/mac.c
 @@ -25,6 +25,7 @@
  #include "wmi-tlv.h"
  #include "wmi-ops.h"
@@ -394,12 +394,12 @@ v13:
  
  /*********/
  /* Rates */
---- a/ath10k-5.8/wmi-ops.h
-+++ b/ath10k-5.8/wmi-ops.h
-@@ -226,7 +226,10 @@ struct wmi_ops {
- 	struct sk_buff *(*gen_bb_timing)
- 			(struct ath10k *ar,
+--- a/ath10k-5.10/wmi-ops.h
++++ b/ath10k-5.10/wmi-ops.h
+@@ -228,7 +228,10 @@ struct wmi_ops {
  			 const struct wmi_bb_timing_cfg_arg *arg);
+ 	struct sk_buff *(*gen_per_peer_per_tid_cfg)(struct ath10k *ar,
+ 						    const struct wmi_per_peer_per_tid_cfg_arg *arg);
 +	struct sk_buff *(*gen_gpio_config)(struct ath10k *ar, u32 gpio_num,
 +					   u32 input, u32 pull_type, u32 intr_mode);
  
@@ -407,7 +407,7 @@ v13:
  };
  
  int ath10k_wmi_cmd_send(struct ath10k *ar, struct sk_buff *skb, u32 cmd_id);
-@@ -1145,6 +1148,35 @@ ath10k_wmi_force_fw_hang(struct ath10k *
+@@ -1147,6 +1150,35 @@ ath10k_wmi_force_fw_hang(struct ath10k *
  	return ath10k_wmi_cmd_send(ar, skb, ar->wmi.cmd->force_fw_hang_cmdid);
  }
  
@@ -443,9 +443,9 @@ v13:
  static inline int
  ath10k_wmi_dbglog_cfg(struct ath10k *ar, u64 module_enable, u32 log_level)
  {
---- a/ath10k-5.8/wmi-tlv.c
-+++ b/ath10k-5.8/wmi-tlv.c
-@@ -4583,6 +4583,8 @@ static const struct wmi_ops wmi_tlv_ops
+--- a/ath10k-5.10/wmi-tlv.c
++++ b/ath10k-5.10/wmi-tlv.c
+@@ -4585,6 +4585,8 @@ static const struct wmi_ops wmi_tlv_ops
  	.gen_echo = ath10k_wmi_tlv_op_gen_echo,
  	.gen_vdev_spectral_conf = ath10k_wmi_tlv_op_gen_vdev_spectral_conf,
  	.gen_vdev_spectral_enable = ath10k_wmi_tlv_op_gen_vdev_spectral_enable,
@@ -454,9 +454,9 @@ v13:
  };
  
  static const struct wmi_peer_flags_map wmi_tlv_peer_flags_map = {
---- a/ath10k-5.8/wmi.c
-+++ b/ath10k-5.8/wmi.c
-@@ -8412,6 +8412,49 @@ ath10k_wmi_op_gen_peer_set_param(struct
+--- a/ath10k-5.10/wmi.c
++++ b/ath10k-5.10/wmi.c
+@@ -8409,6 +8409,49 @@ ath10k_wmi_op_gen_peer_set_param(struct
  	return skb;
  }
  
@@ -506,7 +506,7 @@ v13:
  static struct sk_buff *
  ath10k_wmi_op_gen_set_psmode(struct ath10k *ar, u32 vdev_id,
  			     enum wmi_sta_ps_mode psmode)
-@@ -10211,6 +10254,9 @@ static const struct wmi_ops wmi_ops = {
+@@ -10238,6 +10281,9 @@ static const struct wmi_ops wmi_ops = {
  	.fw_stats_fill = ath10k_wmi_main_op_fw_stats_fill,
  	.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
  	.gen_echo = ath10k_wmi_op_gen_echo,
@@ -516,7 +516,7 @@ v13:
  	/* .gen_bcn_tmpl not implemented */
  	/* .gen_prb_tmpl not implemented */
  	/* .gen_p2p_go_bcn_ie not implemented */
-@@ -10281,6 +10327,8 @@ static const struct wmi_ops wmi_10_1_ops
+@@ -10308,6 +10354,8 @@ static const struct wmi_ops wmi_10_1_ops
  	.fw_stats_fill = ath10k_wmi_10x_op_fw_stats_fill,
  	.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
  	.gen_echo = ath10k_wmi_op_gen_echo,
@@ -525,7 +525,7 @@ v13:
  	/* .gen_bcn_tmpl not implemented */
  	/* .gen_prb_tmpl not implemented */
  	/* .gen_p2p_go_bcn_ie not implemented */
-@@ -10360,6 +10408,8 @@ static const struct wmi_ops wmi_10_2_ops
+@@ -10387,6 +10435,8 @@ static const struct wmi_ops wmi_10_2_ops
  	.gen_delba_send = ath10k_wmi_op_gen_delba_send,
  	.fw_stats_fill = ath10k_wmi_10x_op_fw_stats_fill,
  	.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
@@ -534,7 +534,7 @@ v13:
  	/* .gen_pdev_enable_adaptive_cca not implemented */
  };
  
-@@ -10431,6 +10481,8 @@ static const struct wmi_ops wmi_10_2_4_o
+@@ -10458,6 +10508,8 @@ static const struct wmi_ops wmi_10_2_4_o
  		ath10k_wmi_op_gen_pdev_enable_adaptive_cca,
  	.get_vdev_subtype = ath10k_wmi_10_2_4_op_get_vdev_subtype,
  	.gen_bb_timing = ath10k_wmi_10_2_4_op_gen_bb_timing,
@@ -543,7 +543,7 @@ v13:
  	/* .gen_bcn_tmpl not implemented */
  	/* .gen_prb_tmpl not implemented */
  	/* .gen_p2p_go_bcn_ie not implemented */
-@@ -10512,6 +10564,8 @@ static const struct wmi_ops wmi_10_4_ops
+@@ -10540,6 +10592,8 @@ static const struct wmi_ops wmi_10_4_ops
  	.gen_pdev_bss_chan_info_req = ath10k_wmi_10_2_op_gen_pdev_bss_chan_info,
  	.gen_echo = ath10k_wmi_op_gen_echo,
  	.gen_pdev_get_tpc_config = ath10k_wmi_10_2_4_op_gen_pdev_get_tpc_config,
@@ -552,9 +552,9 @@ v13:
  };
  
  int ath10k_wmi_attach(struct ath10k *ar)
---- a/ath10k-5.8/wmi.h
-+++ b/ath10k-5.8/wmi.h
-@@ -3121,6 +3121,41 @@ enum wmi_10_4_feature_mask {
+--- a/ath10k-5.10/wmi.h
++++ b/ath10k-5.10/wmi.h
+@@ -3133,6 +3133,41 @@ enum wmi_10_4_feature_mask {
  
  };
  

package/kernel/ath10k-ct/patches/202-ath10k-use-tpt-trigger-by-default.patch

@@ -9,14 +9,14 @@ traffic.
 
 Signed-off-by: Mathias Kresin <dev@kresin.me>
 ---
- ath10k-5.8/core.h | 4 ++++
- ath10k-5.8/leds.c | 4 +---
- ath10k-5.8/mac.c  | 2 +-
+ ath10k-5.10/core.h | 4 ++++
+ ath10k-5.10/leds.c | 4 +---
+ ath10k-5.10/mac.c  | 2 +-
  3 files changed, 6 insertions(+), 4 deletions(-)
 
---- a/ath10k-5.8/core.h
-+++ b/ath10k-5.8/core.h
-@@ -1638,6 +1638,10 @@ struct ath10k {
+--- a/ath10k-5.10/core.h
++++ b/ath10k-5.10/core.h
+@@ -1659,6 +1659,10 @@ struct ath10k {
  	u8 csi_data[4096];
  	u16 csi_data_len;
  
@@ -27,8 +27,8 @@ Signed-off-by: Mathias Kresin <dev@kresin.me>
  	/* must be last */
  	u8 drv_priv[] __aligned(sizeof(void *));
  };
---- a/ath10k-5.8/leds.c
-+++ b/ath10k-5.8/leds.c
+--- a/ath10k-5.10/leds.c
++++ b/ath10k-5.10/leds.c
 @@ -81,9 +81,7 @@ int ath10k_leds_register(struct ath10k *
  
  	ar->leds.cdev.name = ar->leds.label;
@@ -40,9 +40,9 @@ Signed-off-by: Mathias Kresin <dev@kresin.me>
  
  	ret = led_classdev_register(wiphy_dev(ar->hw->wiphy), &ar->leds.cdev);
  	if (ret)
---- a/ath10k-5.8/mac.c
-+++ b/ath10k-5.8/mac.c
-@@ -10718,7 +10718,7 @@ int ath10k_mac_register(struct ath10k *a
+--- a/ath10k-5.10/mac.c
++++ b/ath10k-5.10/mac.c
+@@ -11400,7 +11400,7 @@ int ath10k_mac_register(struct ath10k *a
  	ar->hw->weight_multiplier = ATH10K_AIRTIME_WEIGHT_MULTIPLIER;
  
  #ifdef CPTCFG_MAC80211_LEDS

package/kernel/ath10k-ct/patches/300-mac80211-5.10.patch

@@ -1,24 +0,0 @@
---- a/ath10k-5.8/wmi.c
-+++ b/ath10k-5.8/wmi.c
-@@ -4254,7 +4254,7 @@ void ath10k_wmi_event_host_swba(struct a
- 		 * actual channel switch is done
- 		 */
- 		if (arvif->vif->csa_active &&
--		    ieee80211_csa_is_complete(arvif->vif)) {
-+		    ieee80211_beacon_cntdwn_is_complete(arvif->vif)) {
- 			ieee80211_csa_finish(arvif->vif);
- 			continue;
- 		}
---- a/ath10k-5.8/mac.c
-+++ b/ath10k-5.8/mac.c
-@@ -2295,8 +2295,8 @@ static void ath10k_mac_vif_ap_csa_count_
- 	if (!arvif->is_up)
- 		return;
- 
--	if (!ieee80211_csa_is_complete(vif)) {
--		ieee80211_csa_update_counter(vif);
-+	if (!ieee80211_beacon_cntdwn_is_complete(vif)) {
-+		ieee80211_beacon_update_cntdwn(vif);
- 
- 		ret = ath10k_mac_setup_bcn_tmpl(arvif);
- 		if (ret)

package/kernel/ath10k-ct/patches/960-0010-ath10k-limit-htt-rx-ring-size.patch

@@ -1,5 +1,5 @@
---- a/ath10k-5.8/htt.h
-+++ b/ath10k-5.8/htt.h
+--- a/ath10k-5.10/htt.h
++++ b/ath10k-5.10/htt.h
 @@ -237,7 +237,11 @@ enum htt_rx_ring_flags {
  };
  

package/kernel/ath10k-ct/patches/960-0011-ath10k-limit-pci-buffer-size.patch

@@ -1,5 +1,5 @@
---- a/ath10k-5.8/pci.c
-+++ b/ath10k-5.8/pci.c
+--- a/ath10k-5.10/pci.c
++++ b/ath10k-5.10/pci.c
 @@ -131,7 +131,11 @@ static const struct ce_attr pci_host_ce_
  		.flags = CE_ATTR_FLAGS,
  		.src_nentries = 0,

package/kernel/bcm27xx-gpu-fw/Makefile

@@ -2,8 +2,8 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=bcm27xx-gpu-fw
-PKG_VERSION:=2020-04-15
-PKG_RELEASE:=9e3c23ce779e8cf44c33d6a25bba249319207f68
+PKG_VERSION:=2021-02-16
+PKG_RELEASE:=ba6259246c702b04ea56ff1034325e476d460ae8
 
 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_NAME)/rpi-firmware-$(PKG_RELEASE)
 
@@ -26,7 +26,7 @@ define Download/bootcode_bin
   FILE:=$(RPI_FIRMWARE_FILE)-bootcode.bin
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=bootcode.bin
-  HASH:=1e3582640b97f6a1ba77b66181fe698767d205f5d4c4315f56d03b398a7e55d1
+  HASH:=92fd15eb2468187b69d15a9482d7e8cee3704993c53bb5ba55afe550723c5975
 endef
 $(eval $(call Download,bootcode_bin))
 
@@ -34,7 +34,7 @@ define Download/fixup_dat
   FILE:=$(RPI_FIRMWARE_FILE)-fixup.dat
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=fixup.dat
-  HASH:=ff5aa78aa6fb6202cb6b490d07dda7a844145d4cf82dc005ef8baf8fa936996e
+  HASH:=3daaf175decee44347fb97ece7738edf230b6fe3a86a8f521652e0052d5b3d6a
 endef
 $(eval $(call Download,fixup_dat))
 
@@ -42,7 +42,7 @@ define Download/fixup_cd_dat
   FILE:=$(RPI_FIRMWARE_FILE)-fixup_cd.dat
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=fixup_cd.dat
-  HASH:=e21c05b05bb140dbe99cdb45af3e2e60e61772737b006b4c0b5cf8f609eab8e7
+  HASH:=399b10509877cc7cbbaae25757ff44ee9f666931dd5c0996b48d170735a668b0
 endef
 $(eval $(call Download,fixup_cd_dat))
 
@@ -50,7 +50,7 @@ define Download/fixup_x_dat
   FILE:=$(RPI_FIRMWARE_FILE)-fixup_x.dat
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=fixup_x.dat
-  HASH:=a9a5269358fd3e1f8cc6d5ac31902d449ba8c06be8c8ae211c92f8a170a552c9
+  HASH:=3c2a71f349bbc97bc3d9f7592bdd3f06d3d67e1ccd581cbdbb91b67a16304d76
 endef
 $(eval $(call Download,fixup_x_dat))
 
@@ -58,7 +58,7 @@ define Download/fixup4_dat
   FILE:=$(RPI_FIRMWARE_FILE)-fixup4.dat
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=fixup4.dat
-  HASH:=78137591cc1b0654fc389e83ba59bf1d2a5ce1f8ba971058d9469e20e3c4e4ea
+  HASH:=68e9112ac7907af51cbf7f458d241e6136af1be4e968909e34cbffb70f9536b4
 endef
 $(eval $(call Download,fixup4_dat))
 
@@ -66,7 +66,7 @@ define Download/fixup4cd_dat
   FILE:=$(RPI_FIRMWARE_FILE)-fixup4cd.dat
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=fixup4cd.dat
-  HASH:=bd29b478e6d9c31265e61cf8d663f8bcdf096b7e60423b487bb23f44ac11e6f6
+  HASH:=399b10509877cc7cbbaae25757ff44ee9f666931dd5c0996b48d170735a668b0
 endef
 $(eval $(call Download,fixup4cd_dat))
 
@@ -74,7 +74,7 @@ define Download/fixup4x_dat
   FILE:=$(RPI_FIRMWARE_FILE)-fixup4x.dat
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=fixup4x.dat
-  HASH:=608871001d2a849016af64d3d9197ed57f90d5f23a554cde3d739ac7b4f7b560
+  HASH:=62c0ff21c06a28c24fc537bd1d23625b3452170fbb9fbd950b67a393929c2768
 endef
 $(eval $(call Download,fixup4x_dat))
 
@@ -82,7 +82,7 @@ define Download/start_elf
   FILE:=$(RPI_FIRMWARE_FILE)-start.elf
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=start.elf
-  HASH:=d15334b643b34ba1e9fe8ea72d0aff59fb9886b70eee17f05ecfe74c2bcab7de
+  HASH:=3cc30fc07a6ad99bdd14e6319ed84b6c8813e8cb08bc5fff488c33abb163f746
 endef
 $(eval $(call Download,start_elf))
 
@@ -90,7 +90,7 @@ define Download/start_cd_elf
   FILE:=$(RPI_FIRMWARE_FILE)-start_cd.elf
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=start_cd.elf
-  HASH:=62054d5b4a1ba58533aa3cb63ec83e6635adfa9093283d462f3bea7eb3d17c80
+  HASH:=a4ae5a07b036bd82136373f2ce8a9ad01e41938884568b57c53e4be4c08d0dda
 endef
 $(eval $(call Download,start_cd_elf))
 
@@ -98,7 +98,7 @@ define Download/start_x_elf
   FILE:=$(RPI_FIRMWARE_FILE)-start_x.elf
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=start_x.elf
-  HASH:=445f0cf6bdc82a9d8d4d92a4678b72436eba9c1e4155ca1c483aa15271dbc26f
+  HASH:=b566fc8bc4cd1699f40fc73aa72910915421764933f2f2a7ba517b6b14339d09
 endef
 $(eval $(call Download,start_x_elf))
 
@@ -106,7 +106,7 @@ define Download/start4_elf
   FILE:=$(RPI_FIRMWARE_FILE)-start4.elf
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=start4.elf
-  HASH:=e58a0a629a98998a225b6bf837c75256625d313130401c223f052f0a42b4f263
+  HASH:=abafb4d39c2708389e1421443fdd5e8a86e03bef6ad5282c0b5836587860cc5c
 endef
 $(eval $(call Download,start4_elf))
 
@@ -114,7 +114,7 @@ define Download/start4cd_elf
   FILE:=$(RPI_FIRMWARE_FILE)-start4cd.elf
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=start4cd.elf
-  HASH:=e90d922916dc61d547eb03fae8f182e16edadf5cf10caad1027e95582bc01a0d
+  HASH:=6df423f4fa82c58efef6db1cf20c4fcbd92465a7fe91f40548c8534c1b5ef7fd
 endef
 $(eval $(call Download,start4cd_elf))
 
@@ -122,7 +122,7 @@ define Download/start4x_elf
   FILE:=$(RPI_FIRMWARE_FILE)-start4x.elf
   URL:=$(RPI_FIRMWARE_URL)
   URL_FILE:=start4x.elf
-  HASH:=dae73ce30d491dcf780f817131e215b6a34447fcf346acf11ee9080595304ae0
+  HASH:=4060e9fedfa99ff91549c8f4324a18417db785d99054ac7fe7d1b5dd5ef232f1
 endef
 $(eval $(call Download,start4x_elf))
 

package/kernel/bcm63xx-cfe/Makefile

@@ -2,13 +2,13 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=bcm63xx-cfe
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_URL:=https://github.com/openwrt/bcm63xx-cfe.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2020-12-27
-PKG_SOURCE_VERSION:=c0b36917ea565c4ffac2e723f77c9d27d0691c33
-PKG_MIRROR_HASH:=75262534b1fbeba2299621ec3112d9d22b3e3de4cb73e8d7cac1e0b7e5eece77
+PKG_SOURCE_DATE:=2021-03-05
+PKG_SOURCE_VERSION:=d03501629fc8b1ba8f9b0961d543c256a3d0098f
+PKG_MIRROR_HASH:=b32a6f68d59c8f4534def7ec2568ad7da7a612a605b9406328309c78115ee88d
 
 PKG_FLAGS:=nonshared
 

package/kernel/gpio-nxp-74hc153/Makefile

@@ -0,0 +1,35 @@
+#
+# Copyright (C) 2020 Mauri Sandberg <sandberg@mailfence.com>
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+include $(INCLUDE_DIR)/kernel.mk
+
+PKG_NAME:=gpio-nxp-74hc153
+PKG_RELEASE:=1
+PKG_LICENSE:=GPL-2.0
+
+include $(INCLUDE_DIR)/package.mk
+
+define KernelPackage/gpio-nxp-74hc153
+  SUBMENU:=Other modules
+  TITLE:= NXP 74HC153 GPIO expander
+  FILES:=$(PKG_BUILD_DIR)/gpio-nxp-74hc153.ko
+  AUTOLOAD:=$(call AutoLoad,30,gpio-nxp-74hc153,1)
+  KCONFIG:=
+  DEPENDS:= @GPIO_SUPPORT @TARGET_ath79
+endef
+
+define KernelPackage/gpio-nxp-74hc153/description
+  Platform driver for NXP 74HC153 Dual 4-input Multiplexer.
+  This provides a GPIO interface supporting input mode only.
+endef
+
+define Build/Compile
+	$(KERNEL_MAKE) M=$(PKG_BUILD_DIR) modules
+endef
+
+$(eval $(call KernelPackage,gpio-nxp-74hc153))

package/kernel/gpio-nxp-74hc153/src/Makefile

@@ -0,0 +1 @@
+obj-m += gpio-nxp-74hc153.o

package/kernel/gpio-nxp-74hc153/src/gpio-nxp-74hc153.c

@@ -0,0 +1,291 @@
+/*
+ *  NXP 74HC153 - Dual 4-input multiplexer GPIO driver
+ *
+ *  Copyright (C) 2010 Gabor Juhos <juhosg@openwrt.org>
+ *  Copyright (C) 2020 Mauri Sandberg <sandberg@mailfence.com>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License version 2 as
+ *  published by the Free Software Foundation.
+ *
+ *  Example device tree definition:
+ *
+ *  gpio-extender {
+ *    compatible = "nxp,74hc153-gpio";
+ *    gpio-controller;
+ *    #gpio-cells = <2>;
+ *
+ *    // GPIOs used by this node
+ *    gpio-s0 = <&gpio 9 GPIO_ACTIVE_HIGH>;
+ *    gpio-s1 = <&gpio 11 GPIO_ACTIVE_HIGH>;
+ *    gpio-1y = <&gpio 12 GPIO_ACTIVE_HIGH>;
+ *    gpio-2y = <&gpio 14 GPIO_ACTIVE_HIGH>;
+ *  };
+ *
+ */
+
+#include <linux/version.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/gpio.h>
+#include <linux/slab.h>
+#include <linux/platform_device.h>
+#include <linux/of_gpio.h>
+
+#define NXP_74HC153_NUM_GPIOS   8
+#define NXP_74HC153_S0_MASK     0x1
+#define NXP_74HC153_S1_MASK     0x2
+#define NXP_74HC153_BANK_MASK   0x4
+
+#define NXP_74HC153_DRIVER_NAME "nxp-74hc153"
+
+struct nxp_74hc153_config {
+	unsigned gpio_pin_s0;
+	unsigned gpio_pin_s1;
+	unsigned gpio_pin_1y;
+	unsigned gpio_pin_2y;
+};
+
+struct nxp_74hc153_chip {
+	struct device             *parent;
+	struct gpio_chip          gpio_chip;
+	struct mutex              lock;
+	struct nxp_74hc153_config config;
+};
+
+static struct nxp_74hc153_chip *gpio_to_nxp(struct gpio_chip *gc)
+{
+	return container_of(gc, struct nxp_74hc153_chip, gpio_chip);
+}
+
+static int nxp_74hc153_direction_input(struct gpio_chip *gc, unsigned offset)
+{
+	return 0;
+}
+
+static int nxp_74hc153_direction_output(struct gpio_chip *gc,
+					unsigned offset, int val)
+{
+	return -EINVAL;
+}
+
+static int nxp_74hc153_get_value(struct gpio_chip *gc, unsigned offset)
+{
+	struct nxp_74hc153_chip *nxp;
+	struct nxp_74hc153_platform_data *pdata;
+	unsigned s0;
+	unsigned s1;
+	unsigned pin;
+	int ret;
+
+	nxp = gpio_to_nxp(gc);
+	pdata = nxp->parent->platform_data;
+
+	s0 = !!(offset & NXP_74HC153_S0_MASK);
+	s1 = !!(offset & NXP_74HC153_S1_MASK);
+	pin = (offset & NXP_74HC153_BANK_MASK) ? nxp->config.gpio_pin_2y
+	                                       : nxp->config.gpio_pin_1y;
+
+	mutex_lock(&nxp->lock);
+	gpio_set_value(nxp->config.gpio_pin_s0, s0);
+	gpio_set_value(nxp->config.gpio_pin_s1, s1);
+	ret = gpio_get_value(pin);
+	mutex_unlock(&nxp->lock);
+
+	return ret;
+}
+
+static void nxp_74hc153_set_value(struct gpio_chip *gc,
+	unsigned offset, int val)
+{
+	/* not supported */
+}
+
+static int nxp_74hc153_probe(struct platform_device *pdev)
+{
+	struct device_node *np = pdev->dev.of_node;
+	struct nxp_74hc153_chip *nxp;
+	struct gpio_chip *gc;
+	int err;
+	unsigned gpio_s0;
+	unsigned gpio_s1;
+	unsigned gpio_1y;
+        unsigned gpio_2y;
+
+	nxp = kzalloc(sizeof(struct nxp_74hc153_chip), GFP_KERNEL);
+	if (nxp == NULL) {
+		dev_err(&pdev->dev, "no memory for private data\n");
+		return -ENOMEM;
+	}
+
+	gpio_s0 = of_get_named_gpio(np, "gpio-s0", 0);
+	gpio_s1 = of_get_named_gpio(np, "gpio-s1", 0);
+	gpio_1y = of_get_named_gpio(np, "gpio-1y", 0);
+	gpio_2y = of_get_named_gpio(np, "gpio-2y", 0);
+
+	if (!gpio_is_valid(gpio_s0) || !gpio_is_valid(gpio_s1) ||
+  	    !gpio_is_valid(gpio_1y) || !gpio_is_valid(gpio_2y)) {
+
+		dev_err(&pdev->dev, "control GPIO(s) are missing\n");
+		err = -EINVAL;
+		goto err_free_nxp;
+	} else {
+		nxp->config.gpio_pin_s0 = gpio_s0;
+		nxp->config.gpio_pin_s1 = gpio_s1;
+		nxp->config.gpio_pin_1y = gpio_1y;
+		nxp->config.gpio_pin_2y = gpio_2y;
+	}
+
+	// apply pin configuration
+	err = gpio_request(nxp->config.gpio_pin_s0, dev_name(&pdev->dev));
+	if (err) {
+		dev_err(&pdev->dev, "unable to claim gpio %u, err=%d\n",
+			nxp->config.gpio_pin_s0, err);
+		goto err_free_nxp;
+	}
+
+	err = gpio_request(nxp->config.gpio_pin_s1, dev_name(&pdev->dev));
+	if (err) {
+		dev_err(&pdev->dev, "unable to claim gpio %u, err=%d\n",
+			nxp->config.gpio_pin_s1, err);
+		goto err_free_s0;
+	}
+
+	err = gpio_request(nxp->config.gpio_pin_1y, dev_name(&pdev->dev));
+	if (err) {
+		dev_err(&pdev->dev, "unable to claim gpio %u, err=%d\n",
+			nxp->config.gpio_pin_1y, err);
+		goto err_free_s1;
+	}
+
+	err = gpio_request(nxp->config.gpio_pin_2y, dev_name(&pdev->dev));
+	if (err) {
+		dev_err(&pdev->dev, "unable to claim gpio %u, err=%d\n",
+			nxp->config.gpio_pin_2y, err);
+		goto err_free_1y;
+	}
+
+	err = gpio_direction_output(nxp->config.gpio_pin_s0, 0);
+	if (err) {
+		dev_err(&pdev->dev,
+			"unable to set direction of gpio %u, err=%d\n",
+			nxp->config.gpio_pin_s0, err);
+		goto err_free_2y;
+	}
+
+	err = gpio_direction_output(nxp->config.gpio_pin_s1, 0);
+	if (err) {
+		dev_err(&pdev->dev,
+			"unable to set direction of gpio %u, err=%d\n",
+			nxp->config.gpio_pin_s1, err);
+		goto err_free_2y;
+	}
+
+	err = gpio_direction_input(nxp->config.gpio_pin_1y);
+	if (err) {
+		dev_err(&pdev->dev,
+			"unable to set direction of gpio %u, err=%d\n",
+			nxp->config.gpio_pin_1y, err);
+		goto err_free_2y;
+	}
+
+	err = gpio_direction_input(nxp->config.gpio_pin_2y);
+	if (err) {
+		dev_err(&pdev->dev,
+			"unable to set direction of gpio %u, err=%d\n",
+			nxp->config.gpio_pin_2y, err);
+		goto err_free_2y;
+	}
+
+	nxp->parent = &pdev->dev;
+	mutex_init(&nxp->lock);
+
+	gc = &nxp->gpio_chip;
+
+	gc->direction_input  = nxp_74hc153_direction_input;
+	gc->direction_output = nxp_74hc153_direction_output;
+	gc->get = nxp_74hc153_get_value;
+	gc->set = nxp_74hc153_set_value;
+	gc->can_sleep = 1;
+
+	gc->base = -1;
+	gc->ngpio = NXP_74HC153_NUM_GPIOS;
+	gc->label = dev_name(nxp->parent);
+	gc->parent = nxp->parent;
+	gc->owner = THIS_MODULE;
+	gc->of_node = np;
+
+	err = gpiochip_add(&nxp->gpio_chip);
+	if (err) {
+		dev_err(&pdev->dev, "unable to add gpio chip, err=%d\n", err);
+		goto err_free_2y;
+	}
+
+	platform_set_drvdata(pdev, nxp);
+	return 0;
+
+err_free_2y:
+	gpio_free(nxp->config.gpio_pin_2y);
+err_free_1y:
+	gpio_free(nxp->config.gpio_pin_1y);
+err_free_s1:
+	gpio_free(nxp->config.gpio_pin_s1);
+err_free_s0:
+	gpio_free(nxp->config.gpio_pin_s0);
+err_free_nxp:
+	kfree(nxp);
+	return err;
+}
+
+static int nxp_74hc153_remove(struct platform_device *pdev)
+{
+	struct nxp_74hc153_chip *nxp = platform_get_drvdata(pdev);
+
+	if (nxp) {
+		gpiochip_remove(&nxp->gpio_chip);
+		gpio_free(nxp->config.gpio_pin_2y);
+		gpio_free(nxp->config.gpio_pin_1y);
+		gpio_free(nxp->config.gpio_pin_s1);
+		gpio_free(nxp->config.gpio_pin_s0);
+
+		kfree(nxp);
+		platform_set_drvdata(pdev, NULL);
+	}
+
+	return 0;
+}
+
+static struct of_device_id nxp_74hc153_id[] = {
+	{
+		.compatible = "nxp,74hc153-gpio",
+		.data = NULL,
+	}, { /* sentinel */ }
+};
+MODULE_DEVICE_TABLE(of, nxp_74hc153_id);
+
+static struct platform_driver nxp_74hc153_driver = {
+	.probe          = nxp_74hc153_probe,
+	.remove         = nxp_74hc153_remove,
+	.driver = {
+		.name   = NXP_74HC153_DRIVER_NAME,
+		.owner  = THIS_MODULE,
+		.of_match_table = nxp_74hc153_id,
+	},
+};
+
+static int __init nxp_74hc153_init(void)
+{
+	return platform_driver_register(&nxp_74hc153_driver);
+}
+subsys_initcall(nxp_74hc153_init);
+
+static void __exit nxp_74hc153_exit(void)
+{
+	platform_driver_unregister(&nxp_74hc153_driver);
+}
+module_exit(nxp_74hc153_exit);
+
+MODULE_AUTHOR("Gabor Juhos <juhosg@openwrt.org>");
+MODULE_DESCRIPTION("GPIO expander driver for NXP 74HC153");
+MODULE_LICENSE("GPL v2");
+MODULE_ALIAS("platform:" NXP_74HC153_DRIVER_NAME);

package/kernel/linux/modules/can.mk

@@ -28,7 +28,7 @@ define KernelPackage/can
 	CONFIG_CAN_SOFTING=n \
 	CONFIG_NET_EMATCH_CANID=n \
 	CONFIG_CAN_DEBUG_DEVICES=n
-  FILES:=$(LINUX_DIR)/drivers/net/can/can-dev.ko \
+  FILES:=$(LINUX_DIR)/drivers/net/can/dev/can-dev.ko \
 	 $(LINUX_DIR)/net/can/can.ko
   AUTOLOAD:=$(call AutoProbe,can can-dev)
 endef

package/kernel/linux/modules/crypto.mk

@@ -11,6 +11,8 @@ CRYPTO_MODULES = \
 	ALGAPI2=crypto_algapi \
 	BLKCIPHER2=crypto_blkcipher
 
+CRYPTO_TARGET = $(BOARD)/$(if $(SUBTARGET),$(SUBTARGET),generic)
+
 crypto_confvar=CONFIG_CRYPTO_$(word 1,$(subst =,$(space),$(1)))
 crypto_file=$(LINUX_DIR)/crypto/$(word 2,$(subst =,$(space),$(1))).ko
 crypto_name=$(if $(findstring y,$($(call crypto_confvar,$(1)))),,$(word 2,$(subst =,$(space),$(1))))
@@ -311,7 +313,15 @@ $(eval $(call KernelPackage,crypto-hmac))
 
 define KernelPackage/crypto-hw-ccp
   TITLE:=AMD Cryptographic Coprocessor
-  DEPENDS:=+kmod-crypto-authenc +kmod-crypto-hash +kmod-crypto-manager +kmod-random-core +kmod-crypto-sha1 +kmod-crypto-sha256 +kmod-crypto-rsa
+  DEPENDS:= \
+	@TARGET_x86 \
+	+kmod-crypto-authenc \
+	+kmod-crypto-hash \
+	+kmod-crypto-manager \
+	+kmod-crypto-rsa \
+	+kmod-crypto-sha1 \
+	+kmod-crypto-sha256 \
+	+kmod-random-core
   KCONFIG:= \
 	CONFIG_CRYPTO_HW=y \
 	CONFIG_CRYPTO_DEV_CCP=y \
@@ -422,7 +432,6 @@ $(eval $(call KernelPackage,crypto-hw-talitos))
 define KernelPackage/crypto-kpp
   TITLE:=Key-agreement Protocol Primitives
   KCONFIG:=CONFIG_CRYPTO_KPP
-  HIDDEN:=1
   FILES:=$(LINUX_DIR)/crypto/kpp.ko
   AUTOLOAD:=$(call AutoLoad,09,kpp)
   $(call AddDepends/crypto)
@@ -431,6 +440,158 @@ endef
 $(eval $(call KernelPackage,crypto-kpp))
 
 
+define KernelPackage/crypto-lib-blake2s
+  TITLE:=BLAKE2s hash function library
+  KCONFIG:=CONFIG_CRYPTO_LIB_BLAKE2S
+  HIDDEN:=1
+  FILES:= \
+	$(LINUX_DIR)/lib/crypto/libblake2s.ko \
+	$(LINUX_DIR)/lib/crypto/libblake2s-generic.ko
+  $(call AddDepends/crypto,+PACKAGE_kmod-crypto-hash:kmod-crypto-hash)
+endef
+
+define KernelPackage/crypto-lib-blake2s/config
+  imply PACKAGE_kmod-crypto-hash
+endef
+
+define KernelPackage/crypto-lib-blake2s/x86/64
+  KCONFIG+=CONFIG_CRYPTO_BLAKE2S_X86
+  FILES+=$(LINUX_DIR)/arch/x86/crypto/blake2s-x86_64.ko
+endef
+
+$(eval $(call KernelPackage,crypto-lib-blake2s))
+
+
+define KernelPackage/crypto-lib-chacha20
+  TITLE:=ChaCha library interface
+  KCONFIG:=CONFIG_CRYPTO_LIB_CHACHA
+  HIDDEN:=1
+  FILES:=$(LINUX_DIR)/lib/crypto/libchacha.ko
+  $(call AddDepends/crypto)
+endef
+
+define KernelPackage/crypto-lib-chacha20/x86_64
+  KCONFIG+=CONFIG_CRYPTO_CHACHA20_X86_64
+  FILES+=$(LINUX_DIR)/arch/x86/crypto/chacha-x86_64.ko
+endef
+
+# Note that a non-neon fallback implementation is available on arm32 when
+# NEON is not supported, hence all arm targets can utilize lib-chacha20/arm
+define KernelPackage/crypto-lib-chacha20/arm
+  KCONFIG+=CONFIG_CRYPTO_CHACHA20_NEON
+  FILES:=$(LINUX_DIR)/arch/arm/crypto/chacha-neon.ko
+endef
+
+define KernelPackage/crypto-lib-chacha20/aarch64
+  KCONFIG+=CONFIG_CRYPTO_CHACHA20_NEON
+  FILES+=$(LINUX_DIR)/arch/arm64/crypto/chacha-neon.ko
+endef
+
+define KernelPackage/crypto-lib-chacha20/mips32r2
+  KCONFIG+=CONFIG_CRYPTO_CHACHA_MIPS
+  FILES:=$(LINUX_DIR)/arch/mips/crypto/chacha-mips.ko
+endef
+
+ifeq ($(CONFIG_CPU_MIPS32_R2),y)
+  KernelPackage/crypto-lib-chacha20/$(ARCH)=\
+	  $(KernelPackage/crypto-lib-chacha20/mips32r2)
+endif
+
+ifdef KernelPackage/crypto-lib-chacha20/$(ARCH)
+  KernelPackage/crypto-lib-chacha20/$(CRYPTO_TARGET)=\
+	  $(KernelPackage/crypto-lib-chacha20/$(ARCH))
+endif
+
+$(eval $(call KernelPackage,crypto-lib-chacha20))
+
+
+define KernelPackage/crypto-lib-chacha20poly1305
+  TITLE:=ChaCha20-Poly1305 AEAD support (8-byte nonce library version)
+  KCONFIG:=CONFIG_CRYPTO_LIB_CHACHA20POLY1305
+  HIDDEN:=1
+  FILES:=$(LINUX_DIR)/lib/crypto/libchacha20poly1305.ko
+  $(call AddDepends/crypto, +kmod-crypto-lib-chacha20 +kmod-crypto-lib-poly1305)
+endef
+
+$(eval $(call KernelPackage,crypto-lib-chacha20poly1305))
+
+
+define KernelPackage/crypto-lib-curve25519
+  TITLE:=Curve25519 scalar multiplication library
+  KCONFIG:=CONFIG_CRYPTO_LIB_CURVE25519
+  HIDDEN:=1
+  FILES:= \
+	$(LINUX_DIR)/lib/crypto/libcurve25519.ko \
+	$(LINUX_DIR)/lib/crypto/libcurve25519-generic.ko
+  $(call AddDepends/crypto,+PACKAGE_kmod-crypto-kpp:kmod-crypto-kpp)
+endef
+
+define KernelPackage/crypto-lib-curve25519/config
+  imply PACKAGE_kmod-crypto-kpp
+endef
+
+define KernelPackage/crypto-lib-curve25519/x86/64
+  KCONFIG+=CONFIG_CRYPTO_CURVE25519_X86
+  FILES+=$(LINUX_DIR)/arch/x86/crypto/curve25519-x86_64.ko
+endef
+
+define KernelPackage/crypto-lib-curve25519/arm-neon
+  KCONFIG+=CONFIG_CRYPTO_CURVE25519_NEON
+  FILES+=$(LINUX_DIR)/arch/arm/crypto/curve25519-neon.ko
+endef
+
+ifeq ($(ARCH)-$(CONFIG_KERNEL_MODE_NEON),arm-y)
+  KernelPackage/crypto-lib-curve25519/$(CRYPTO_TARGET)=\
+	  $(KernelPackage/crypto-lib-curve25519/arm-neon)
+endif
+
+$(eval $(call KernelPackage,crypto-lib-curve25519))
+
+
+define KernelPackage/crypto-lib-poly1305
+  TITLE:=Poly1305 library interface
+  KCONFIG:=CONFIG_CRYPTO_LIB_POLY1305
+  HIDDEN:=1
+  FILES:=$(LINUX_DIR)/lib/crypto/libpoly1305.ko
+  $(call AddDepends/crypto,+PACKAGE_kmod-crypto-hash:kmod-crypto-hash)
+endef
+
+define KernelPackage/crypto-lib-poly1305/config
+  imply PACKAGE_kmod-crypto-hash
+endef
+
+define KernelPackage/crypto-lib-poly1305/x86_64
+  KCONFIG+=CONFIG_CRYPTO_POLY1305_X86_64
+  FILES+=$(LINUX_DIR)/arch/x86/crypto/poly1305-x86_64.ko
+endef
+
+define KernelPackage/crypto-lib-poly1305/arm
+  KCONFIG+=CONFIG_CRYPTO_POLY1305_ARM
+  FILES:=$(LINUX_DIR)/arch/arm/crypto/poly1305-arm.ko
+endef
+
+define KernelPackage/crypto-lib-poly1305/aarch64
+  KCONFIG+=CONFIG_CRYPTO_POLY1305_NEON
+  FILES:=$(LINUX_DIR)/arch/arm64/crypto/poly1305-neon.ko
+endef
+
+define KernelPackage/crypto-lib-poly1305/mips
+  KCONFIG+=CONFIG_CRYPTO_POLY1305_MIPS
+  FILES:=$(LINUX_DIR)/arch/mips/crypto/poly1305-mips.ko
+endef
+
+KernelPackage/crypto-lib-poly1305/mipsel=$(KernelPackage/crypto-lib-poly1305/mips)
+KernelPackage/crypto-lib-poly1305/mips64=$(KernelPackage/crypto-lib-poly1305/mips)
+KernelPackage/crypto-lib-poly1305/mips64el=$(KernelPackage/crypto-lib-poly1305/mips)
+
+ifdef KernelPackage/crypto-lib-poly1305/$(ARCH)
+  KernelPackage/crypto-lib-poly1305/$(CRYPTO_TARGET)=\
+	  $(KernelPackage/crypto-lib-poly1305/$(ARCH))
+endif
+
+$(eval $(call KernelPackage,crypto-lib-poly1305))
+
+
 define KernelPackage/crypto-manager
   TITLE:=CryptoAPI algorithm manager
   DEPENDS:=+kmod-crypto-aead +kmod-crypto-hash +kmod-crypto-pcompress

package/kernel/linux/modules/netsupport.mk

@@ -916,6 +916,13 @@ define KernelPackage/sched/description
  Extra kernel schedulers modules for IP traffic
 endef
 
+SCHED_TEQL_HOTPLUG:=hotplug-sched-teql.sh
+
+define KernelPackage/sched/install
+	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
+	$(INSTALL_DATA) ./files/$(SCHED_TEQL_HOTPLUG) $(1)/etc/hotplug.d/iface/15-teql
+endef
+
 $(eval $(call KernelPackage,sched))
 
 
@@ -1250,3 +1257,31 @@ define KernelPackage/netlink-diag/description
 endef
 
 $(eval $(call KernelPackage,netlink-diag))
+
+
+define KernelPackage/wireguard
+  SUBMENU:=$(NETWORK_SUPPORT_MENU)
+  TITLE:=WireGuard secure network tunnel
+  DEPENDS:= \
+	  +kmod-crypto-lib-blake2s \
+	  +kmod-crypto-lib-chacha20poly1305 \
+	  +kmod-crypto-lib-curve25519 \
+	  +kmod-udptunnel4 \
+	  +IPV6:kmod-udptunnel6
+  KCONFIG:= \
+	  CONFIG_WIREGUARD \
+	  CONFIG_WIREGUARD_DEBUG=n
+  FILES:=$(LINUX_DIR)/drivers/net/wireguard/wireguard.ko
+  AUTOLOAD:=$(call AutoProbe,wireguard)
+endef
+
+define KernelPackage/wireguard/description
+  WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
+  state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
+  more useful than IPSec, while avoiding the massive headache. It intends to
+  be considerably more performant than OpenVPN.  WireGuard is designed as a
+  general purpose VPN for running on embedded interfaces and super computers
+  alike, fit for many different circumstances. It uses UDP.
+endef
+
+$(eval $(call KernelPackage,wireguard))

package/kernel/mac80211/patches/subsys/300-cfg80211-support-immediate-reconnect-request-hint.patch

@@ -0,0 +1,301 @@
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Sun, 6 Dec 2020 14:54:42 +0200
+Subject: [PATCH] cfg80211: support immediate reconnect request hint
+
+There are cases where it's necessary to disconnect, but an
+immediate reconnection is desired. Support a hint to userspace
+that this is the case, by including a new attribute in the
+deauth or disassoc event.
+
+Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
+Link: https://lore.kernel.org/r/iwlwifi.20201206145305.58d33941fb9d.I0e7168c205c7949529c8e3b86f3c9b12c01a7017@changeid
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/include/net/cfg80211.h
++++ b/include/net/cfg80211.h
+@@ -6410,13 +6410,15 @@ void cfg80211_abandon_assoc(struct net_d
+  * @dev: network device
+  * @buf: 802.11 frame (header + body)
+  * @len: length of the frame data
++ * @reconnect: immediate reconnect is desired (include the nl80211 attribute)
+  *
+  * This function is called whenever deauthentication has been processed in
+  * station mode. This includes both received deauthentication frames and
+  * locally generated ones. This function may sleep. The caller must hold the
+  * corresponding wdev's mutex.
+  */
+-void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len);
++void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len,
++			   bool reconnect);
+ 
+ /**
+  * cfg80211_rx_unprot_mlme_mgmt - notification of unprotected mlme mgmt frame
+--- a/include/uapi/linux/nl80211.h
++++ b/include/uapi/linux/nl80211.h
+@@ -2527,6 +2527,10 @@ enum nl80211_commands {
+  *	override mask. Used with NL80211_ATTR_S1G_CAPABILITY in
+  *	NL80211_CMD_ASSOCIATE or NL80211_CMD_CONNECT.
+  *
++ * @NL80211_ATTR_RECONNECT_REQUESTED: flag attribute, used with deauth and
++ *	disassoc events to indicate that an immediate reconnect to the AP
++ *	is desired.
++ *
+  * @NUM_NL80211_ATTR: total number of nl80211_attrs available
+  * @NL80211_ATTR_MAX: highest attribute number currently defined
+  * @__NL80211_ATTR_AFTER_LAST: internal use
+@@ -3016,6 +3020,8 @@ enum nl80211_attrs {
+ 	NL80211_ATTR_S1G_CAPABILITY,
+ 	NL80211_ATTR_S1G_CAPABILITY_MASK,
+ 
++	NL80211_ATTR_RECONNECT_REQUESTED,
++
+ 	/* add attributes here, update the policy in nl80211.c */
+ 
+ 	__NL80211_ATTR_AFTER_LAST,
+--- a/net/mac80211/mlme.c
++++ b/net/mac80211/mlme.c
+@@ -2729,7 +2729,7 @@ static void ieee80211_report_disconnect(
+ 	};
+ 
+ 	if (tx)
+-		cfg80211_tx_mlme_mgmt(sdata->dev, buf, len);
++		cfg80211_tx_mlme_mgmt(sdata->dev, buf, len, false);
+ 	else
+ 		cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
+ 
+@@ -4716,7 +4716,8 @@ void ieee80211_mgd_quiesce(struct ieee80
+ 		if (ifmgd->auth_data)
+ 			ieee80211_destroy_auth_data(sdata, false);
+ 		cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
+-				      IEEE80211_DEAUTH_FRAME_LEN);
++				      IEEE80211_DEAUTH_FRAME_LEN,
++				      false);
+ 	}
+ 
+ 	/* This is a bit of a hack - we should find a better and more generic
+--- a/net/wireless/mlme.c
++++ b/net/wireless/mlme.c
+@@ -4,7 +4,7 @@
+  *
+  * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
+  * Copyright (c) 2015		Intel Deutschland GmbH
+- * Copyright (C) 2019 Intel Corporation
++ * Copyright (C) 2019-2020 Intel Corporation
+  */
+ 
+ #include <linux/kernel.h>
+@@ -81,7 +81,8 @@ static void cfg80211_process_auth(struct
+ }
+ 
+ static void cfg80211_process_deauth(struct wireless_dev *wdev,
+-				    const u8 *buf, size_t len)
++				    const u8 *buf, size_t len,
++				    bool reconnect)
+ {
+ 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
+ 	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
+@@ -89,7 +90,7 @@ static void cfg80211_process_deauth(stru
+ 	u16 reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
+ 	bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
+ 
+-	nl80211_send_deauth(rdev, wdev->netdev, buf, len, GFP_KERNEL);
++	nl80211_send_deauth(rdev, wdev->netdev, buf, len, reconnect, GFP_KERNEL);
+ 
+ 	if (!wdev->current_bss ||
+ 	    !ether_addr_equal(wdev->current_bss->pub.bssid, bssid))
+@@ -100,7 +101,8 @@ static void cfg80211_process_deauth(stru
+ }
+ 
+ static void cfg80211_process_disassoc(struct wireless_dev *wdev,
+-				      const u8 *buf, size_t len)
++				      const u8 *buf, size_t len,
++				      bool reconnect)
+ {
+ 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
+ 	struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
+@@ -108,7 +110,8 @@ static void cfg80211_process_disassoc(st
+ 	u16 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
+ 	bool from_ap = !ether_addr_equal(mgmt->sa, wdev->netdev->dev_addr);
+ 
+-	nl80211_send_disassoc(rdev, wdev->netdev, buf, len, GFP_KERNEL);
++	nl80211_send_disassoc(rdev, wdev->netdev, buf, len, reconnect,
++			      GFP_KERNEL);
+ 
+ 	if (WARN_ON(!wdev->current_bss ||
+ 		    !ether_addr_equal(wdev->current_bss->pub.bssid, bssid)))
+@@ -133,9 +136,9 @@ void cfg80211_rx_mlme_mgmt(struct net_de
+ 	if (ieee80211_is_auth(mgmt->frame_control))
+ 		cfg80211_process_auth(wdev, buf, len);
+ 	else if (ieee80211_is_deauth(mgmt->frame_control))
+-		cfg80211_process_deauth(wdev, buf, len);
++		cfg80211_process_deauth(wdev, buf, len, false);
+ 	else if (ieee80211_is_disassoc(mgmt->frame_control))
+-		cfg80211_process_disassoc(wdev, buf, len);
++		cfg80211_process_disassoc(wdev, buf, len, false);
+ }
+ EXPORT_SYMBOL(cfg80211_rx_mlme_mgmt);
+ 
+@@ -180,22 +183,23 @@ void cfg80211_abandon_assoc(struct net_d
+ }
+ EXPORT_SYMBOL(cfg80211_abandon_assoc);
+ 
+-void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len)
++void cfg80211_tx_mlme_mgmt(struct net_device *dev, const u8 *buf, size_t len,
++			   bool reconnect)
+ {
+ 	struct wireless_dev *wdev = dev->ieee80211_ptr;
+ 	struct ieee80211_mgmt *mgmt = (void *)buf;
+ 
+ 	ASSERT_WDEV_LOCK(wdev);
+ 
+-	trace_cfg80211_tx_mlme_mgmt(dev, buf, len);
++	trace_cfg80211_tx_mlme_mgmt(dev, buf, len, reconnect);
+ 
+ 	if (WARN_ON(len < 2))
+ 		return;
+ 
+ 	if (ieee80211_is_deauth(mgmt->frame_control))
+-		cfg80211_process_deauth(wdev, buf, len);
++		cfg80211_process_deauth(wdev, buf, len, reconnect);
+ 	else
+-		cfg80211_process_disassoc(wdev, buf, len);
++		cfg80211_process_disassoc(wdev, buf, len, reconnect);
+ }
+ EXPORT_SYMBOL(cfg80211_tx_mlme_mgmt);
+ 
+--- a/net/wireless/nl80211.c
++++ b/net/wireless/nl80211.c
+@@ -732,6 +732,7 @@ static const struct nla_policy nl80211_p
+ 		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
+ 	[NL80211_ATTR_S1G_CAPABILITY_MASK] =
+ 		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
++	[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
+ };
+ 
+ /* policy for the key attributes */
+@@ -15899,7 +15900,7 @@ static void nl80211_send_mlme_event(stru
+ 				    const u8 *buf, size_t len,
+ 				    enum nl80211_commands cmd, gfp_t gfp,
+ 				    int uapsd_queues, const u8 *req_ies,
+-				    size_t req_ies_len)
++				    size_t req_ies_len, bool reconnect)
+ {
+ 	struct sk_buff *msg;
+ 	void *hdr;
+@@ -15921,6 +15922,9 @@ static void nl80211_send_mlme_event(stru
+ 	     nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
+ 		goto nla_put_failure;
+ 
++	if (reconnect && nla_put_flag(msg, NL80211_ATTR_RECONNECT_REQUESTED))
++		goto nla_put_failure;
++
+ 	if (uapsd_queues >= 0) {
+ 		struct nlattr *nla_wmm =
+ 			nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
+@@ -15949,7 +15953,8 @@ void nl80211_send_rx_auth(struct cfg8021
+ 			  size_t len, gfp_t gfp)
+ {
+ 	nl80211_send_mlme_event(rdev, netdev, buf, len,
+-				NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0);
++				NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0,
++				false);
+ }
+ 
+ void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
+@@ -15959,23 +15964,25 @@ void nl80211_send_rx_assoc(struct cfg802
+ {
+ 	nl80211_send_mlme_event(rdev, netdev, buf, len,
+ 				NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
+-				req_ies, req_ies_len);
++				req_ies, req_ies_len, false);
+ }
+ 
+ void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
+ 			 struct net_device *netdev, const u8 *buf,
+-			 size_t len, gfp_t gfp)
++			 size_t len, bool reconnect, gfp_t gfp)
+ {
+ 	nl80211_send_mlme_event(rdev, netdev, buf, len,
+-				NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0);
++				NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0,
++				reconnect);
+ }
+ 
+ void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
+ 			   struct net_device *netdev, const u8 *buf,
+-			   size_t len, gfp_t gfp)
++			   size_t len, bool reconnect, gfp_t gfp)
+ {
+ 	nl80211_send_mlme_event(rdev, netdev, buf, len,
+-				NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0);
++				NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0,
++				reconnect);
+ }
+ 
+ void cfg80211_rx_unprot_mlme_mgmt(struct net_device *dev, const u8 *buf,
+@@ -16006,7 +16013,7 @@ void cfg80211_rx_unprot_mlme_mgmt(struct
+ 
+ 	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
+ 	nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
+-				NULL, 0);
++				NULL, 0, false);
+ }
+ EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
+ 
+--- a/net/wireless/nl80211.h
++++ b/net/wireless/nl80211.h
+@@ -1,7 +1,7 @@
+ /* SPDX-License-Identifier: GPL-2.0 */
+ /*
+  * Portions of this file
+- * Copyright (C) 2018 Intel Corporation
++ * Copyright (C) 2018, 2020 Intel Corporation
+  */
+ #ifndef __NET_WIRELESS_NL80211_H
+ #define __NET_WIRELESS_NL80211_H
+@@ -69,10 +69,12 @@ void nl80211_send_rx_assoc(struct cfg802
+ 			   const u8 *req_ies, size_t req_ies_len);
+ void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
+ 			 struct net_device *netdev,
+-			 const u8 *buf, size_t len, gfp_t gfp);
++			 const u8 *buf, size_t len,
++			 bool reconnect, gfp_t gfp);
+ void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
+ 			   struct net_device *netdev,
+-			   const u8 *buf, size_t len, gfp_t gfp);
++			   const u8 *buf, size_t len,
++			   bool reconnect, gfp_t gfp);
+ void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
+ 			       struct net_device *netdev,
+ 			       const u8 *addr, gfp_t gfp);
+--- a/net/wireless/trace.h
++++ b/net/wireless/trace.h
+@@ -2684,19 +2684,23 @@ DEFINE_EVENT(netdev_frame_event, cfg8021
+ );
+ 
+ TRACE_EVENT(cfg80211_tx_mlme_mgmt,
+-	TP_PROTO(struct net_device *netdev, const u8 *buf, int len),
+-	TP_ARGS(netdev, buf, len),
++	TP_PROTO(struct net_device *netdev, const u8 *buf, int len,
++		 bool reconnect),
++	TP_ARGS(netdev, buf, len, reconnect),
+ 	TP_STRUCT__entry(
+ 		NETDEV_ENTRY
+ 		__dynamic_array(u8, frame, len)
++		__field(int, reconnect)
+ 	),
+ 	TP_fast_assign(
+ 		NETDEV_ASSIGN;
+ 		memcpy(__get_dynamic_array(frame), buf, len);
++		__entry->reconnect = reconnect;
+ 	),
+-	TP_printk(NETDEV_PR_FMT ", ftype:0x%.2x",
++	TP_printk(NETDEV_PR_FMT ", ftype:0x%.2x reconnect:%d",
+ 		  NETDEV_PR_ARG,
+-		  le16_to_cpup((__le16 *)__get_dynamic_array(frame)))
++		  le16_to_cpup((__le16 *)__get_dynamic_array(frame)),
++		  __entry->reconnect)
+ );
+ 
+ DECLARE_EVENT_CLASS(netdev_mac_evt,

package/kernel/mac80211/patches/subsys/301-mac80211-support-driver-based-disconnect-with-reconn.patch

@@ -0,0 +1,271 @@
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Sun, 6 Dec 2020 14:54:43 +0200
+Subject: [PATCH] mac80211: support driver-based disconnect with reconnect hint
+
+Support the driver indicating that a disconnection needs
+to be performed, and pass through the reconnect hint in
+this case.
+
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
+Link: https://lore.kernel.org/r/iwlwifi.20201206145305.5c8dab7a22a0.I58459fdf6968b16c90cab9c574f0f04ca22b0c79@changeid
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/include/net/mac80211.h
++++ b/include/net/mac80211.h
+@@ -5885,6 +5885,17 @@ void ieee80211_beacon_loss(struct ieee80
+ void ieee80211_connection_loss(struct ieee80211_vif *vif);
+ 
+ /**
++ * ieee80211_disconnect - request disconnection
++ *
++ * @vif: &struct ieee80211_vif pointer from the add_interface callback.
++ * @reconnect: immediate reconnect is desired
++ *
++ * Request disconnection from the current network and, if enabled, send a
++ * hint to the higher layers that immediate reconnect is desired.
++ */
++void ieee80211_disconnect(struct ieee80211_vif *vif, bool reconnect);
++
++/**
+  * ieee80211_resume_disconnect - disconnect from AP after resume
+  *
+  * @vif: &struct ieee80211_vif pointer from the add_interface callback.
+--- a/net/mac80211/ieee80211_i.h
++++ b/net/mac80211/ieee80211_i.h
+@@ -461,7 +461,9 @@ struct ieee80211_if_managed {
+ 	unsigned long probe_timeout;
+ 	int probe_send_count;
+ 	bool nullfunc_failed;
+-	bool connection_loss;
++	u8 connection_loss:1,
++	   driver_disconnect:1,
++	   reconnect:1;
+ 
+ 	struct cfg80211_bss *associated;
+ 	struct ieee80211_mgd_auth_data *auth_data;
+--- a/net/mac80211/mlme.c
++++ b/net/mac80211/mlme.c
+@@ -2720,7 +2720,7 @@ EXPORT_SYMBOL(ieee80211_ap_probereq_get)
+ 
+ static void ieee80211_report_disconnect(struct ieee80211_sub_if_data *sdata,
+ 					const u8 *buf, size_t len, bool tx,
+-					u16 reason)
++					u16 reason, bool reconnect)
+ {
+ 	struct ieee80211_event event = {
+ 		.type = MLME_EVENT,
+@@ -2729,7 +2729,7 @@ static void ieee80211_report_disconnect(
+ 	};
+ 
+ 	if (tx)
+-		cfg80211_tx_mlme_mgmt(sdata->dev, buf, len, false);
++		cfg80211_tx_mlme_mgmt(sdata->dev, buf, len, reconnect);
+ 	else
+ 		cfg80211_rx_mlme_mgmt(sdata->dev, buf, len);
+ 
+@@ -2751,13 +2751,18 @@ static void __ieee80211_disconnect(struc
+ 
+ 	tx = !sdata->csa_block_tx;
+ 
+-	/* AP is probably out of range (or not reachable for another reason) so
+-	 * remove the bss struct for that AP.
+-	 */
+-	cfg80211_unlink_bss(local->hw.wiphy, ifmgd->associated);
++	if (!ifmgd->driver_disconnect) {
++		/*
++		 * AP is probably out of range (or not reachable for another
++		 * reason) so remove the bss struct for that AP.
++		 */
++		cfg80211_unlink_bss(local->hw.wiphy, ifmgd->associated);
++	}
+ 
+ 	ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
+-			       WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
++			       ifmgd->driver_disconnect ?
++					WLAN_REASON_DEAUTH_LEAVING :
++					WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
+ 			       tx, frame_buf);
+ 	mutex_lock(&local->mtx);
+ 	sdata->vif.csa_active = false;
+@@ -2770,7 +2775,9 @@ static void __ieee80211_disconnect(struc
+ 	mutex_unlock(&local->mtx);
+ 
+ 	ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), tx,
+-				    WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY);
++				    WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
++				    ifmgd->reconnect);
++	ifmgd->reconnect = false;
+ 
+ 	sdata_unlock(sdata);
+ }
+@@ -2789,6 +2796,13 @@ static void ieee80211_beacon_connection_
+ 		sdata_info(sdata, "Connection to AP %pM lost\n",
+ 			   ifmgd->bssid);
+ 		__ieee80211_disconnect(sdata);
++		ifmgd->connection_loss = false;
++	} else if (ifmgd->driver_disconnect) {
++		sdata_info(sdata,
++			   "Driver requested disconnection from AP %pM\n",
++			   ifmgd->bssid);
++		__ieee80211_disconnect(sdata);
++		ifmgd->driver_disconnect = false;
+ 	} else {
+ 		ieee80211_mgd_probe_ap(sdata, true);
+ 	}
+@@ -2827,6 +2841,21 @@ void ieee80211_connection_loss(struct ie
+ }
+ EXPORT_SYMBOL(ieee80211_connection_loss);
+ 
++void ieee80211_disconnect(struct ieee80211_vif *vif, bool reconnect)
++{
++	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
++	struct ieee80211_hw *hw = &sdata->local->hw;
++
++	trace_api_disconnect(sdata, reconnect);
++
++	if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
++		return;
++
++	sdata->u.mgd.driver_disconnect = true;
++	sdata->u.mgd.reconnect = reconnect;
++	ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
++}
++EXPORT_SYMBOL(ieee80211_disconnect);
+ 
+ static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
+ 					bool assoc)
+@@ -3130,7 +3159,7 @@ static void ieee80211_rx_mgmt_deauth(str
+ 		ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
+ 
+ 		ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false,
+-					    reason_code);
++					    reason_code, false);
+ 		return;
+ 	}
+ 
+@@ -3179,7 +3208,8 @@ static void ieee80211_rx_mgmt_disassoc(s
+ 
+ 	ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
+ 
+-	ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code);
++	ieee80211_report_disconnect(sdata, (u8 *)mgmt, len, false, reason_code,
++				    false);
+ }
+ 
+ static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
+@@ -4199,7 +4229,8 @@ static void ieee80211_rx_mgmt_beacon(str
+ 				       true, deauth_buf);
+ 		ieee80211_report_disconnect(sdata, deauth_buf,
+ 					    sizeof(deauth_buf), true,
+-					    WLAN_REASON_DEAUTH_LEAVING);
++					    WLAN_REASON_DEAUTH_LEAVING,
++					    false);
+ 		return;
+ 	}
+ 
+@@ -4344,7 +4375,7 @@ static void ieee80211_sta_connection_los
+ 			       tx, frame_buf);
+ 
+ 	ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
+-				    reason);
++				    reason, false);
+ }
+ 
+ static int ieee80211_auth(struct ieee80211_sub_if_data *sdata)
+@@ -5431,7 +5462,8 @@ int ieee80211_mgd_auth(struct ieee80211_
+ 
+ 		ieee80211_report_disconnect(sdata, frame_buf,
+ 					    sizeof(frame_buf), true,
+-					    WLAN_REASON_UNSPECIFIED);
++					    WLAN_REASON_UNSPECIFIED,
++					    false);
+ 	}
+ 
+ 	sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
+@@ -5503,7 +5535,8 @@ int ieee80211_mgd_assoc(struct ieee80211
+ 
+ 		ieee80211_report_disconnect(sdata, frame_buf,
+ 					    sizeof(frame_buf), true,
+-					    WLAN_REASON_UNSPECIFIED);
++					    WLAN_REASON_UNSPECIFIED,
++					    false);
+ 	}
+ 
+ 	if (ifmgd->auth_data && !ifmgd->auth_data->done) {
+@@ -5802,7 +5835,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+ 		ieee80211_destroy_auth_data(sdata, false);
+ 		ieee80211_report_disconnect(sdata, frame_buf,
+ 					    sizeof(frame_buf), true,
+-					    req->reason_code);
++					    req->reason_code, false);
+ 
+ 		return 0;
+ 	}
+@@ -5822,7 +5855,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+ 		ieee80211_destroy_assoc_data(sdata, false, true);
+ 		ieee80211_report_disconnect(sdata, frame_buf,
+ 					    sizeof(frame_buf), true,
+-					    req->reason_code);
++					    req->reason_code, false);
+ 		return 0;
+ 	}
+ 
+@@ -5837,7 +5870,7 @@ int ieee80211_mgd_deauth(struct ieee8021
+ 				       req->reason_code, tx, frame_buf);
+ 		ieee80211_report_disconnect(sdata, frame_buf,
+ 					    sizeof(frame_buf), true,
+-					    req->reason_code);
++					    req->reason_code, false);
+ 		return 0;
+ 	}
+ 
+@@ -5870,7 +5903,7 @@ int ieee80211_mgd_disassoc(struct ieee80
+ 			       frame_buf);
+ 
+ 	ieee80211_report_disconnect(sdata, frame_buf, sizeof(frame_buf), true,
+-				    req->reason_code);
++				    req->reason_code, false);
+ 
+ 	return 0;
+ }
+--- a/net/mac80211/trace.h
++++ b/net/mac80211/trace.h
+@@ -2,7 +2,7 @@
+ /*
+ * Portions of this file
+ * Copyright(c) 2016-2017 Intel Deutschland GmbH
+-* Copyright (C) 2018 - 2019 Intel Corporation
++* Copyright (C) 2018 - 2020 Intel Corporation
+ */
+ 
+ #if !defined(__MAC80211_DRIVER_TRACE) || defined(TRACE_HEADER_MULTI_READ)
+@@ -2086,6 +2086,27 @@ TRACE_EVENT(api_connection_loss,
+ 	)
+ );
+ 
++TRACE_EVENT(api_disconnect,
++	TP_PROTO(struct ieee80211_sub_if_data *sdata, bool reconnect),
++
++	TP_ARGS(sdata, reconnect),
++
++	TP_STRUCT__entry(
++		VIF_ENTRY
++		__field(int, reconnect)
++	),
++
++	TP_fast_assign(
++		VIF_ASSIGN;
++		__entry->reconnect = reconnect;
++	),
++
++	TP_printk(
++		VIF_PR_FMT " reconnect:%d",
++		VIF_PR_ARG, __entry->reconnect
++	)
++);
++
+ TRACE_EVENT(api_cqm_rssi_notify,
+ 	TP_PROTO(struct ieee80211_sub_if_data *sdata,
+ 		 enum nl80211_cqm_rssi_threshold_event rssi_event,

package/kernel/mac80211/patches/subsys/311-net-fq_impl-drop-get_default_func-move-default-flow-.patch

@@ -68,7 +68,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  static int fq_init(struct fq *fq, int flows_cnt)
 --- a/net/mac80211/ieee80211_i.h
 +++ b/net/mac80211/ieee80211_i.h
-@@ -855,7 +855,6 @@ enum txq_info_flags {
+@@ -857,7 +857,6 @@ enum txq_info_flags {
   */
  struct txq_info {
  	struct fq_tin tin;

package/kernel/mac80211/patches/subsys/315-mac80211-add-rx-decapsulation-offload-support.patch

@@ -536,7 +536,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  };
 --- a/net/mac80211/trace.h
 +++ b/net/mac80211/trace.h
-@@ -2740,7 +2740,7 @@ DEFINE_EVENT(local_sdata_addr_evt, drv_u
+@@ -2761,7 +2761,7 @@ DEFINE_EVENT(local_sdata_addr_evt, drv_u
  	TP_ARGS(local, sdata)
  );
  
@@ -545,7 +545,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  	TP_PROTO(struct ieee80211_local *local,
  		 struct ieee80211_sub_if_data *sdata,
  		 struct ieee80211_sta *sta, bool enabled),
-@@ -2767,6 +2767,22 @@ TRACE_EVENT(drv_sta_set_4addr,
+@@ -2788,6 +2788,22 @@ TRACE_EVENT(drv_sta_set_4addr,
  	)
  );
  

package/kernel/mac80211/patches/subsys/370-mac80211-fix-TXQ-AC-confusion.patch

@@ -0,0 +1,61 @@
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Tue, 23 Mar 2021 21:05:01 +0100
+Subject: [PATCH] mac80211: fix TXQ AC confusion
+
+Normally, TXQs have
+
+  txq->tid = tid;
+  txq->ac = ieee80211_ac_from_tid(tid);
+
+However, the special management TXQ actually has
+
+  txq->tid = IEEE80211_NUM_TIDS; // 16
+  txq->ac = IEEE80211_AC_VO;
+
+This makes sense, but ieee80211_ac_from_tid(16) is the same
+as ieee80211_ac_from_tid(0) which is just IEEE80211_AC_BE.
+
+Now, normally this is fine. However, if the netdev queues
+were stopped, then the code in ieee80211_tx_dequeue() will
+propagate the stop from the interface (vif->txqs_stopped[])
+if the AC 2 (ieee80211_ac_from_tid(txq->tid)) is marked as
+stopped. On wake, however, __ieee80211_wake_txqs() will wake
+the TXQ if AC 0 (txq->ac) is woken up.
+
+If a driver stops all queues with ieee80211_stop_tx_queues()
+and then wakes them again with ieee80211_wake_tx_queues(),
+the ieee80211_wake_txqs() tasklet will run to resync queue
+and TXQ state. If all queues were woken, then what'll happen
+is that _ieee80211_wake_txqs() will run in order of HW queues
+0-3, typically (and certainly for iwlwifi) corresponding to
+ACs 0-3, so it'll call __ieee80211_wake_txqs() for each AC in
+order 0-3.
+
+When __ieee80211_wake_txqs() is called for AC 0 (VO) that'll
+wake up the management TXQ (remember its tid is 16), and the
+driver's wake_tx_queue() will be called. That tries to get a
+frame, which will immediately *stop* the TXQ again, because
+now we check against AC 2, and AC 2 hasn't yet been marked as
+woken up again in sdata->vif.txqs_stopped[] since we're only
+in the __ieee80211_wake_txqs() call for AC 0.
+
+Thus, the management TXQ will never be started again.
+
+Fix this by checking txq->ac directly instead of calculating
+the AC as ieee80211_ac_from_tid(txq->tid).
+
+Fixes: adf8ed01e4fd ("mac80211: add an optional TXQ for other PS-buffered frames")
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -3589,7 +3589,7 @@ begin:
+ 	    test_bit(IEEE80211_TXQ_STOP_NETIF_TX, &txqi->flags))
+ 		goto out;
+ 
+-	if (vif->txqs_stopped[ieee80211_ac_from_tid(txq->tid)]) {
++	if (vif->txqs_stopped[txq->ac]) {
+ 		set_bit(IEEE80211_TXQ_STOP_NETIF_TX, &txqi->flags);
+ 		goto out;
+ 	}

package/kernel/mac80211/patches/subsys/371-mac80211-don-t-apply-flow-control-on-management-fram.patch

@@ -0,0 +1,60 @@
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Fri, 19 Mar 2021 23:28:01 +0100
+Subject: [PATCH] mac80211: don't apply flow control on management frames
+
+In some cases (depending on the driver, but it's true e.g. for
+iwlwifi) we're using an internal TXQ for management packets,
+mostly to simplify the code and to have a place to queue them.
+However, it appears that in certain cases we can confuse the
+code and management frames are dropped, which is certainly not
+what we want.
+
+Short-circuit the processing of management frames. To keep the
+impact minimal, only put them on the frags queue and check the
+tid == management only for doing that and to skip the airtime
+fairness checks, if applicable.
+
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -5,7 +5,7 @@
+  * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
+  * Copyright 2007	Johannes Berg <johannes@sipsolutions.net>
+  * Copyright 2013-2014  Intel Mobile Communications GmbH
+- * Copyright (C) 2018-2020 Intel Corporation
++ * Copyright (C) 2018-2021 Intel Corporation
+  *
+  * Transmit and frame generation functions.
+  */
+@@ -1403,8 +1403,17 @@ static void ieee80211_txq_enqueue(struct
+ 	ieee80211_set_skb_enqueue_time(skb);
+ 
+ 	spin_lock_bh(&fq->lock);
+-	fq_tin_enqueue(fq, tin, flow_idx, skb,
+-		       fq_skb_free_func);
++	/*
++	 * For management frames, don't really apply codel etc.,
++	 * we don't want to apply any shaping or anything we just
++	 * want to simplify the driver API by having them on the
++	 * txqi.
++	 */
++	if (unlikely(txqi->txq.tid == IEEE80211_NUM_TIDS))
++		__skb_queue_tail(&txqi->frags, skb);
++	else
++		fq_tin_enqueue(fq, tin, flow_idx, skb,
++			       fq_skb_free_func);
+ 	spin_unlock_bh(&fq->lock);
+ }
+ 
+@@ -3846,6 +3855,9 @@ bool ieee80211_txq_airtime_check(struct
+ 	if (!txq->sta)
+ 		return true;
+ 
++	if (unlikely(txq->tid == IEEE80211_NUM_TIDS))
++		return true;
++
+ 	sta = container_of(txq->sta, struct sta_info, sta);
+ 	if (atomic_read(&sta->airtime[txq->ac].aql_tx_pending) <
+ 	    sta->airtime[txq->ac].aql_limit_low)

package/kernel/mac80211/patches/subsys/372-mac80211-set-sk_pacing_shift-for-802.3-txpath.patch

@@ -0,0 +1,21 @@
+From: Lorenzo Bianconi <lorenzo@kernel.org>
+Date: Mon, 8 Mar 2021 23:01:49 +0100
+Subject: [PATCH] mac80211: set sk_pacing_shift for 802.3 txpath
+
+Similar to 802.11 txpath, set socket sk_pacing_shift for 802.3 tx path.
+
+Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
+---
+
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -4173,6 +4173,9 @@ static bool ieee80211_tx_8023(struct iee
+ 	unsigned long flags;
+ 	int q = info->hw_queue;
+ 
++	if (sta)
++		sk_pacing_shift_update(skb->sk, local->hw.tx_sk_pacing_shift);
++
+ 	if (ieee80211_queue_skb(local, sdata, sta, skb))
+ 		return true;
+ 

package/kernel/mac80211/patches/subsys/373-mac80211-support-Rx-timestamp-calculation-for-all-pr.patch

@@ -0,0 +1,134 @@
+From: Avraham Stern <avraham.stern@intel.com>
+Date: Sun, 6 Dec 2020 14:54:45 +0200
+Subject: [PATCH] mac80211: support Rx timestamp calculation for all preamble
+ types
+
+Add support for calculating the Rx timestamp for HE frames.
+Since now all frame types are supported, allow setting the Rx
+timestamp regardless of the frame type.
+
+Signed-off-by: Avraham Stern <avraham.stern@intel.com>
+Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
+Link: https://lore.kernel.org/r/iwlwifi.20201206145305.4786559af475.Ia54486bb0a12e5351f9d5c60ef6fcda7c9e7141c@changeid
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/ieee80211_i.h
++++ b/net/mac80211/ieee80211_i.h
+@@ -1600,13 +1600,8 @@ ieee80211_have_rx_timestamp(struct ieee8
+ {
+ 	WARN_ON_ONCE(status->flag & RX_FLAG_MACTIME_START &&
+ 		     status->flag & RX_FLAG_MACTIME_END);
+-	if (status->flag & (RX_FLAG_MACTIME_START | RX_FLAG_MACTIME_END))
+-		return true;
+-	/* can't handle non-legacy preamble yet */
+-	if (status->flag & RX_FLAG_MACTIME_PLCP_START &&
+-	    status->encoding == RX_ENC_LEGACY)
+-		return true;
+-	return false;
++	return !!(status->flag & (RX_FLAG_MACTIME_START | RX_FLAG_MACTIME_END |
++				  RX_FLAG_MACTIME_PLCP_START));
+ }
+ 
+ void ieee80211_vif_inc_num_mcast(struct ieee80211_sub_if_data *sdata);
+--- a/net/mac80211/util.c
++++ b/net/mac80211/util.c
+@@ -3665,6 +3665,7 @@ u64 ieee80211_calculate_rx_timestamp(str
+ 	u64 ts = status->mactime;
+ 	struct rate_info ri;
+ 	u16 rate;
++	u8 n_ltf;
+ 
+ 	if (WARN_ON(!ieee80211_have_rx_timestamp(status)))
+ 		return 0;
+@@ -3675,11 +3676,58 @@ u64 ieee80211_calculate_rx_timestamp(str
+ 
+ 	/* Fill cfg80211 rate info */
+ 	switch (status->encoding) {
++	case RX_ENC_HE:
++		ri.flags |= RATE_INFO_FLAGS_HE_MCS;
++		ri.mcs = status->rate_idx;
++		ri.nss = status->nss;
++		ri.he_ru_alloc = status->he_ru;
++		if (status->enc_flags & RX_ENC_FLAG_SHORT_GI)
++			ri.flags |= RATE_INFO_FLAGS_SHORT_GI;
++
++		/*
++		 * See P802.11ax_D6.0, section 27.3.4 for
++		 * VHT PPDU format.
++		 */
++		if (status->flag & RX_FLAG_MACTIME_PLCP_START) {
++			mpdu_offset += 2;
++			ts += 36;
++
++			/*
++			 * TODO:
++			 * For HE MU PPDU, add the HE-SIG-B.
++			 * For HE ER PPDU, add 8us for the HE-SIG-A.
++			 * For HE TB PPDU, add 4us for the HE-STF.
++			 * Add the HE-LTF durations - variable.
++			 */
++		}
++
++		break;
+ 	case RX_ENC_HT:
+ 		ri.mcs = status->rate_idx;
+ 		ri.flags |= RATE_INFO_FLAGS_MCS;
+ 		if (status->enc_flags & RX_ENC_FLAG_SHORT_GI)
+ 			ri.flags |= RATE_INFO_FLAGS_SHORT_GI;
++
++		/*
++		 * See P802.11REVmd_D3.0, section 19.3.2 for
++		 * HT PPDU format.
++		 */
++		if (status->flag & RX_FLAG_MACTIME_PLCP_START) {
++			mpdu_offset += 2;
++			if (status->enc_flags & RX_ENC_FLAG_HT_GF)
++				ts += 24;
++			else
++				ts += 32;
++
++			/*
++			 * Add Data HT-LTFs per streams
++			 * TODO: add Extension HT-LTFs, 4us per LTF
++			 */
++			n_ltf = ((ri.mcs >> 3) & 3) + 1;
++			n_ltf = n_ltf == 3 ? 4 : n_ltf;
++			ts += n_ltf * 4;
++		}
++
+ 		break;
+ 	case RX_ENC_VHT:
+ 		ri.flags |= RATE_INFO_FLAGS_VHT_MCS;
+@@ -3687,6 +3735,23 @@ u64 ieee80211_calculate_rx_timestamp(str
+ 		ri.nss = status->nss;
+ 		if (status->enc_flags & RX_ENC_FLAG_SHORT_GI)
+ 			ri.flags |= RATE_INFO_FLAGS_SHORT_GI;
++
++		/*
++		 * See P802.11REVmd_D3.0, section 21.3.2 for
++		 * VHT PPDU format.
++		 */
++		if (status->flag & RX_FLAG_MACTIME_PLCP_START) {
++			mpdu_offset += 2;
++			ts += 36;
++
++			/*
++			 * Add VHT-LTFs per streams
++			 */
++			n_ltf = (ri.nss != 1) && (ri.nss % 2) ?
++				ri.nss + 1 : ri.nss;
++			ts += 4 * n_ltf;
++		}
++
+ 		break;
+ 	default:
+ 		WARN_ON(1);
+@@ -3710,7 +3775,6 @@ u64 ieee80211_calculate_rx_timestamp(str
+ 		ri.legacy = DIV_ROUND_UP(bitrate, (1 << shift));
+ 
+ 		if (status->flag & RX_FLAG_MACTIME_PLCP_START) {
+-			/* TODO: handle HT/VHT preambles */
+ 			if (status->band == NL80211_BAND_5GHZ) {
+ 				ts += 20 << shift;
+ 				mpdu_offset += 2;

package/kernel/mac80211/patches/subsys/374-mac80211-fix-time-is-after-bug-in-mlme.patch

@@ -0,0 +1,31 @@
+From: Ben Greear <greearb@candelatech.com>
+Date: Tue, 30 Mar 2021 16:07:49 -0700
+Subject: [PATCH] mac80211: fix time-is-after bug in mlme
+
+The incorrect timeout check caused probing to happen when it did
+not need to happen.  This in turn caused tx performance drop
+for around 5 seconds in ath10k-ct driver.  Possibly that tx drop
+is due to a secondary issue, but fixing the probe to not happen
+when traffic is running fixes the symptom.
+
+Signed-off-by: Ben Greear <greearb@candelatech.com>
+Fixes: 9abf4e49830d ("mac80211: optimize station connection monitor")
+Acked-by: Felix Fietkau <nbd@nbd.name>
+Link: https://lore.kernel.org/r/20210330230749.14097-1-greearb@candelatech.com
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+---
+
+--- a/net/mac80211/mlme.c
++++ b/net/mac80211/mlme.c
+@@ -4691,7 +4691,10 @@ static void ieee80211_sta_conn_mon_timer
+ 		timeout = sta->rx_stats.last_rx;
+ 	timeout += IEEE80211_CONNECTION_IDLE_TIME;
+ 
+-	if (time_is_before_jiffies(timeout)) {
++	/* If timeout is after now, then update timer to fire at
++	 * the later date, but do not actually probe at this time.
++	 */
++	if (time_is_after_jiffies(timeout)) {
+ 		mod_timer(&ifmgd->conn_mon_timer, round_jiffies_up(timeout));
+ 		return;
+ 	}

package/kernel/mac80211/patches/subsys/500-mac80211_configure_antenna_gain.patch

@@ -36,9 +36,9 @@
  	u8 ps_dtim_period;
 --- a/include/uapi/linux/nl80211.h
 +++ b/include/uapi/linux/nl80211.h
-@@ -2527,6 +2527,9 @@ enum nl80211_commands {
-  *	override mask. Used with NL80211_ATTR_S1G_CAPABILITY in
-  *	NL80211_CMD_ASSOCIATE or NL80211_CMD_CONNECT.
+@@ -2531,6 +2531,9 @@ enum nl80211_commands {
+  *	disassoc events to indicate that an immediate reconnect to the AP
+  *	is desired.
   *
 + * @NL80211_ATTR_WIPHY_ANTENNA_GAIN: Configured antenna gain. Used to reduce
 + *	transmit power to stay within regulatory limits. u32, dBi.
@@ -46,9 +46,9 @@
   * @NUM_NL80211_ATTR: total number of nl80211_attrs available
   * @NL80211_ATTR_MAX: highest attribute number currently defined
   * @__NL80211_ATTR_AFTER_LAST: internal use
-@@ -3016,6 +3019,8 @@ enum nl80211_attrs {
- 	NL80211_ATTR_S1G_CAPABILITY,
- 	NL80211_ATTR_S1G_CAPABILITY_MASK,
+@@ -3022,6 +3025,8 @@ enum nl80211_attrs {
+ 
+ 	NL80211_ATTR_RECONNECT_REQUESTED,
  
 +	NL80211_ATTR_WIPHY_ANTENNA_GAIN,
 +
@@ -87,7 +87,7 @@
  	CFG80211_TESTMODE_CMD(ieee80211_testmode_cmd)
 --- a/net/mac80211/ieee80211_i.h
 +++ b/net/mac80211/ieee80211_i.h
-@@ -1401,6 +1401,7 @@ struct ieee80211_local {
+@@ -1403,6 +1403,7 @@ struct ieee80211_local {
  	int dynamic_ps_forced_timeout;
  
  	int user_power_level; /* in dBm, for all interfaces */
@@ -129,15 +129,15 @@
  	local->hw.max_mtu = IEEE80211_MAX_DATA_LEN;
 --- a/net/wireless/nl80211.c
 +++ b/net/wireless/nl80211.c
-@@ -732,6 +732,7 @@ static const struct nla_policy nl80211_p
- 		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
+@@ -733,6 +733,7 @@ static const struct nla_policy nl80211_p
  	[NL80211_ATTR_S1G_CAPABILITY_MASK] =
  		NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
+ 	[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
 +	[NL80211_ATTR_WIPHY_ANTENNA_GAIN] = { .type = NLA_U32 },
  };
  
  /* policy for the key attributes */
-@@ -3240,6 +3241,20 @@ static int nl80211_set_wiphy(struct sk_b
+@@ -3241,6 +3242,20 @@ static int nl80211_set_wiphy(struct sk_b
  		if (result)
  			return result;
  	}

package/kernel/mt76/Makefile

@@ -8,9 +8,9 @@ PKG_LICENSE_FILES:=
 
 PKG_SOURCE_URL:=https://github.com/openwrt/mt76
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2021-02-14
-PKG_SOURCE_VERSION:=289cd7804587dc48f776d450db9cd3762692a370
-PKG_MIRROR_HASH:=91885feca9d935586c6e33a8e3734bfa61991d869bf42ac0d1c8c3b19bfa9653
+PKG_SOURCE_DATE:=2021-04-11
+PKG_SOURCE_VERSION:=bf45b30d891961dd7c4139dddb58b909ea2c2b5a
+PKG_MIRROR_HASH:=431cecf80dafa986e805f809522721c2bb26289867d6770695d49baf8b471bea
 
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_BUILD_PARALLEL:=1
@@ -235,7 +235,8 @@ endef
 
 TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include/libnl-tiny
 
-NOSTDINC_FLAGS = \
+NOSTDINC_FLAGS := \
+	$(KERNEL_NOSTDINC_FLAGS) \
 	-I$(PKG_BUILD_DIR) \
 	-I$(STAGING_DIR)/usr/include/mac80211-backport/uapi \
 	-I$(STAGING_DIR)/usr/include/mac80211-backport \
@@ -406,6 +407,14 @@ define KernelPackage/mt7915e/install
 		$(1)/lib/firmware/mediatek
 endef
 
+define KernelPackage/mt7921e/install
+	$(INSTALL_DIR) $(1)/lib/firmware/mediatek
+	cp \
+		$(PKG_BUILD_DIR)/firmware/WIFI_MT7961_patch_mcu_1_2_hdr.bin \
+		$(PKG_BUILD_DIR)/firmware/WIFI_RAM_CODE_MT7961_1.bin \
+		$(1)/lib/firmware/mediatek
+endef
+
 define Package/mt76-test/install
 	mkdir -p $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/tools/mt76-test $(1)/usr/sbin

package/kernel/mwlwifi/Makefile

@@ -21,6 +21,7 @@ PKG_MIRROR_HASH:=0eda0e774a87e58e611d6436350e1cf2be3de50fddde334909a07a15b0c9862
 
 PKG_MAINTAINER:=Imre Kaloz <kaloz@openwrt.org>
 PKG_BUILD_PARALLEL:=1
+PKG_FLAGS:=nonshared
 
 include $(INCLUDE_DIR)/kernel.mk
 include $(INCLUDE_DIR)/package.mk
@@ -33,7 +34,8 @@ define KernelPackage/mwlwifi
   AUTOLOAD:=$(call AutoLoad,50,mwlwifi)
 endef
 
-NOSTDINC_FLAGS = \
+NOSTDINC_FLAGS := \
+	$(KERNEL_NOSTDINC_FLAGS) \
 	-I$(PKG_BUILD_DIR) \
 	-I$(STAGING_DIR)/usr/include/mac80211-backport/uapi \
 	-I$(STAGING_DIR)/usr/include/mac80211-backport \

package/kernel/rtl8812au-ct/Makefile

@@ -31,7 +31,8 @@ define KernelPackage/rtl8812au-ct
   PROVIDES:=kmod-rtl8812au
 endef
 
-NOSTDINC_FLAGS = \
+NOSTDINC_FLAGS := \
+	$(KERNEL_NOSTDINC_FLAGS) \
 	-I$(PKG_BUILD_DIR) \
 	-I$(PKG_BUILD_DIR)/include \
 	-I$(STAGING_DIR)/usr/include/mac80211-backport \

package/libs/elfutils/Makefile

@@ -95,7 +95,8 @@ define Package/libelf/install
 	$(CP) $(PKG_INSTALL_DIR)/usr/lib/libelf{-*.so,*.so.*} $(1)/usr/lib/
 endef
 
-$(eval $(call BuildPackage,libasm))
-$(eval $(call BuildPackage,libdw))
+# these lines need to be ordered by dependency because of ABI versioning
 $(eval $(call BuildPackage,libelf))
+$(eval $(call BuildPackage,libdw))
+$(eval $(call BuildPackage,libasm))
 $(eval $(call HostBuild))

package/libs/libnfnetlink/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libnfnetlink
 PKG_VERSION:=1.0.1
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:= \
@@ -45,7 +45,7 @@ CONFIGURE_ARGS += \
 	--enable-shared
 
 CONFIGURE_VARS += \
-	lt_prog_compiler_pic=$(FPIC)
+	lt_prog_compiler_pic="$(FPIC)"
 
 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/include/libnfnetlink

package/libs/libselinux/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libselinux
-PKG_VERSION:=3.1
-PKG_RELEASE:=3
+PKG_VERSION:=3.2
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/20200710
-PKG_HASH:=ea5dcbb4d859e3f999c26a13c630da2f16dff9462e3cc8cb7b458ac157d112e7
+PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/3.2
+PKG_HASH:=df758ef1d9d4811051dd901ea6b029ae334ffd7c671c128beb16bce1e25ac161
 HOST_BUILD_DEPENDS:=libsepol/host pcre/host
 
 PKG_LICENSE:=libselinux-1.0

package/libs/libsemanage/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libsemanage
-PKG_VERSION:=3.1
+PKG_VERSION:=3.2
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/20200710
-PKG_HASH:=22d6c75526e40d1781c30bcf29abf97171bdfe6780923f11c8e1c76a75a21ff8
+PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/3.2
+PKG_HASH:=d722a55ca4fe2d4e2b30527720db657e6238b28079e69e2e4affeb8e733ee511
 PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 PKG_LICENSE:=LGPL-2.1
 PKG_LICENSE_FILES:=COPYING

package/libs/libsepol/Makefile

@@ -6,12 +6,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libsepol
-PKG_VERSION:=3.1
+PKG_VERSION:=3.2
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/20200710
-PKG_HASH:=ae6778d01443fdd38cd30eeee846494e19f4d407b09872580372f4aa4bf8a3cc
+PKG_SOURCE_URL:=https://github.com/SELinuxProject/selinux/releases/download/3.2
+PKG_HASH:=dfc7f662af8000116e56a01de6a0394ed79be1b34b999e551346233c5dd19508
 
 PKG_MAINTAINER:=Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 

package/libs/libunwind/Makefile

@@ -32,7 +32,7 @@ define Package/libunwind
   CATEGORY:=Libraries
   TITLE:=The libunwind project
   URL:=http://www.nongnu.org/libunwind/
-  DEPENDS:=@((mips||mipsel||x86_64||arm||aarch64)||(USE_GLIBC&&(powerpc||i386))) +zlib
+  DEPENDS:=@((mips||mipsel||mips64||x86_64||arm||aarch64)||(USE_GLIBC&&(powerpc||i386))) +zlib
   ABI_VERSION:=8
 endef
 

package/libs/mbedtls/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=mbedtls
-PKG_VERSION:=2.16.9
+PKG_VERSION:=2.16.10
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=fc17ff7d8c11d08f23ae2800a18269408ad2c24ea6bb8b9363e41a01c2425697
+PKG_HASH:=96257bb03b30300b2f35f861ffe204ed957e9fd0329d80646fe57fc49f589b29
 
 PKG_BUILD_PARALLEL:=1
 PKG_LICENSE:=GPL-2.0-or-later

package/libs/mbedtls/patches/200-config.patch

@@ -144,7 +144,7 @@
  
  /**
   * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
-@@ -1779,7 +1779,7 @@
+@@ -1796,7 +1796,7 @@
   *
   * Comment this to disable run-time checking and save ROM space
   */
@@ -153,7 +153,7 @@
  
  /**
   * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
-@@ -2109,7 +2109,7 @@
+@@ -2126,7 +2126,7 @@
   *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
   *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
   */
@@ -162,7 +162,7 @@
  
  /**
   * \def MBEDTLS_ARIA_C
-@@ -2175,7 +2175,7 @@
+@@ -2192,7 +2192,7 @@
   * This module enables the AES-CCM ciphersuites, if other requisites are
   * enabled as well.
   */
@@ -171,7 +171,7 @@
  
  /**
   * \def MBEDTLS_CERTS_C
-@@ -2187,7 +2187,7 @@
+@@ -2204,7 +2204,7 @@
   *
   * This module is used for testing (ssl_client/server).
   */
@@ -180,7 +180,7 @@
  
  /**
   * \def MBEDTLS_CHACHA20_C
-@@ -2295,7 +2295,7 @@
+@@ -2312,7 +2312,7 @@
   * \warning   DES is considered a weak cipher and its use constitutes a
   *            security risk. We recommend considering stronger ciphers instead.
   */
@@ -189,7 +189,7 @@
  
  /**
   * \def MBEDTLS_DHM_C
-@@ -2458,7 +2458,7 @@
+@@ -2475,7 +2475,7 @@
   * This module adds support for the Hashed Message Authentication Code
   * (HMAC)-based key derivation function (HKDF).
   */
@@ -198,7 +198,7 @@
  
  /**
   * \def MBEDTLS_HMAC_DRBG_C
-@@ -2768,7 +2768,7 @@
+@@ -2785,7 +2785,7 @@
   *
   * This module enables abstraction of common (libc) functions.
   */
@@ -207,7 +207,7 @@
  
  /**
   * \def MBEDTLS_POLY1305_C
-@@ -2789,7 +2789,7 @@
+@@ -2806,7 +2806,7 @@
   * Caller:  library/md.c
   *
   */
@@ -216,7 +216,7 @@
  
  /**
   * \def MBEDTLS_RSA_C
-@@ -2896,7 +2896,7 @@
+@@ -2913,7 +2913,7 @@
   *
   * Requires: MBEDTLS_CIPHER_C
   */
@@ -225,7 +225,7 @@
  
  /**
   * \def MBEDTLS_SSL_CLI_C
-@@ -2996,7 +2996,7 @@
+@@ -3013,7 +3013,7 @@
   *
   * This module provides run-time version information.
   */
@@ -234,7 +234,7 @@
  
  /**
   * \def MBEDTLS_X509_USE_C
-@@ -3106,7 +3106,7 @@
+@@ -3123,7 +3123,7 @@
   * Module:  library/xtea.c
   * Caller:
   */

package/libs/openssl/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_BASE:=1.1.1
-PKG_BUGFIX:=i
+PKG_BUGFIX:=k
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
 PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
@@ -19,12 +19,14 @@ PKG_BUILD_PARALLEL:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:= \
-	http://ftp.fi.muni.cz/pub/openssl/source/ \
-	http://ftp.linux.hr/pub/openssl/source/ \
-	ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
 	http://www.openssl.org/source/ \
-	http://www.openssl.org/source/old/$(PKG_BASE)/
-PKG_HASH:=e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242
+	http://www.openssl.org/source/old/$(PKG_BASE)/ \
+	http://ftp.fi.muni.cz/pub/openssl/source/ \
+	http://ftp.fi.muni.cz/pub/openssl/source/old/$(PKG_BASE)/ \
+	ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
+	ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/
+
+PKG_HASH:=892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE

package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch

@@ -116,7 +116,7 @@ diff --git a/crypto/engine/eng_devcrypto.c b/engines/e_devcrypto.c
 similarity index 95%
 rename from crypto/engine/eng_devcrypto.c
 rename to engines/e_devcrypto.c
-index 0d420e50aa..3fcd81de7a 100644
+index 2c1b52d572..eff1ed3a7d 100644
 --- a/crypto/engine/eng_devcrypto.c
 +++ b/engines/e_devcrypto.c
 @@ -7,7 +7,7 @@
@@ -152,22 +152,6 @@ index 0d420e50aa..3fcd81de7a 100644
  
  /*
   * cipher/digest status & acceleration definitions
-@@ -341,6 +343,7 @@ static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2)
-     struct cipher_ctx *to_cipher_ctx;
- 
-     switch (type) {
-+
-     case EVP_CTRL_COPY:
-         if (cipher_ctx == NULL)
-             return 1;
-@@ -702,7 +705,6 @@ static int digest_init(EVP_MD_CTX *ctx)
-         SYSerr(SYS_F_IOCTL, errno);
-         return 0;
-     }
--
-     return 1;
- }
- 
 @@ -1058,7 +1060,7 @@ static const ENGINE_CMD_DEFN devcrypto_cmds[] = {
          OPENSSL_MSTR(DEVCRYPTO_USE_SOFTWARE) "=allow all drivers, "
          OPENSSL_MSTR(DEVCRYPTO_REJECT_SOFTWARE)
@@ -177,7 +161,7 @@ index 0d420e50aa..3fcd81de7a 100644
      ENGINE_CMD_FLAG_NUMERIC},
  #endif
  
-@@ -1166,55 +1168,70 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+@@ -1166,32 +1168,22 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
   *
   *****/
  
@@ -201,10 +185,12 @@ index 0d420e50aa..3fcd81de7a 100644
 +static int open_devcrypto(void)
  {
 -    ENGINE *e = NULL;
+     int fd;
+ 
 +    if (cfd >= 0)
 +        return 1;
- 
-     if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
++
+     if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
  #ifndef ENGINE_DEVCRYPTO_DEBUG
          if (errno != ENOENT)
  #endif
@@ -213,6 +199,19 @@ index 0d420e50aa..3fcd81de7a 100644
 +        return 0;
      }
  
+ #ifdef CRIOGET
+@@ -1199,35 +1191,61 @@ void engine_load_devcrypto_int()
+         fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno));
+         close(fd);
+         cfd = -1;
+-        return;
++        return 0;
+     }
+     close(fd);
+ #else
+     cfd = fd;
+ #endif
+ 
 -    if ((e = ENGINE_new()) == NULL
 -        || !ENGINE_set_destroy_function(e, devcrypto_unload)) {
 -        ENGINE_free(e);
@@ -278,7 +277,7 @@ index 0d420e50aa..3fcd81de7a 100644
  /*
   * Asymmetric ciphers aren't well supported with /dev/crypto.  Among the BSD
   * implementations, it seems to only exist in FreeBSD, and regarding the
-@@ -1237,23 +1254,36 @@ void engine_load_devcrypto_int()
+@@ -1250,23 +1268,36 @@ void engine_load_devcrypto_int()
   */
  #if 0
  # ifndef OPENSSL_NO_RSA
@@ -324,7 +323,7 @@ index 0d420e50aa..3fcd81de7a 100644
          ENGINE_free(e);
          return;
      }
-@@ -1262,3 +1292,22 @@ void engine_load_devcrypto_int()
+@@ -1275,3 +1306,22 @@ void engine_load_devcrypto_int()
      ENGINE_free(e);          /* Loose our local reference */
      ERR_clear_error();
  }

package/libs/wolfssl/Config.in

@@ -48,7 +48,7 @@ config WOLFSSL_HAS_WPAS
 	default y
 
 config WOLFSSL_HAS_ECC25519
-	bool "Include ECC Curve 22519 support"
+	bool "Include ECC Curve 25519 support"
 	default n
 
 config WOLFSSL_HAS_DEVCRYPTO

package/libs/wolfssl/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=wolfssl
-PKG_VERSION:=4.6.0-stable
-PKG_RELEASE:=2
+PKG_VERSION:=4.7.0-stable
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=053aefbb02d0b06b27c5e2df6875b4b587318755b7db9d6aa8d72206b310a848
+PKG_HASH:=b0e740b31d4d877d540ad50cc539a8873fc41af02bd3091c4357b403f7106e31
 
 PKG_FIXUP:=libtool libtool-abiver
 PKG_INSTALL:=1

package/libs/wolfssl/patches/010-CVE-2021-3336.patch

@@ -1,53 +0,0 @@
-From fad1e67677bf7797b6bd6e1f21a513c289d963a7 Mon Sep 17 00:00:00 2001
-From: Sean Parkinson <sean@wolfssl.com>
-Date: Thu, 21 Jan 2021 08:24:38 +1000
-Subject: [PATCH] TLS 1.3: ensure key for signature in CertificateVerify
-
----
- src/tls13.c | 18 +++++++++++++-----
- 1 file changed, 13 insertions(+), 5 deletions(-)
-
---- a/src/tls13.c
-+++ b/src/tls13.c
-@@ -5624,28 +5624,36 @@ static int DoTls13CertificateVerify(WOLF
-         #ifdef HAVE_ED25519
-             if (args->sigAlgo == ed25519_sa_algo &&
-                                                   !ssl->peerEd25519KeyPresent) {
--                WOLFSSL_MSG("Oops, peer sent ED25519 key but not in verify");
-+                WOLFSSL_MSG("Peer sent ED22519 sig but not ED22519 cert");
-+                ret = SIG_VERIFY_E;
-+                goto exit_dcv;
-             }
-         #endif
-         #ifdef HAVE_ED448
-             if (args->sigAlgo == ed448_sa_algo && !ssl->peerEd448KeyPresent) {
--                WOLFSSL_MSG("Oops, peer sent ED448 key but not in verify");
-+                WOLFSSL_MSG("Peer sent ED448 sig but not ED448 cert");
-+                ret = SIG_VERIFY_E;
-+                goto exit_dcv;
-             }
-         #endif
-         #ifdef HAVE_ECC
-             if (args->sigAlgo == ecc_dsa_sa_algo &&
-                                                    !ssl->peerEccDsaKeyPresent) {
--                WOLFSSL_MSG("Oops, peer sent ECC key but not in verify");
-+                WOLFSSL_MSG("Peer sent ECC sig but not ECC cert");
-+                ret = SIG_VERIFY_E;
-+                goto exit_dcv;
-             }
-         #endif
-         #ifndef NO_RSA
-             if (args->sigAlgo == rsa_sa_algo) {
--                WOLFSSL_MSG("Oops, peer sent PKCS#1.5 signature");
-+                WOLFSSL_MSG("Peer sent PKCS#1.5 algo but not in certificate");
-                 ERROR_OUT(INVALID_PARAMETER, exit_dcv);
-             }
-             if (args->sigAlgo == rsa_pss_sa_algo &&
-                          (ssl->peerRsaKey == NULL || !ssl->peerRsaKeyPresent)) {
--                WOLFSSL_MSG("Oops, peer sent RSA key but not in verify");
-+                WOLFSSL_MSG("Peer sent RSA sig but not RSA cert");
-+                ret = SIG_VERIFY_E;
-+                goto exit_dcv;
-             }
-         #endif
- 

package/libs/wolfssl/patches/100-disable-hardening-check.patch

@@ -1,6 +1,6 @@
 --- a/wolfssl/wolfcrypt/settings.h
 +++ b/wolfssl/wolfcrypt/settings.h
-@@ -2248,7 +2248,7 @@ extern void uITRON4_free(void *p) ;
+@@ -2255,7 +2255,7 @@ extern void uITRON4_free(void *p) ;
  #endif
  
  /* warning for not using harden build options (default with ./configure) */

package/libs/wolfssl/patches/110-Fix-linking-against-hostapd-with-LTO.patch

@@ -1,25 +0,0 @@
-From 391ecbd647c121300dc7dcf209e412ccb7b8d432 Mon Sep 17 00:00:00 2001
-From: Hauke Mehrtens <hauke@hauke-m.de>
-Date: Fri, 1 Jan 2021 21:57:56 +0100
-Subject: [PATCH] Fix linking against hostapd with LTO
-
-When running LTO on wolfssl the ecc_map() function is removed from the
-binary by GCC 8.4.0. This function is used by multiple functions from
-the crypto_wolfssl.c implementation of hostapd master.
-
-Fixes: 780e8a4619b6 ("Fixes for building `--enable-wpas=small` with WPA Supplicant v2.7.")
-Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
----
- configure.ac | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/configure.ac
-+++ b/configure.ac
-@@ -947,6 +947,7 @@ then
-     AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA_X509_SMALL"
- 
-     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
-+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_ECC_ADD_DBL"
-     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DER_LOAD"
-     AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
-     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"

package/libs/wolfssl/patches/120-enable-secret-callback.patch

@@ -1,10 +0,0 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -943,6 +943,7 @@ then
-     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
-     AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
-     AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE"
-+    AM_CFLAGS="$AM_CFLAGS -DHAVE_SECRET_CALLBACK"
-     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EITHER_SIDE"
-     AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA_X509_SMALL"
- 

package/libs/zlib/patches/002-arm-specific-optimisations-for-inflate.patch

@@ -1907,505 +1907,3 @@ index 00000000..ac333e8c
 +    state = (struct inflate_state FAR *)strm->state;
 +    return (unsigned long)(state->next - state->codes);
 +}
-
-From 247147654fe5cd11cf15d8dff91440405ea57040 Mon Sep 17 00:00:00 2001
-From: Simon Hosie <simon.hosie@arm.com>
-Date: Wed, 12 Apr 2017 15:44:21 -0700
-Subject: [PATCH 2/2] Inflate using wider loads and stores
-
-In inflate_fast() the output pointer always has plenty of room to write. This
-means that so long as the target is capable, wide un-aligned loads and stores
-can be used to transfer several bytes at once. When the reference distance is
-too short simply unroll the data a little to increase the distance.
-
-Change-Id: I59854eb25d2b1e43561c8a2afaf9175bf10cf674
----
- contrib/arm/chunkcopy.h | 279 ++++++++++++++++++++++++++++++++++++++++++++++++
- contrib/arm/inffast.c   |  96 +++++++----------
- contrib/arm/inflate.c   |  22 ++--
- 3 files changed, 335 insertions(+), 62 deletions(-)
- create mode 100644 contrib/arm/chunkcopy.h
-
-diff --git a/contrib/arm/chunkcopy.h b/contrib/arm/chunkcopy.h
-new file mode 100644
-index 00000000..2d6fd6f9
---- /dev/null
-+++ b/contrib/arm/chunkcopy.h
-@@ -0,0 +1,279 @@
-+/* chunkcopy.h -- fast copies and sets
-+ * Copyright (C) 2017 ARM, Inc.
-+ * For conditions of distribution and use, see copyright notice in zlib.h
-+ */
-+
-+#ifndef CHUNKCOPY_H
-+#define CHUNKCOPY_H
-+
-+#include "zutil.h"
-+#include <arm_neon.h>
-+
-+#if __STDC_VERSION__ >= 199901L
-+#define Z_RESTRICT restrict
-+#else
-+#define Z_RESTRICT
-+#endif
-+
-+typedef uint8x16_t chunkcopy_chunk_t;
-+#define CHUNKCOPY_CHUNK_SIZE sizeof(chunkcopy_chunk_t)
-+
-+/*
-+   Ask the compiler to perform a wide, unaligned load with an machine
-+   instruction appropriate for the chunkcopy_chunk_t type.
-+ */
-+static inline chunkcopy_chunk_t loadchunk(const unsigned char FAR *s) {
-+    chunkcopy_chunk_t c;
-+    __builtin_memcpy(&c, s, sizeof(c));
-+    return c;
-+}
-+
-+/*
-+   Ask the compiler to perform a wide, unaligned store with an machine
-+   instruction appropriate for the chunkcopy_chunk_t type.
-+ */
-+static inline void storechunk(unsigned char FAR *d, chunkcopy_chunk_t c) {
-+    __builtin_memcpy(d, &c, sizeof(c));
-+}
-+
-+/*
-+   Perform a memcpy-like operation, but assume that length is non-zero and that
-+   it's OK to overwrite at least CHUNKCOPY_CHUNK_SIZE bytes of output even if
-+   the length is shorter than this.
-+
-+   It also guarantees that it will properly unroll the data if the distance
-+   between `out` and `from` is at least CHUNKCOPY_CHUNK_SIZE, which we rely on
-+   in chunkcopy_relaxed().
-+
-+   Aside from better memory bus utilisation, this means that short copies
-+   (CHUNKCOPY_CHUNK_SIZE bytes or fewer) will fall straight through the loop
-+   without iteration, which will hopefully make the branch prediction more
-+   reliable.
-+ */
-+static inline unsigned char FAR *chunkcopy_core(unsigned char FAR *out,
-+                                                const unsigned char FAR *from,
-+                                                unsigned len) {
-+    int bump = (--len % CHUNKCOPY_CHUNK_SIZE) + 1;
-+    storechunk(out, loadchunk(from));
-+    out += bump;
-+    from += bump;
-+    len /= CHUNKCOPY_CHUNK_SIZE;
-+    while (len-- > 0) {
-+        storechunk(out, loadchunk(from));
-+        out += CHUNKCOPY_CHUNK_SIZE;
-+        from += CHUNKCOPY_CHUNK_SIZE;
-+    }
-+    return out;
-+}
-+
-+/*
-+   Like chunkcopy_core, but avoid writing beyond of legal output.
-+
-+   Accepts an additional pointer to the end of safe output.  A generic safe
-+   copy would use (out + len), but it's normally the case that the end of the
-+   output buffer is beyond the end of the current copy, and this can still be
-+   exploited.
-+ */
-+static inline unsigned char FAR *chunkcopy_core_safe(unsigned char FAR *out,
-+                                                     const unsigned char FAR * from,
-+                                                     unsigned len,
-+                                                     unsigned char FAR *limit) {
-+    Assert(out + len <= limit, "chunk copy exceeds safety limit");
-+    if (limit - out < CHUNKCOPY_CHUNK_SIZE) {
-+        const unsigned char FAR * Z_RESTRICT rfrom = from;
-+        if (len & 8) { __builtin_memcpy(out, rfrom, 8); out += 8; rfrom += 8; }
-+        if (len & 4) { __builtin_memcpy(out, rfrom, 4); out += 4; rfrom += 4; }
-+        if (len & 2) { __builtin_memcpy(out, rfrom, 2); out += 2; rfrom += 2; }
-+        if (len & 1) { *out++ = *rfrom++; }
-+        return out;
-+    }
-+    return chunkcopy_core(out, from, len);
-+}
-+
-+/*
-+   Perform short copies until distance can be rewritten as being at least
-+   CHUNKCOPY_CHUNK_SIZE.
-+
-+   This assumes that it's OK to overwrite at least the first
-+   2*CHUNKCOPY_CHUNK_SIZE bytes of output even if the copy is shorter than
-+   this.  This assumption holds within inflate_fast() which starts every
-+   iteration with at least 258 bytes of output space available (258 being the
-+   maximum length output from a single token; see inffast.c).
-+ */
-+static inline unsigned char FAR *chunkunroll_relaxed(unsigned char FAR *out,
-+                                                     unsigned FAR *dist,
-+                                                     unsigned FAR *len) {
-+    const unsigned char FAR *from = out - *dist;
-+    while (*dist < *len && *dist < CHUNKCOPY_CHUNK_SIZE) {
-+        storechunk(out, loadchunk(from));
-+        out += *dist;
-+        *len -= *dist;
-+        *dist += *dist;
-+    }
-+    return out;
-+}
-+
-+
-+static inline uint8x16_t chunkset_vld1q_dup_u8x8(const unsigned char FAR * Z_RESTRICT from) {
-+#if defined(__clang__) || defined(__aarch64__)
-+    return vreinterpretq_u8_u64(vld1q_dup_u64((void *)from));
-+#else
-+    /* 32-bit GCC uses an alignment hint for vld1q_dup_u64, even when given a
-+     * void pointer, so here's an alternate implementation.
-+     */
-+    uint8x8_t h = vld1_u8(from);
-+    return vcombine_u8(h, h);
-+#endif
-+}
-+
-+/*
-+   Perform an overlapping copy which behaves as a memset() operation, but
-+   supporting periods other than one, and assume that length is non-zero and
-+   that it's OK to overwrite at least CHUNKCOPY_CHUNK_SIZE*3 bytes of output
-+   even if the length is shorter than this.
-+ */
-+static inline unsigned char FAR *chunkset_core(unsigned char FAR *out,
-+                                               unsigned period,
-+                                               unsigned len) {
-+    uint8x16_t f;
-+    int bump = ((len - 1) % sizeof(f)) + 1;
-+
-+    switch (period) {
-+    case 1:
-+        f = vld1q_dup_u8(out - 1);
-+        vst1q_u8(out, f);
-+        out += bump;
-+        len -= bump;
-+        while (len > 0) {
-+            vst1q_u8(out, f);
-+            out += sizeof(f);
-+            len -= sizeof(f);
-+        }
-+        return out;
-+    case 2:
-+        f = vreinterpretq_u8_u16(vld1q_dup_u16((void *)(out - 2)));
-+        vst1q_u8(out, f);
-+        out += bump;
-+        len -= bump;
-+        if (len > 0) {
-+            f = vreinterpretq_u8_u16(vld1q_dup_u16((void *)(out - 2)));
-+            do {
-+                vst1q_u8(out, f);
-+                out += sizeof(f);
-+                len -= sizeof(f);
-+            } while (len > 0);
-+        }
-+        return out;
-+    case 4:
-+        f = vreinterpretq_u8_u32(vld1q_dup_u32((void *)(out - 4)));
-+        vst1q_u8(out, f);
-+        out += bump;
-+        len -= bump;
-+        if (len > 0) {
-+            f = vreinterpretq_u8_u32(vld1q_dup_u32((void *)(out - 4)));
-+            do {
-+                vst1q_u8(out, f);
-+                out += sizeof(f);
-+                len -= sizeof(f);
-+            } while (len > 0);
-+        }
-+        return out;
-+    case 8:
-+        f = chunkset_vld1q_dup_u8x8(out - 8);
-+        vst1q_u8(out, f);
-+        out += bump;
-+        len -= bump;
-+        if (len > 0) {
-+            f = chunkset_vld1q_dup_u8x8(out - 8);
-+            do {
-+                vst1q_u8(out, f);
-+                out += sizeof(f);
-+                len -= sizeof(f);
-+            } while (len > 0);
-+        }
-+        return out;
-+    }
-+    out = chunkunroll_relaxed(out, &period, &len);
-+    return chunkcopy_core(out, out - period, len);
-+}
-+
-+/*
-+   Perform a memcpy-like operation, but assume that length is non-zero and that
-+   it's OK to overwrite at least CHUNKCOPY_CHUNK_SIZE bytes of output even if
-+   the length is shorter than this.
-+
-+   Unlike chunkcopy_core() above, no guarantee is made regarding the behaviour
-+   of overlapping buffers, regardless of the distance between the pointers.
-+   This is reflected in the `restrict`-qualified pointers, allowing the
-+   compiler to reorder loads and stores.
-+ */
-+static inline unsigned char FAR *chunkcopy_relaxed(unsigned char FAR * Z_RESTRICT out,
-+                                                   const unsigned char FAR * Z_RESTRICT from,
-+                                                   unsigned len) {
-+    return chunkcopy_core(out, from, len);
-+}
-+
-+/*
-+   Like chunkcopy_relaxed, but avoid writing beyond of legal output.
-+
-+   Unlike chunkcopy_core_safe() above, no guarantee is made regarding the
-+   behaviour of overlapping buffers, regardless of the distance between the
-+   pointers.  This is reflected in the `restrict`-qualified pointers, allowing
-+   the compiler to reorder loads and stores.
-+
-+   Accepts an additional pointer to the end of safe output.  A generic safe
-+   copy would use (out + len), but it's normally the case that the end of the
-+   output buffer is beyond the end of the current copy, and this can still be
-+   exploited.
-+ */
-+static inline unsigned char FAR *chunkcopy_safe(unsigned char FAR *out,
-+                                                const unsigned char FAR * Z_RESTRICT from,
-+                                                unsigned len,
-+                                                unsigned char FAR *limit) {
-+    Assert(out + len <= limit, "chunk copy exceeds safety limit");
-+    return chunkcopy_core_safe(out, from, len, limit);
-+}
-+
-+/*
-+   Perform chunky copy within the same buffer, where the source and destination
-+   may potentially overlap.
-+
-+   Assumes that len > 0 on entry, and that it's safe to write at least
-+   CHUNKCOPY_CHUNK_SIZE*3 bytes to the output.
-+ */
-+static inline unsigned char FAR *chunkcopy_lapped_relaxed(unsigned char FAR *out,
-+                                                          unsigned dist,
-+                                                          unsigned len) {
-+    if (dist < len && dist < CHUNKCOPY_CHUNK_SIZE) {
-+        return chunkset_core(out, dist, len);
-+    }
-+    return chunkcopy_core(out, out - dist, len);
-+}
-+
-+/*
-+   Behave like chunkcopy_lapped_relaxed, but avoid writing beyond of legal output.
-+
-+   Accepts an additional pointer to the end of safe output.  A generic safe
-+   copy would use (out + len), but it's normally the case that the end of the
-+   output buffer is beyond the end of the current copy, and this can still be
-+   exploited.
-+ */
-+static inline unsigned char FAR *chunkcopy_lapped_safe(unsigned char FAR *out,
-+                                                       unsigned dist,
-+                                                       unsigned len,
-+                                                       unsigned char FAR *limit) {
-+    Assert(out + len <= limit, "chunk copy exceeds safety limit");
-+    if (limit - out < CHUNKCOPY_CHUNK_SIZE * 3) {
-+        /* TODO: try harder to optimise this */
-+        while (len-- > 0) {
-+            *out = *(out - dist);
-+            out++;
-+        }
-+        return out;
-+    }
-+    return chunkcopy_lapped_relaxed(out, dist, len);
-+}
-+
-+#undef Z_RESTRICT
-+
-+#endif /* CHUNKCOPY_H */
-diff --git a/contrib/arm/inffast.c b/contrib/arm/inffast.c
-index 0dbd1dbc..f7f50071 100644
---- a/contrib/arm/inffast.c
-+++ b/contrib/arm/inffast.c
-@@ -7,6 +7,7 @@
- #include "inftrees.h"
- #include "inflate.h"
- #include "inffast.h"
-+#include "chunkcopy.h"
- 
- #ifdef ASMINF
- #  pragma message("Assembler code may have bugs -- use at your own risk")
-@@ -57,6 +58,7 @@ unsigned start;         /* inflate()'s starting value for strm->avail_out */
-     unsigned char FAR *out;     /* local strm->next_out */
-     unsigned char FAR *beg;     /* inflate()'s initial strm->next_out */
-     unsigned char FAR *end;     /* while out < end, enough space available */
-+    unsigned char FAR *limit;   /* safety limit for chunky copies */
- #ifdef INFLATE_STRICT
-     unsigned dmax;              /* maximum distance from zlib header */
- #endif
-@@ -84,12 +86,13 @@ unsigned start;         /* inflate()'s starting value for strm->avail_out */
-     out = strm->next_out;
-     beg = out - (start - strm->avail_out);
-     end = out + (strm->avail_out - 257);
-+    limit = out + strm->avail_out;
- #ifdef INFLATE_STRICT
-     dmax = state->dmax;
- #endif
-     wsize = state->wsize;
-     whave = state->whave;
--    wnext = state->wnext;
-+    wnext = (state->wnext == 0 && whave >= wsize) ? wsize : state->wnext;
-     window = state->window;
-     hold = state->hold;
-     bits = state->bits;
-@@ -197,70 +200,51 @@ unsigned start;         /* inflate()'s starting value for strm->avail_out */
- #endif
-                     }
-                     from = window;
--                    if (wnext == 0) {           /* very common case */
--                        from += wsize - op;
--                        if (op < len) {         /* some from window */
--                            len -= op;
--                            do {
--                                *out++ = *from++;
--                            } while (--op);
--                            from = out - dist;  /* rest from output */
--                        }
-+                    if (wnext >= op) {          /* contiguous in window */
-+                        from += wnext - op;
-                     }
--                    else if (wnext < op) {      /* wrap around window */
--                        from += wsize + wnext - op;
-+                    else {                      /* wrap around window */
-                         op -= wnext;
-+                        from += wsize - op;
-                         if (op < len) {         /* some from end of window */
-                             len -= op;
--                            do {
--                                *out++ = *from++;
--                            } while (--op);
--                            from = window;
--                            if (wnext < len) {  /* some from start of window */
--                                op = wnext;
--                                len -= op;
--                                do {
--                                    *out++ = *from++;
--                                } while (--op);
--                                from = out - dist;      /* rest from output */
--                            }
-+                            out = chunkcopy_safe(out, from, op, limit);
-+                            from = window;      /* more from start of window */
-+                            op = wnext;
-+                            /* This (rare) case can create a situation where
-+                               the first chunkcopy below must be checked.
-+                             */
-                         }
-                     }
--                    else {                      /* contiguous in window */
--                        from += wnext - op;
--                        if (op < len) {         /* some from window */
--                            len -= op;
--                            do {
--                                *out++ = *from++;
--                            } while (--op);
--                            from = out - dist;  /* rest from output */
--                        }
--                    }
--                    while (len > 2) {
--                        *out++ = *from++;
--                        *out++ = *from++;
--                        *out++ = *from++;
--                        len -= 3;
--                    }
--                    if (len) {
--                        *out++ = *from++;
--                        if (len > 1)
--                            *out++ = *from++;
-+                    if (op < len) {             /* still need some from output */
-+                        out = chunkcopy_safe(out, from, op, limit);
-+                        len -= op;
-+                        /* When dist is small the amount of data that can be
-+                           copied from the window is also small, and progress
-+                           towards the dangerous end of the output buffer is
-+                           also small.  This means that for trivial memsets and
-+                           for chunkunroll_relaxed() a safety check is
-+                           unnecessary.  However, these conditions may not be
-+                           entered at all, and in that case it's possible that
-+                           the main copy is near the end.
-+                          */
-+                        out = chunkunroll_relaxed(out, &dist, &len);
-+                        out = chunkcopy_safe(out, out - dist, len, limit);
-+                    } else {
-+                        /* from points to window, so there is no risk of
-+                           overlapping pointers requiring memset-like behaviour
-+                         */
-+                        out = chunkcopy_safe(out, from, len, limit);
-                     }
-                 }
-                 else {
--                    from = out - dist;          /* copy direct from output */
--                    do {                        /* minimum length is three */
--                        *out++ = *from++;
--                        *out++ = *from++;
--                        *out++ = *from++;
--                        len -= 3;
--                    } while (len > 2);
--                    if (len) {
--                        *out++ = *from++;
--                        if (len > 1)
--                            *out++ = *from++;
--                    }
-+                    /* Whole reference is in range of current output.  No
-+                       range checks are necessary because we start with room
-+                       for at least 258 bytes of output, so unroll and roundoff
-+                       operations can write beyond `out+len` so long as they
-+                       stay within 258 bytes of `out`.
-+                     */
-+                    out = chunkcopy_lapped_relaxed(out, dist, len);
-                 }
-             }
-             else if ((op & 64) == 0) {          /* 2nd level distance code */
-diff --git a/contrib/arm/inflate.c b/contrib/arm/inflate.c
-index ac333e8c..e40322c3 100644
---- a/contrib/arm/inflate.c
-+++ b/contrib/arm/inflate.c
-@@ -84,6 +84,7 @@
- #include "inftrees.h"
- #include "inflate.h"
- #include "inffast.h"
-+#include "contrib/arm/chunkcopy.h"
- 
- #ifdef MAKEFIXED
- #  ifndef BUILDFIXED
-@@ -405,10 +406,20 @@ unsigned copy;
- 
-     /* if it hasn't been done already, allocate space for the window */
-     if (state->window == Z_NULL) {
-+        unsigned wsize = 1U << state->wbits;
-         state->window = (unsigned char FAR *)
--                        ZALLOC(strm, 1U << state->wbits,
-+                        ZALLOC(strm, wsize + CHUNKCOPY_CHUNK_SIZE,
-                                sizeof(unsigned char));
-         if (state->window == Z_NULL) return 1;
-+#ifdef INFLATE_CLEAR_UNUSED_UNDEFINED
-+        /* Copies from the overflow portion of this buffer are undefined and
-+           may cause analysis tools to raise a warning if we don't initialize
-+           it.  However, this undefined data overwrites other undefined data
-+           and is subsequently either overwritten or left deliberately
-+           undefined at the end of decode; so there's really no point.
-+         */
-+        memset(state->window + wsize, 0, CHUNKCOPY_CHUNK_SIZE);
-+#endif
-     }
- 
-     /* if window not in use yet, initialize */
-@@ -1175,17 +1186,16 @@ int flush;
-                 else
-                     from = state->window + (state->wnext - copy);
-                 if (copy > state->length) copy = state->length;
-+                if (copy > left) copy = left;
-+                put = chunkcopy_safe(put, from, copy, put + left);
-             }
-             else {                              /* copy from output */
--                from = put - state->offset;
-                 copy = state->length;
-+                if (copy > left) copy = left;
-+                put = chunkcopy_lapped_safe(put, state->offset, copy, put + left);
-             }
--            if (copy > left) copy = left;
-             left -= copy;
-             state->length -= copy;
--            do {
--                *put++ = *from++;
--            } while (--copy);
-             if (state->length == 0) state->mode = LEN;
-             break;
-         case LIT:

package/libs/zlib/patches/003-arm-specific-optimisations-for-inflate.patch

@@ -0,0 +1,501 @@
+From 247147654fe5cd11cf15d8dff91440405ea57040 Mon Sep 17 00:00:00 2001
+From: Simon Hosie <simon.hosie@arm.com>
+Date: Wed, 12 Apr 2017 15:44:21 -0700
+Subject: [PATCH 2/2] Inflate using wider loads and stores
+
+In inflate_fast() the output pointer always has plenty of room to write. This
+means that so long as the target is capable, wide un-aligned loads and stores
+can be used to transfer several bytes at once. When the reference distance is
+too short simply unroll the data a little to increase the distance.
+
+Change-Id: I59854eb25d2b1e43561c8a2afaf9175bf10cf674
+---
+ contrib/arm/chunkcopy.h | 279 ++++++++++++++++++++++++++++++++++++++++++++++++
+ contrib/arm/inffast.c   |  96 +++++++----------
+ contrib/arm/inflate.c   |  22 ++--
+ 3 files changed, 335 insertions(+), 62 deletions(-)
+ create mode 100644 contrib/arm/chunkcopy.h
+
+diff --git a/contrib/arm/chunkcopy.h b/contrib/arm/chunkcopy.h
+new file mode 100644
+index 00000000..2d6fd6f9
+--- /dev/null
++++ b/contrib/arm/chunkcopy.h
+@@ -0,0 +1,279 @@
++/* chunkcopy.h -- fast copies and sets
++ * Copyright (C) 2017 ARM, Inc.
++ * For conditions of distribution and use, see copyright notice in zlib.h
++ */
++
++#ifndef CHUNKCOPY_H
++#define CHUNKCOPY_H
++
++#include "zutil.h"
++#include <arm_neon.h>
++
++#if __STDC_VERSION__ >= 199901L
++#define Z_RESTRICT restrict
++#else
++#define Z_RESTRICT
++#endif
++
++typedef uint8x16_t chunkcopy_chunk_t;
++#define CHUNKCOPY_CHUNK_SIZE sizeof(chunkcopy_chunk_t)
++
++/*
++   Ask the compiler to perform a wide, unaligned load with an machine
++   instruction appropriate for the chunkcopy_chunk_t type.
++ */
++static inline chunkcopy_chunk_t loadchunk(const unsigned char FAR *s) {
++    chunkcopy_chunk_t c;
++    __builtin_memcpy(&c, s, sizeof(c));
++    return c;
++}
++
++/*
++   Ask the compiler to perform a wide, unaligned store with an machine
++   instruction appropriate for the chunkcopy_chunk_t type.
++ */
++static inline void storechunk(unsigned char FAR *d, chunkcopy_chunk_t c) {
++    __builtin_memcpy(d, &c, sizeof(c));
++}
++
++/*
++   Perform a memcpy-like operation, but assume that length is non-zero and that
++   it's OK to overwrite at least CHUNKCOPY_CHUNK_SIZE bytes of output even if
++   the length is shorter than this.
++
++   It also guarantees that it will properly unroll the data if the distance
++   between `out` and `from` is at least CHUNKCOPY_CHUNK_SIZE, which we rely on
++   in chunkcopy_relaxed().
++
++   Aside from better memory bus utilisation, this means that short copies
++   (CHUNKCOPY_CHUNK_SIZE bytes or fewer) will fall straight through the loop
++   without iteration, which will hopefully make the branch prediction more
++   reliable.
++ */
++static inline unsigned char FAR *chunkcopy_core(unsigned char FAR *out,
++                                                const unsigned char FAR *from,
++                                                unsigned len) {
++    int bump = (--len % CHUNKCOPY_CHUNK_SIZE) + 1;
++    storechunk(out, loadchunk(from));
++    out += bump;
++    from += bump;
++    len /= CHUNKCOPY_CHUNK_SIZE;
++    while (len-- > 0) {
++        storechunk(out, loadchunk(from));
++        out += CHUNKCOPY_CHUNK_SIZE;
++        from += CHUNKCOPY_CHUNK_SIZE;
++    }
++    return out;
++}
++
++/*
++   Like chunkcopy_core, but avoid writing beyond of legal output.
++
++   Accepts an additional pointer to the end of safe output.  A generic safe
++   copy would use (out + len), but it's normally the case that the end of the
++   output buffer is beyond the end of the current copy, and this can still be
++   exploited.
++ */
++static inline unsigned char FAR *chunkcopy_core_safe(unsigned char FAR *out,
++                                                     const unsigned char FAR * from,
++                                                     unsigned len,
++                                                     unsigned char FAR *limit) {
++    Assert(out + len <= limit, "chunk copy exceeds safety limit");
++    if (limit - out < CHUNKCOPY_CHUNK_SIZE) {
++        const unsigned char FAR * Z_RESTRICT rfrom = from;
++        if (len & 8) { __builtin_memcpy(out, rfrom, 8); out += 8; rfrom += 8; }
++        if (len & 4) { __builtin_memcpy(out, rfrom, 4); out += 4; rfrom += 4; }
++        if (len & 2) { __builtin_memcpy(out, rfrom, 2); out += 2; rfrom += 2; }
++        if (len & 1) { *out++ = *rfrom++; }
++        return out;
++    }
++    return chunkcopy_core(out, from, len);
++}
++
++/*
++   Perform short copies until distance can be rewritten as being at least
++   CHUNKCOPY_CHUNK_SIZE.
++
++   This assumes that it's OK to overwrite at least the first
++   2*CHUNKCOPY_CHUNK_SIZE bytes of output even if the copy is shorter than
++   this.  This assumption holds within inflate_fast() which starts every
++   iteration with at least 258 bytes of output space available (258 being the
++   maximum length output from a single token; see inffast.c).
++ */
++static inline unsigned char FAR *chunkunroll_relaxed(unsigned char FAR *out,
++                                                     unsigned FAR *dist,
++                                                     unsigned FAR *len) {
++    const unsigned char FAR *from = out - *dist;
++    while (*dist < *len && *dist < CHUNKCOPY_CHUNK_SIZE) {
++        storechunk(out, loadchunk(from));
++        out += *dist;
++        *len -= *dist;
++        *dist += *dist;
++    }
++    return out;
++}
++
++
++static inline uint8x16_t chunkset_vld1q_dup_u8x8(const unsigned char FAR * Z_RESTRICT from) {
++#if defined(__clang__) || defined(__aarch64__)
++    return vreinterpretq_u8_u64(vld1q_dup_u64((void *)from));
++#else
++    /* 32-bit GCC uses an alignment hint for vld1q_dup_u64, even when given a
++     * void pointer, so here's an alternate implementation.
++     */
++    uint8x8_t h = vld1_u8(from);
++    return vcombine_u8(h, h);
++#endif
++}
++
++/*
++   Perform an overlapping copy which behaves as a memset() operation, but
++   supporting periods other than one, and assume that length is non-zero and
++   that it's OK to overwrite at least CHUNKCOPY_CHUNK_SIZE*3 bytes of output
++   even if the length is shorter than this.
++ */
++static inline unsigned char FAR *chunkset_core(unsigned char FAR *out,
++                                               unsigned period,
++                                               unsigned len) {
++    uint8x16_t f;
++    int bump = ((len - 1) % sizeof(f)) + 1;
++
++    switch (period) {
++    case 1:
++        f = vld1q_dup_u8(out - 1);
++        vst1q_u8(out, f);
++        out += bump;
++        len -= bump;
++        while (len > 0) {
++            vst1q_u8(out, f);
++            out += sizeof(f);
++            len -= sizeof(f);
++        }
++        return out;
++    case 2:
++        f = vreinterpretq_u8_u16(vld1q_dup_u16((void *)(out - 2)));
++        vst1q_u8(out, f);
++        out += bump;
++        len -= bump;
++        if (len > 0) {
++            f = vreinterpretq_u8_u16(vld1q_dup_u16((void *)(out - 2)));
++            do {
++                vst1q_u8(out, f);
++                out += sizeof(f);
++                len -= sizeof(f);
++            } while (len > 0);
++        }
++        return out;
++    case 4:
++        f = vreinterpretq_u8_u32(vld1q_dup_u32((void *)(out - 4)));
++        vst1q_u8(out, f);
++        out += bump;
++        len -= bump;
++        if (len > 0) {
++            f = vreinterpretq_u8_u32(vld1q_dup_u32((void *)(out - 4)));
++            do {
++                vst1q_u8(out, f);
++                out += sizeof(f);
++                len -= sizeof(f);
++            } while (len > 0);
++        }
++        return out;
++    case 8:
++        f = chunkset_vld1q_dup_u8x8(out - 8);
++        vst1q_u8(out, f);
++        out += bump;
++        len -= bump;
++        if (len > 0) {
++            f = chunkset_vld1q_dup_u8x8(out - 8);
++            do {
++                vst1q_u8(out, f);
++                out += sizeof(f);
++                len -= sizeof(f);
++            } while (len > 0);
++        }
++        return out;
++    }
++    out = chunkunroll_relaxed(out, &period, &len);
++    return chunkcopy_core(out, out - period, len);
++}
++
++/*
++   Perform a memcpy-like operation, but assume that length is non-zero and that
++   it's OK to overwrite at least CHUNKCOPY_CHUNK_SIZE bytes of output even if
++   the length is shorter than this.
++
++   Unlike chunkcopy_core() above, no guarantee is made regarding the behaviour
++   of overlapping buffers, regardless of the distance between the pointers.
++   This is reflected in the `restrict`-qualified pointers, allowing the
++   compiler to reorder loads and stores.
++ */
++static inline unsigned char FAR *chunkcopy_relaxed(unsigned char FAR * Z_RESTRICT out,
++                                                   const unsigned char FAR * Z_RESTRICT from,
++                                                   unsigned len) {
++    return chunkcopy_core(out, from, len);
++}
++
++/*
++   Like chunkcopy_relaxed, but avoid writing beyond of legal output.
++
++   Unlike chunkcopy_core_safe() above, no guarantee is made regarding the
++   behaviour of overlapping buffers, regardless of the distance between the
++   pointers.  This is reflected in the `restrict`-qualified pointers, allowing
++   the compiler to reorder loads and stores.
++
++   Accepts an additional pointer to the end of safe output.  A generic safe
++   copy would use (out + len), but it's normally the case that the end of the
++   output buffer is beyond the end of the current copy, and this can still be
++   exploited.
++ */
++static inline unsigned char FAR *chunkcopy_safe(unsigned char FAR *out,
++                                                const unsigned char FAR * Z_RESTRICT from,
++                                                unsigned len,
++                                                unsigned char FAR *limit) {
++    Assert(out + len <= limit, "chunk copy exceeds safety limit");
++    return chunkcopy_core_safe(out, from, len, limit);
++}
++
++/*
++   Perform chunky copy within the same buffer, where the source and destination
++   may potentially overlap.
++
++   Assumes that len > 0 on entry, and that it's safe to write at least
++   CHUNKCOPY_CHUNK_SIZE*3 bytes to the output.
++ */
++static inline unsigned char FAR *chunkcopy_lapped_relaxed(unsigned char FAR *out,
++                                                          unsigned dist,
++                                                          unsigned len) {
++    if (dist < len && dist < CHUNKCOPY_CHUNK_SIZE) {
++        return chunkset_core(out, dist, len);
++    }
++    return chunkcopy_core(out, out - dist, len);
++}
++
++/*
++   Behave like chunkcopy_lapped_relaxed, but avoid writing beyond of legal output.
++
++   Accepts an additional pointer to the end of safe output.  A generic safe
++   copy would use (out + len), but it's normally the case that the end of the
++   output buffer is beyond the end of the current copy, and this can still be
++   exploited.
++ */
++static inline unsigned char FAR *chunkcopy_lapped_safe(unsigned char FAR *out,
++                                                       unsigned dist,
++                                                       unsigned len,
++                                                       unsigned char FAR *limit) {
++    Assert(out + len <= limit, "chunk copy exceeds safety limit");
++    if (limit - out < CHUNKCOPY_CHUNK_SIZE * 3) {
++        /* TODO: try harder to optimise this */
++        while (len-- > 0) {
++            *out = *(out - dist);
++            out++;
++        }
++        return out;
++    }
++    return chunkcopy_lapped_relaxed(out, dist, len);
++}
++
++#undef Z_RESTRICT
++
++#endif /* CHUNKCOPY_H */
+diff --git a/contrib/arm/inffast.c b/contrib/arm/inffast.c
+index 0dbd1dbc..f7f50071 100644
+--- a/contrib/arm/inffast.c
++++ b/contrib/arm/inffast.c
+@@ -7,6 +7,7 @@
+ #include "inftrees.h"
+ #include "inflate.h"
+ #include "inffast.h"
++#include "chunkcopy.h"
+ 
+ #ifdef ASMINF
+ #  pragma message("Assembler code may have bugs -- use at your own risk")
+@@ -57,6 +58,7 @@ unsigned start;         /* inflate()'s starting value for strm->avail_out */
+     unsigned char FAR *out;     /* local strm->next_out */
+     unsigned char FAR *beg;     /* inflate()'s initial strm->next_out */
+     unsigned char FAR *end;     /* while out < end, enough space available */
++    unsigned char FAR *limit;   /* safety limit for chunky copies */
+ #ifdef INFLATE_STRICT
+     unsigned dmax;              /* maximum distance from zlib header */
+ #endif
+@@ -84,12 +86,13 @@ unsigned start;         /* inflate()'s starting value for strm->avail_out */
+     out = strm->next_out;
+     beg = out - (start - strm->avail_out);
+     end = out + (strm->avail_out - 257);
++    limit = out + strm->avail_out;
+ #ifdef INFLATE_STRICT
+     dmax = state->dmax;
+ #endif
+     wsize = state->wsize;
+     whave = state->whave;
+-    wnext = state->wnext;
++    wnext = (state->wnext == 0 && whave >= wsize) ? wsize : state->wnext;
+     window = state->window;
+     hold = state->hold;
+     bits = state->bits;
+@@ -197,70 +200,51 @@ unsigned start;         /* inflate()'s starting value for strm->avail_out */
+ #endif
+                     }
+                     from = window;
+-                    if (wnext == 0) {           /* very common case */
+-                        from += wsize - op;
+-                        if (op < len) {         /* some from window */
+-                            len -= op;
+-                            do {
+-                                *out++ = *from++;
+-                            } while (--op);
+-                            from = out - dist;  /* rest from output */
+-                        }
++                    if (wnext >= op) {          /* contiguous in window */
++                        from += wnext - op;
+                     }
+-                    else if (wnext < op) {      /* wrap around window */
+-                        from += wsize + wnext - op;
++                    else {                      /* wrap around window */
+                         op -= wnext;
++                        from += wsize - op;
+                         if (op < len) {         /* some from end of window */
+                             len -= op;
+-                            do {
+-                                *out++ = *from++;
+-                            } while (--op);
+-                            from = window;
+-                            if (wnext < len) {  /* some from start of window */
+-                                op = wnext;
+-                                len -= op;
+-                                do {
+-                                    *out++ = *from++;
+-                                } while (--op);
+-                                from = out - dist;      /* rest from output */
+-                            }
++                            out = chunkcopy_safe(out, from, op, limit);
++                            from = window;      /* more from start of window */
++                            op = wnext;
++                            /* This (rare) case can create a situation where
++                               the first chunkcopy below must be checked.
++                             */
+                         }
+                     }
+-                    else {                      /* contiguous in window */
+-                        from += wnext - op;
+-                        if (op < len) {         /* some from window */
+-                            len -= op;
+-                            do {
+-                                *out++ = *from++;
+-                            } while (--op);
+-                            from = out - dist;  /* rest from output */
+-                        }
+-                    }
+-                    while (len > 2) {
+-                        *out++ = *from++;
+-                        *out++ = *from++;
+-                        *out++ = *from++;
+-                        len -= 3;
+-                    }
+-                    if (len) {
+-                        *out++ = *from++;
+-                        if (len > 1)
+-                            *out++ = *from++;
++                    if (op < len) {             /* still need some from output */
++                        out = chunkcopy_safe(out, from, op, limit);
++                        len -= op;
++                        /* When dist is small the amount of data that can be
++                           copied from the window is also small, and progress
++                           towards the dangerous end of the output buffer is
++                           also small.  This means that for trivial memsets and
++                           for chunkunroll_relaxed() a safety check is
++                           unnecessary.  However, these conditions may not be
++                           entered at all, and in that case it's possible that
++                           the main copy is near the end.
++                          */
++                        out = chunkunroll_relaxed(out, &dist, &len);
++                        out = chunkcopy_safe(out, out - dist, len, limit);
++                    } else {
++                        /* from points to window, so there is no risk of
++                           overlapping pointers requiring memset-like behaviour
++                         */
++                        out = chunkcopy_safe(out, from, len, limit);
+                     }
+                 }
+                 else {
+-                    from = out - dist;          /* copy direct from output */
+-                    do {                        /* minimum length is three */
+-                        *out++ = *from++;
+-                        *out++ = *from++;
+-                        *out++ = *from++;
+-                        len -= 3;
+-                    } while (len > 2);
+-                    if (len) {
+-                        *out++ = *from++;
+-                        if (len > 1)
+-                            *out++ = *from++;
+-                    }
++                    /* Whole reference is in range of current output.  No
++                       range checks are necessary because we start with room
++                       for at least 258 bytes of output, so unroll and roundoff
++                       operations can write beyond `out+len` so long as they
++                       stay within 258 bytes of `out`.
++                     */
++                    out = chunkcopy_lapped_relaxed(out, dist, len);
+                 }
+             }
+             else if ((op & 64) == 0) {          /* 2nd level distance code */
+diff --git a/contrib/arm/inflate.c b/contrib/arm/inflate.c
+index ac333e8c..e40322c3 100644
+--- a/contrib/arm/inflate.c
++++ b/contrib/arm/inflate.c
+@@ -84,6 +84,7 @@
+ #include "inftrees.h"
+ #include "inflate.h"
+ #include "inffast.h"
++#include "contrib/arm/chunkcopy.h"
+ 
+ #ifdef MAKEFIXED
+ #  ifndef BUILDFIXED
+@@ -405,10 +406,20 @@ unsigned copy;
+ 
+     /* if it hasn't been done already, allocate space for the window */
+     if (state->window == Z_NULL) {
++        unsigned wsize = 1U << state->wbits;
+         state->window = (unsigned char FAR *)
+-                        ZALLOC(strm, 1U << state->wbits,
++                        ZALLOC(strm, wsize + CHUNKCOPY_CHUNK_SIZE,
+                                sizeof(unsigned char));
+         if (state->window == Z_NULL) return 1;
++#ifdef INFLATE_CLEAR_UNUSED_UNDEFINED
++        /* Copies from the overflow portion of this buffer are undefined and
++           may cause analysis tools to raise a warning if we don't initialize
++           it.  However, this undefined data overwrites other undefined data
++           and is subsequently either overwritten or left deliberately
++           undefined at the end of decode; so there's really no point.
++         */
++        memset(state->window + wsize, 0, CHUNKCOPY_CHUNK_SIZE);
++#endif
+     }
+ 
+     /* if window not in use yet, initialize */
+@@ -1175,17 +1186,16 @@ int flush;
+                 else
+                     from = state->window + (state->wnext - copy);
+                 if (copy > state->length) copy = state->length;
++                if (copy > left) copy = left;
++                put = chunkcopy_safe(put, from, copy, put + left);
+             }
+             else {                              /* copy from output */
+-                from = put - state->offset;
+                 copy = state->length;
++                if (copy > left) copy = left;
++                put = chunkcopy_lapped_safe(put, state->offset, copy, put + left);
+             }
+-            if (copy > left) copy = left;
+             left -= copy;
+             state->length -= copy;
+-            do {
+-                *put++ = *from++;
+-            } while (--copy);
+             if (state->length == 0) state->mode = LEN;
+             break;
+         case LIT:

package/network/config/firewall/Makefile

@@ -13,9 +13,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall3.git
-PKG_SOURCE_DATE:=2020-09-05
-PKG_SOURCE_VERSION:=8c2f9fad9ca644af911e0d4113a890c3c84aa738
-PKG_MIRROR_HASH:=424a7906ed8957de3e85046248608dec7146078946161a517f8a5af9f536bad1
+PKG_SOURCE_DATE:=2021-03-23
+PKG_SOURCE_VERSION:=61db17edddb1f05e8107f0dbef6f7d060ce67483
+PKG_MIRROR_HASH:=b2eb09816640e14e2dae21fb54ea05c33858fe0004844fe8d99e541a2e19e9c0
 PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
 PKG_LICENSE:=ISC
 

package/network/services/hostapd/Makefile

@@ -7,7 +7,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
-PKG_RELEASE:=31
+PKG_RELEASE:=32
 
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git

package/network/services/hostapd/patches/020-ignore-4addr-mode-enabling-error.patch

@@ -0,0 +1,78 @@
+From c7cca9b08f3e1e49c4a4a59ec66c47d91448e6ae Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sat, 13 Feb 2021 23:59:28 +0200
+Subject: [PATCH] nl80211: Ignore 4addr mode enabling error if it was already
+ enabled
+
+nl80211_set_4addr_mode() could fail when trying to enable 4addr mode on
+an interface that is in a bridge and has 4addr mode already enabled.
+This operation would not have been necessary in the first place and this
+failure results in disconnecting, e.g., when roaming from one backhaul
+BSS to another BSS with Multi AP.
+
+Avoid this issue by ignoring the nl80211 command failure in the case
+where 4addr mode is being enabled while it has already been enabled.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/drivers/driver_nl80211.c | 23 +++++++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+
+diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
+index 72189da24..011a15e68 100644
+--- a/src/drivers/driver_nl80211.c
++++ b/src/drivers/driver_nl80211.c
+@@ -617,6 +617,7 @@ struct wiphy_idx_data {
+ 	int wiphy_idx;
+ 	enum nl80211_iftype nlmode;
+ 	u8 *macaddr;
++	u8 use_4addr;
+ };
+ 
+ 
+@@ -639,6 +640,9 @@ static int netdev_info_handler(struct nl_msg *msg, void *arg)
+ 		os_memcpy(info->macaddr, nla_data(tb[NL80211_ATTR_MAC]),
+ 			  ETH_ALEN);
+ 
++	if (tb[NL80211_ATTR_4ADDR])
++		info->use_4addr = nla_get_u8(tb[NL80211_ATTR_4ADDR]);
++
+ 	return NL_SKIP;
+ }
+ 
+@@ -691,6 +695,20 @@ static int nl80211_get_macaddr(struct i802_bss *bss)
+ }
+ 
+ 
++static int nl80211_get_4addr(struct i802_bss *bss)
++{
++	struct nl_msg *msg;
++	struct wiphy_idx_data data = {
++		.use_4addr = 0,
++	};
++
++	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_GET_INTERFACE)) ||
++	    send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data))
++		return -1;
++	return data.use_4addr;
++}
++
++
+ static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv,
+ 				    struct nl80211_wiphy_data *w)
+ {
+@@ -11482,6 +11500,11 @@ static int nl80211_set_4addr_mode(void *priv, const char *bridge_ifname,
+ 
+ 	ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+ 	msg = NULL;
++	if (ret && val && nl80211_get_4addr(bss) == 1) {
++		wpa_printf(MSG_DEBUG,
++			   "nl80211: 4addr mode was already enabled");
++		ret = 0;
++	}
+ 	if (!ret) {
+ 		if (bridge_ifname[0] && val &&
+ 		    i802_check_bridge(drv, bss, bridge_ifname, bss->ifname) < 0)
+-- 
+2.29.2
+

package/network/services/hostapd/patches/060-P2P-Fix-a-corner-case-in-peer-addition-based-on-PD-R.patch

@@ -0,0 +1,45 @@
+From 8460e3230988ef2ec13ce6b69b687e941f6cdb32 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Tue, 8 Dec 2020 23:52:50 +0200
+Subject: [PATCH] P2P: Fix a corner case in peer addition based on PD Request
+
+p2p_add_device() may remove the oldest entry if there is no room in the
+peer table for a new peer. This would result in any pointer to that
+removed entry becoming stale. A corner case with an invalid PD Request
+frame could result in such a case ending up using (read+write) freed
+memory. This could only by triggered when the peer table has reached its
+maximum size and the PD Request frame is received from the P2P Device
+Address of the oldest remaining entry and the frame has incorrect P2P
+Device Address in the payload.
+
+Fix this by fetching the dev pointer again after having called
+p2p_add_device() so that the stale pointer cannot be used.
+
+Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+---
+ src/p2p/p2p_pd.c | 12 +++++-------
+ 1 file changed, 5 insertions(+), 7 deletions(-)
+
+--- a/src/p2p/p2p_pd.c
++++ b/src/p2p/p2p_pd.c
+@@ -595,14 +595,12 @@ void p2p_process_prov_disc_req(struct p2
+ 			goto out;
+ 		}
+ 
++		dev = p2p_get_device(p2p, sa);
+ 		if (!dev) {
+-			dev = p2p_get_device(p2p, sa);
+-			if (!dev) {
+-				p2p_dbg(p2p,
+-					"Provision Discovery device not found "
+-					MACSTR, MAC2STR(sa));
+-				goto out;
+-			}
++			p2p_dbg(p2p,
++				"Provision Discovery device not found "
++				MACSTR, MAC2STR(sa));
++			goto out;
+ 		}
+ 	} else if (msg.wfd_subelems) {
+ 		wpabuf_free(dev->info.wfd_subelems);

package/network/services/hostapd/patches/130-wpa_supplicant-multi_ap_roam.patch

@@ -1,37 +0,0 @@
-From 8a4893dd06eb236460db4937f3c54e246739ad28 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Rapha=C3=ABl=20M=C3=A9lotte?= <raphael.melotte@mind.be>
-Date: Wed, 3 Feb 2021 14:23:17 +0100
-Subject: [PATCH] wpa_supplicant: multi_ap: only enable 4addr mode if not
- already enabled
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-If 4addr mode is already enabled, the call to enable it a second time
-may fail. If this happens when roaming, it leads to deauthentication.
-
-Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
----
- wpa_supplicant/events.c | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
---- a/wpa_supplicant/events.c
-+++ b/wpa_supplicant/events.c
-@@ -2589,11 +2589,13 @@ static void multi_ap_set_4addr_mode(stru
- 		goto fail;
- 	}
- 
--	if (wpa_drv_set_4addr_mode(wpa_s, 1) < 0) {
--		wpa_printf(MSG_ERROR, "Failed to set 4addr mode");
--		goto fail;
-+	if (wpa_s->enabled_4addr_mode == 0) {
-+		if (wpa_drv_set_4addr_mode(wpa_s, 1) < 0) {
-+			wpa_printf(MSG_ERROR, "Failed to set 4addr mode");
-+			goto fail;
-+		}
-+		wpa_s->enabled_4addr_mode = 1;
- 	}
--	wpa_s->enabled_4addr_mode = 1;
- 	return;
- 
- fail:

package/network/services/ppp/patches/610-pppd_compile_fix.patch

@@ -0,0 +1,12 @@
+--- a/pppd/Makefile.linux
++++ b/pppd/Makefile.linux
+@@ -48,7 +48,8 @@ MPPE=y
+ # Uncomment the next line to include support for PPP packet filtering.
+ # This requires that the libpcap library and headers be installed
+ # and that the kernel driver support PPP packet filtering.
+-#FILTER=y
++# libpcap statically linked in OpenWRT, hence disabled here.
++FILTER=
+ 
+ # Support for precompiled filters
+ PRECOMPILED_FILTER=y

package/network/services/uhttpd/Makefile

@@ -12,9 +12,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/uhttpd.git
-PKG_SOURCE_DATE:=2020-11-23
-PKG_SOURCE_VERSION:=f53a63999784bcb7dc513e221f3f25dd3de2f35e
-PKG_MIRROR_HASH:=b2b71f91a3affd1518b2887d2786be30ae0ac5204bbf65c9a84595603847995c
+PKG_SOURCE_DATE:=2021-03-21
+PKG_SOURCE_VERSION:=15346de8d3ba422002496526ee24c62a3601ab8c
+PKG_MIRROR_HASH:=819424d071ed7c8888f9ca66f679907831becc59a67dd4a5ec521d5fba0a3171
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 PKG_LICENSE:=ISC
 

package/network/services/uhttpd/files/ubus.default

@@ -1,13 +1,17 @@
 #!/bin/sh
 
+commit=0
+
 if [ -z "$(uci -q get uhttpd.main.ubus_prefix)" ]; then
 	uci set uhttpd.main.ubus_prefix=/ubus
-	uci commit uhttpd
+	commit=1
 fi
 
 [ "$(uci -q get uhttpd.main.ubus_socket)" = "/var/run/ubus.sock" ] && {
 	uci set uhttpd.main.ubus_socket='/var/run/ubus/ubus.sock'
-	uci commit uhttpd
+	commit=1
 }
 
+[ "$commit" = 1 ] && uci commit uhttpd && /etc/init.d/uhttpd reload
+
 exit 0

package/network/services/umdns/files/umdns.json

@@ -3,40 +3,44 @@
 	"syscalls": [
 		{
 			"names": [
-				"read",
-				"write",
-				"writev",
-				"open",
-				"close",
-				"time",
-				"brk",
-				"ioctl",
-				"uname",
 				"bind",
+				"brk",
+				"clock_gettime",
+				"close",
 				"connect",
-				"getsockname",
-				"recvmsg",
-				"recvfrom",
-				"sendmsg",
-				"sendto",
-				"setsockopt",
-				"socket",
-				"pipe",
-				"poll",
-				"fcntl64",
 				"epoll_create",
 				"epoll_create1",
 				"epoll_ctl",
-				"epoll_wait",
 				"epoll_pwait",
-				"rt_sigaction",
-				"sigreturn",
-				"rt_sigreturn",
-				"rt_sigprocmask",
-				"exit_group",
+				"epoll_wait",
 				"exit",
+				"exit_group",
 				"fcntl",
-				"clock_gettime"
+				"fcntl64",
+				"fstat",
+				"getsockname",
+				"ioctl",
+				"open",
+				"openat",
+				"pipe",
+				"pipe2",
+				"poll",
+				"ppoll",
+				"read",
+				"recvfrom",
+				"recvmsg",
+				"rt_sigaction",
+				"rt_sigprocmask",
+				"rt_sigreturn",
+				"sendmsg",
+				"sendto",
+				"setsockopt",
+				"sigreturn",
+				"socket",
+				"time",
+				"uname",
+				"write",
+				"writev"
 			],
 			"action": "SCMP_ACT_ALLOW"
 		}

package/network/services/wireguard/Makefile

@@ -1,88 +0,0 @@
-#
-# Copyright (C) 2016-2019 Jason A. Donenfeld <Jason@zx2c4.com>
-# Copyright (C) 2016 Baptiste Jonglez <openwrt@bitsofnetworks.org>
-# Copyright (C) 2016-2017 Dan Luedtke <mail@danrl.com>
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-
-include $(TOPDIR)/rules.mk
-include $(INCLUDE_DIR)/kernel.mk
-
-PKG_NAME:=wireguard
-
-PKG_VERSION:=1.0.20201112
-PKG_RELEASE:=1
-
-PKG_SOURCE:=wireguard-linux-compat-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=https://git.zx2c4.com/wireguard-linux-compat/snapshot/
-PKG_HASH:=89eae7f0c0bd6c8df3ba2e090984974ff68741a9f26aa0922890f8ca727897e1
-
-PKG_LICENSE:=GPL-2.0
-PKG_LICENSE_FILES:=COPYING
-
-PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/wireguard-linux-compat-$(PKG_VERSION)
-PKG_BUILD_PARALLEL:=1
-PKG_USE_MIPS16:=0
-
-# WireGuard's makefile needs this to know where to build the kernel module
-export KERNELDIR:=$(LINUX_DIR)
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/wireguard/Default
-  SECTION:=net
-  CATEGORY:=Network
-  SUBMENU:=VPN
-  URL:=https://www.wireguard.com
-  MAINTAINER:=Jason A. Donenfeld <Jason@zx2c4.com>
-endef
-
-define Package/wireguard/Default/description
-  WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes
-  state-of-the-art cryptography. It aims to be faster, simpler, leaner, and
-  more useful than IPSec, while avoiding the massive headache. It intends to
-  be considerably more performant than OpenVPN.  WireGuard is designed as a
-  general purpose VPN for running on embedded interfaces and super computers
-  alike, fit for many different circumstances. It uses UDP.
-endef
-
-define Package/wireguard
-  $(call Package/wireguard/Default)
-  TITLE:=WireGuard meta-package
-  DEPENDS:=+wireguard-tools +kmod-wireguard
-endef
-
-include $(INCLUDE_DIR)/kernel-defaults.mk
-include $(INCLUDE_DIR)/package-defaults.mk
-
-define Build/Compile
-	$(MAKE) $(KERNEL_MAKEOPTS) M="$(PKG_BUILD_DIR)/src" modules
-endef
-
-define Package/wireguard/install
-  true
-endef
-
-define Package/wireguard/description
-  $(call Package/wireguard/Default/description)
-endef
-
-define KernelPackage/wireguard
-  SECTION:=kernel
-  CATEGORY:=Kernel modules
-  SUBMENU:=Network Support
-  TITLE:=WireGuard kernel module
-  DEPENDS:=+IPV6:kmod-udptunnel6 +kmod-udptunnel4
-  FILES:= $(PKG_BUILD_DIR)/src/wireguard.$(LINUX_KMOD_SUFFIX)
-  AUTOLOAD:=$(call AutoProbe,wireguard)
-endef
-
-define KernelPackage/wireguard/description
-  $(call Package/wireguard/Default/description)
-
-  This package provides the kernel module for WireGuard.
-endef
-
-$(eval $(call BuildPackage,wireguard))
-$(eval $(call KernelPackage,wireguard))

package/network/utils/bpftools/Makefile

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=bpftools
 PKG_VERSION:=5.10.10
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=linux-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@KERNEL/linux/kernel/v5.x
@@ -93,10 +93,6 @@ ifneq ($(BUILD_VARIANT),lib)
   TARGET_LDFLAGS += -Wl,--gc-sections
 endif
 
-ifneq ($(INTL_FULL),)
-  TARGET_LDFLAGS += -Wl,-lintl
-endif
-
 MAKE_FLAGS += \
 	EXTRA_CFLAGS="$(TARGET_CFLAGS) $(TARGET_CPPFLAGS)" \
 	LDFLAGS="$(TARGET_LDFLAGS)" \
@@ -145,6 +141,10 @@ define Build/InstallDev/libbpf
 	$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
 	$(CP) $(PKG_INSTALL_DIR)/usr/lib$(LIB_SUFFIX)/pkgconfig/libbpf.pc \
 		$(1)/usr/lib/pkgconfig/
+	$(SED) 's,/usr/include,$$$${prefix}/include,g' \
+		$(1)/usr/lib/pkgconfig/libbpf.pc
+	$(SED) 's,/usr/lib,$$$${exec_prefix}/lib,g' \
+		$(1)/usr/lib/pkgconfig/libbpf.pc
 endef
 
 ifeq ($(BUILD_VARIANT),lib)
@@ -162,6 +162,6 @@ define Package/libbpf/install
 	$(CP) $(PKG_INSTALL_DIR)/usr/lib$(LIB_SUFFIX)/libbpf.so.* $(1)/usr/lib/
 endef
 
+$(eval $(call BuildPackage,libbpf))
 $(eval $(call BuildPackage,bpftool-full))
 $(eval $(call BuildPackage,bpftool-minimal))
-$(eval $(call BuildPackage,libbpf))

package/network/utils/iproute2/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=iproute2
-PKG_VERSION:=5.10.0
-PKG_RELEASE:=1
+PKG_VERSION:=5.11.0
+PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@KERNEL/linux/utils/net/iproute2
-PKG_HASH:=a54a34ae309c0406b2d1fb3a46158613ffb83d33fefd5d4a27f0010237ac53e9
+PKG_HASH:=c5e2ea108212b3445051b35953ec267f9f3469e1d5c67ac034ab559849505c54
 PKG_BUILD_PARALLEL:=1
 PKG_BUILD_DEPENDS:=iptables
 PKG_LICENSE:=GPL-2.0
@@ -33,78 +33,102 @@ endef
 
 define Package/ip-tiny
 $(call Package/iproute2/Default)
- TITLE:=Routing control utility (Minimal)
- VARIANT:=tiny
- DEFAULT_VARIANT:=1
- PROVIDES:=ip
- ALTERNATIVES:=200:/sbin/ip:/usr/libexec/ip-tiny
- DEPENDS:=+libnl-tiny +(PACKAGE_devlink||PACKAGE_rdma):libmnl
+  TITLE:=Routing control utility (minimal)
+  VARIANT:=iptiny
+  DEFAULT_VARIANT:=1
+  PROVIDES:=ip
+  ALTERNATIVES:=200:/sbin/ip:/usr/libexec/ip-tiny
+  DEPENDS:=+libnl-tiny +(PACKAGE_devlink||PACKAGE_rdma):libmnl
 endef
 
 define Package/ip-full
 $(call Package/iproute2/Default)
- TITLE:=Routing control utility (Full)
- VARIANT:=full
- PROVIDES:=ip
- ALTERNATIVES:=300:/sbin/ip:/usr/libexec/ip-full
- DEPENDS:=+libnl-tiny +libelf +(PACKAGE_devlink||PACKAGE_rdma):libmnl
+  TITLE:=Routing control utility (full)
+  VARIANT:=ipfull
+  PROVIDES:=ip
+  ALTERNATIVES:=300:/sbin/ip:/usr/libexec/ip-full
+  DEPENDS:=+libnl-tiny +libbpf +(PACKAGE_devlink||PACKAGE_rdma):libmnl
 endef
 
-define Package/tc
+define Package/tc-tiny
 $(call Package/iproute2/Default)
-  TITLE:=Traffic control utility
-  VARIANT:=tc
+  TITLE:=Traffic control utility (minimal)
+  VARIANT:=tctiny
+  DEFAULT_VARIANT:=1
   PROVIDES:=tc
-  DEPENDS:=+kmod-sched-core +libxtables +libelf +(PACKAGE_devlink||PACKAGE_rdma):libmnl
+  ALTERNATIVES:=200:/sbin/tc:/usr/libexec/tc-tiny
+  DEPENDS:=+kmod-sched-core +libxtables +tc-mod-iptables +(PACKAGE_devlink||PACKAGE_rdma):libmnl
+endef
+
+define Package/tc-full
+$(call Package/iproute2/Default)
+  TITLE:=Traffic control utility (full)
+  VARIANT:=tcfull
+  PROVIDES:=tc
+  ALTERNATIVES:=300:/sbin/tc:/usr/libexec/tc-full
+  DEPENDS:=+kmod-sched-core +libxtables +tc-mod-iptables +libbpf +(PACKAGE_devlink||PACKAGE_rdma):libmnl
+endef
+
+define Package/tc-mod-iptables
+$(call Package/iproute2/Default)
+  TITLE:=Traffic control module - iptables action
+  DEPENDS:=+libxtables
 endef
 
 define Package/genl
 $(call Package/iproute2/Default)
   TITLE:=General netlink utility frontend
-  DEPENDS:=+libnl-tiny +(PACKAGE_devlink||PACKAGE_rdma):libmnl +(PACKAGE_tc||PACKAGE_ip-full):libelf
+  DEPENDS:=+libnl-tiny +(PACKAGE_devlink||PACKAGE_rdma):libmnl
 endef
 
 define Package/ip-bridge
 $(call Package/iproute2/Default)
   TITLE:=Bridge configuration utility from iproute2
-  DEPENDS:=+libnl-tiny +(PACKAGE_devlink||PACKAGE_rdma):libmnl +(PACKAGE_tc||PACKAGE_ip-full):libelf
+  DEPENDS:=+libnl-tiny +(PACKAGE_devlink||PACKAGE_rdma):libmnl
 endef
 
 define Package/ss
 $(call Package/iproute2/Default)
   TITLE:=Socket statistics utility
-  DEPENDS:=+libnl-tiny +(PACKAGE_devlink||PACKAGE_rdma):libmnl +(PACKAGE_tc||PACKAGE_ip-full):libelf +kmod-netlink-diag
+  DEPENDS:=+libnl-tiny +(PACKAGE_devlink||PACKAGE_rdma):libmnl +kmod-netlink-diag
 endef
 
 define Package/nstat
 $(call Package/iproute2/Default)
   TITLE:=Network statistics utility
-  DEPENDS:=+libnl-tiny +(PACKAGE_devlink||PACKAGE_rdma):libmnl +(PACKAGE_tc||PACKAGE_ip-full):libelf
+  DEPENDS:=+libnl-tiny +(PACKAGE_devlink||PACKAGE_rdma):libmnl
 endef
 
 define Package/devlink
 $(call Package/iproute2/Default)
   TITLE:=Network devlink utility
-  DEPENDS:=+libmnl +(PACKAGE_tc||PACKAGE_ip-full):libelf
+  DEPENDS:=+libmnl
 endef
 
 define Package/rdma
 $(call Package/iproute2/Default)
   TITLE:=Network rdma utility
-  DEPENDS:=+libmnl +(PACKAGE_tc||PACKAGE_ip-full):libelf
+  DEPENDS:=+libmnl
 endef
 
-ifeq ($(BUILD_VARIANT),tiny)
+ifeq ($(BUILD_VARIANT),iptiny)
   IP_CONFIG_TINY:=y
+  LIBBPF_FORCE:=off
 endif
 
-ifeq ($(BUILD_VARIANT),full)
+ifeq ($(BUILD_VARIANT),ipfull)
   HAVE_ELF:=y
-  HAVE_CAP:=n
+  LIBBPF_FORCE:=on
 endif
 
-ifeq ($(BUILD_VARIANT),tc)
+ifeq ($(BUILD_VARIANT),tctiny)
+  LIBBPF_FORCE:=off
+  SHARED_LIBS:=y
+endif
+
+ifeq ($(BUILD_VARIANT),tcfull)
   HAVE_ELF:=y
+  LIBBPF_FORCE:=on
   SHARED_LIBS:=y
 endif
 
@@ -122,26 +146,29 @@ define Build/Configure
 endef
 
 TARGET_CFLAGS += -ffunction-sections -fdata-sections -flto
-TARGET_LDFLAGS += -Wl,--gc-sections
+TARGET_LDFLAGS += -Wl,--gc-sections -Wl,--as-needed
 TARGET_CPPFLAGS += -I$(STAGING_DIR)/usr/include/libnl-tiny
 
 MAKE_FLAGS += \
 	KERNEL_INCLUDE="$(LINUX_DIR)/user_headers/include" \
 	SHARED_LIBS=$(SHARED_LIBS) \
 	IP_CONFIG_TINY=$(IP_CONFIG_TINY) \
+	LIBBPF_FORCE=$(LIBBPF_FORCE) \
 	HAVE_ELF=$(HAVE_ELF) \
 	HAVE_MNL=$(HAVE_MNL) \
 	HAVE_CAP=$(HAVE_CAP) \
 	IPT_LIB_DIR=/usr/lib/iptables \
 	XT_LIB_DIR=/usr/lib/iptables \
-	FPIC="$(FPIC)"
+	FPIC="$(FPIC)" \
+	$(if $(findstring c,$(OPENWRT_VERBOSE)),V=1,V='')
 
 define Build/Compile
 	+$(MAKE_VARS) $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) $(MAKE_FLAGS)
 endef
 
 define Build/InstallDev
-	$(INSTALL_DIR) $(1)/usr/include
+	$(INSTALL_DIR) $(1)/usr/include/iproute2
+	$(CP) $(PKG_BUILD_DIR)/include/bpf_elf.h $(1)/usr/include/iproute2
 	$(CP) $(PKG_BUILD_DIR)/include/{libgenl,libnetlink}.h $(1)/usr/include/
 	$(INSTALL_DIR) $(1)/usr/lib
 	$(CP) $(PKG_BUILD_DIR)/lib/libnetlink.a $(1)/usr/lib/
@@ -157,15 +184,19 @@ define Package/ip-full/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/ip/ip $(1)/usr/libexec/ip-full
 endef
 
-define Package/tc/install
-	$(INSTALL_DIR) $(1)/usr/sbin
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/tc/tc $(1)/usr/sbin/
-	$(INSTALL_DIR) $(1)/etc/hotplug.d/iface
-	$(INSTALL_BIN) ./files/15-teql $(1)/etc/hotplug.d/iface/
-ifeq ($(SHARED_LIBS),y)
+define Package/tc-tiny/install
+	$(INSTALL_DIR) $(1)/usr/libexec
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/tc/tc $(1)/usr/libexec/tc-tiny
+endef
+
+define Package/tc-full/install
+	$(INSTALL_DIR) $(1)/usr/libexec
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/tc/tc $(1)/usr/libexec/tc-full
+endef
+
+define Package/tc-mod-iptables/install
 	$(INSTALL_DIR) $(1)/usr/lib/tc
-	$(CP) $(PKG_BUILD_DIR)/tc/*.so $(1)/usr/lib/tc
-endif
+	$(CP) $(PKG_BUILD_DIR)/tc/m_xt.so $(1)/usr/lib/tc
 endef
 
 define Package/genl/install
@@ -200,7 +231,9 @@ endef
 
 $(eval $(call BuildPackage,ip-tiny))
 $(eval $(call BuildPackage,ip-full))
-$(eval $(call BuildPackage,tc))
+$(eval $(call BuildPackage,tc-tiny))
+$(eval $(call BuildPackage,tc-full))
+$(eval $(call BuildPackage,tc-mod-iptables))
 $(eval $(call BuildPackage,genl))
 $(eval $(call BuildPackage,ip-bridge))
 $(eval $(call BuildPackage,ss))

package/network/utils/iproute2/patches/100-configure.patch

@@ -1,6 +1,6 @@
 --- a/configure
 +++ b/configure
-@@ -34,7 +34,8 @@ int main(int argc, char **argv) {
+@@ -39,7 +39,8 @@ int main(int argc, char **argv) {
  }
  EOF
  

package/network/utils/iproute2/patches/130-no_netem.patch

@@ -4,8 +4,8 @@
  CFLAGS := $(WFLAGS) $(CCOPTS) -I../include -I../include/uapi $(DEFINES) $(CFLAGS)
  YACCFLAGS = -d -t -v
  
--SUBDIRS=lib ip tc bridge misc netem genl tipc devlink rdma man
-+SUBDIRS=lib ip tc bridge misc genl tipc devlink rdma man
+-SUBDIRS=lib ip tc bridge misc netem genl tipc devlink rdma dcb man
++SUBDIRS=lib ip tc bridge misc genl tipc devlink rdma dcb man
  
  LIBNETLINK=../lib/libutil.a ../lib/libnetlink.a
  LDLIBS += $(LIBNETLINK)

package/network/utils/iproute2/patches/140-allow_pfifo_fast.patch

@@ -1,6 +1,6 @@
 --- a/tc/q_fifo.c
 +++ b/tc/q_fifo.c
-@@ -99,5 +99,6 @@ struct qdisc_util pfifo_head_drop_qdisc_
+@@ -95,5 +95,6 @@ struct qdisc_util pfifo_head_drop_qdisc_
  
  struct qdisc_util pfifo_fast_qdisc_util = {
  	.id = "pfifo_fast",

package/network/utils/iproute2/patches/140-keep_libmnl_optional.patch

@@ -1,6 +1,6 @@
 --- a/configure
 +++ b/configure
-@@ -257,7 +257,7 @@ check_selinux()
+@@ -367,7 +367,7 @@ check_selinux()
  
  check_mnl()
  {

package/network/utils/iproute2/patches/145-keep_libelf_optional.patch

@@ -1,6 +1,6 @@
 --- a/configure
 +++ b/configure
-@@ -230,7 +230,7 @@ EOF
+@@ -235,7 +235,7 @@ EOF
  
  check_elf()
  {

package/network/utils/iproute2/patches/150-keep_libcap_optional.patch

@@ -1,6 +1,6 @@
 --- a/configure
 +++ b/configure
-@@ -315,7 +315,7 @@ EOF
+@@ -425,7 +425,7 @@ EOF
  
  check_cap()
  {