Merge branch 'v2015.1.x' of https://github.com/tecff/gluon into v2015.1.x

In this case, the BROKEN flag was correct, the profile didn't work. This
has been fixed in master, but the fix won't be backported, so it's better
to remove the profile altogether.

Makefile

@@ -184,6 +184,7 @@ gluon-tools: FORCE
 	+$(GLUONMAKE_EARLY) package/lua/host/install
 
 prepare-tmpinfo: FORCE
+	@+$(MAKE) -r -s tmp/.prereq-build OPENWRT_BUILD= QUIET=0
 	mkdir -p tmp/info
 	$(_SINGLE)$(NO_TRACE_MAKE) -j1 -r -s -f include/scan.mk SCAN_TARGET="packageinfo" SCAN_DIR="package" SCAN_NAME="package" SCAN_DEPS="$(TOPDIR)/include/package*.mk $(TOPDIR)/overlay/*/*.mk" SCAN_EXTRA=""
 	$(_SINGLE)$(NO_TRACE_MAKE) -j1 -r -s -f include/scan.mk SCAN_TARGET="targetinfo" SCAN_DIR="target/linux" SCAN_NAME="target" SCAN_DEPS="profiles/*.mk $(TOPDIR)/include/kernel*.mk $(TOPDIR)/include/target.mk" SCAN_DEPTH=2 SCAN_EXTRA="" SCAN_MAKEOPTS="TARGET_BUILD=1"
@@ -205,7 +206,7 @@ feeds: FORCE
 	+$(GLUONMAKE_EARLY) prepare-tmpinfo
 
 config: FORCE
-	+$(NO_TRACE_MAKE) scripts/config/conf OPENWRT_BUILD=0
+	+$(NO_TRACE_MAKE) scripts/config/conf OPENWRT_BUILD= QUIET=0
 	+$(GLUONMAKE) prepare-tmpinfo
 	( \
 		cat $(GLUONDIR)/include/config $(GLUONDIR)/targets/$(GLUON_TARGET)/config; \

docs/conf.py

@@ -54,9 +54,9 @@ copyright = '2015, Project Gluon'
 # built documents.
 #
 # The short X.Y version.
-version = '2015.1'
+version = '2015.1.2'
 # The full version, including alpha/beta/rc tags.
-release = '2015.1'
+release = '2015.1.2'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

docs/index.rst

@@ -49,6 +49,8 @@ Releases
 .. toctree::
    :maxdepth: 1
 
+   releases/v2015.1.2
+   releases/v2015.1.1
    releases/v2015.1
    releases/v2014.4
    releases/v2014.3.1
@@ -100,9 +102,10 @@ ar71xx-generic
   - TL-MR3040 (v1, v2)
   - TL-MR3220 (v1, v2)
   - TL-MR3420 (v1, v2)
-  - TL-WA701N/ND (v1)
+  - TL-WA701N/ND (v1, v2)
   - TL-WA750RE (v1)
-  - TL-WA801N/ND (v2)
+  - TL-WA801N/ND (v1, v2)
+  - TL-WA830RE (v1, v2)
   - TL-WA850RE (v1)
   - TL-WA860RE (v1)
   - TL-WA901N/ND (v2, v3)
@@ -112,8 +115,8 @@ ar71xx-generic
   - TL-WR1043N/ND (v1, v2)
   - TL-WR703N (v1)
   - TL-WR710N (v1)
-  - TL-WR740N (v1, v3, v4)
-  - TL-WR741N/ND (v1, v2, v4)
+  - TL-WR740N (v1, v3, v4, v5)
+  - TL-WR741N/ND (v1, v2, v4, v5)
   - TL-WR743N/ND (v1, v2)
   - TL-WR841N/ND (v3, v5, v7, v8, v9)
   - TL-WR842N/ND (v1, v2)

docs/releases/v2015.1.1.rst

@@ -0,0 +1,27 @@
+Gluon 2015.1.1
+==============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* TP-Link
+
+  - TL-WA830RE (v1)
+
+New features
+~~~~~~~~~~~~
+The `x86-generic` and `x86-kvm_guest` images now support two ethernet interfaces by default. If two interfaces exist during
+the first boot, `eth0` will be used as LAN and `eth1` as WAN.
+
+Bugfixes
+~~~~~~~~
+
+* Fix German "Expert Mode" label (was "Export Mode")
+* Fix download of OpenSSL during build (because of broken OpenSSL download servers...)
+* Fix ABI break causing kernel panics when trying to use network-related modules from the official OpenWrt repository (like `kmod-pppoe`)
+* Fix race conditions breaking parallel build occasionally
+* A broken network configuration would be generated when an older Gluon version was updated to 2015.1 with
+  ``mesh_on_lan`` enabled in `site.conf`
+* Minor announced/alfred JSON format fixes (don't output empty lists where empty objects would be expected)

docs/releases/v2015.1.2.rst

@@ -0,0 +1,41 @@
+Gluon 2015.1.2
+==============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* TP-Link
+
+  - TL-WA701N/ND (v2)
+  - TL-WA801N/ND (v1)
+  - TL-WA830RE (v2)
+  - TL-WR740N / TL-WR741ND (v5)
+
+New features
+~~~~~~~~~~~~
+
+* Ubiquiti Loco M, Picostation M and Rocket M now get their own images (which are just copies of the Bullet M image)
+  so it's more obvious for users which image to use
+* The x86-generic images now contain the e1000e ethernet driver by default
+
+Bugfixes
+~~~~~~~~
+
+* Fix download of OpenSSL during build because of broken OpenSSL download servers (again...)
+* Fix another ABI incompatiblity with the upstream kernel modules which prevented loading some filesystem-related modules
+* Fix potential MAC address conflicts on x86 target when using mesh-on-wan/lan
+* Fix signal strength indicators on TP-LINK CPE210/510
+* Fix the model name string on some NETGEAR WNDR3700v2
+* Fix 5GHz WLAN switching channels and losing connectivity when other WLANs using the same channel are detected (including other Gluon nodes...); see https://github.com/freifunk-gluon/gluon/issues/386
+* Fix DNS resolution for mesh VPN on IPv6-only WAN; see https://github.com/freifunk-gluon/gluon/issues/397
+* gluon-mesh-batman-adv-15: update batman-adv to 2015.0 with additional bugfixes (fixes various minor bugs)
+* gluon-mesh-batman-adv-15: fix forwarding of fragmented frames over multiple links with different MTUs
+
+  batman-adv compat 15 doesn't re-fragment frames that are fragmented already. In particular,
+  this breaks transmission of large packets which are first fragmented for mesh-on-lan/wan and are then sent
+  over the mesh VPN, which has an even smaller MTU. Work around this limitation by decreasing the maximum fragment
+  size to 1280, so they can always be forwarded as long there's no link with a MTU smaller than 1280.
+
+  See https://github.com/freifunk-gluon/gluon/issues/435

include/config

@@ -15,6 +15,8 @@ CONFIG_BUSYBOX_CONFIG_FEATURE_IP_RULE=y
 CONFIG_BUSYBOX_CONFIG_FEATURE_IP_SHORT_FORMS=y
 CONFIG_BUSYBOX_CONFIG_FEATURE_WGET_TIMEOUT=y
 
+CONFIG_KERNEL_DIRECT_IO=y
+
 CONFIG_ATH_USER_REGD=y
 CONFIG_PACKAGE_ATH_DEBUG=y
 CONFIG_ATH10K_CT_COMMUNITY_FW=y

include/toplevel.mk

@@ -48,10 +48,6 @@ else
   export HOSTCC_WRAPPER:=$(HOSTCC)
 endif
 
-ifeq ($(FORCE),)
-  .config scripts/config/conf scripts/config/mconf: tmp/.prereq-build
-endif
-
 SCAN_COOKIE?=$(shell echo $$$$)
 export SCAN_COOKIE
 

modules

@@ -1,10 +1,10 @@
 GLUON_FEEDS='openwrt gluon routing luci'
 
 OPENWRT_REPO=git://git.openwrt.org/14.07/openwrt.git
-OPENWRT_COMMIT=179bab8b1700d74b28cc6cd25322f9a1ad670107
+OPENWRT_COMMIT=10b1d597b97bf9038d18eb8c7c5a8d127c72e5da
 
 PACKAGES_OPENWRT_REPO=git://github.com/openwrt/packages.git
-PACKAGES_OPENWRT_COMMIT=01fcd1f29174a56d6ddb59901ed8c67ea42c3a8f
+PACKAGES_OPENWRT_COMMIT=289cc1505143e4b6cfaaabd452143e159dd22d25
 PACKAGES_OPENWRT_BRANCH=for-14.07
 
 PACKAGES_GLUON_REPO=git://github.com/freifunk-gluon/packages.git

package/gluon-announce/files/usr/lib/lua/gluon/announce.lua

@@ -3,6 +3,7 @@
 module('gluon.announce', package.seeall)
 
 fs = require 'luci.fs'
+json = require 'luci.json'
 uci = require('luci.model.uci').cursor()
 util = require 'luci.util'
 
@@ -15,7 +16,7 @@ local function collect_entry(entry)
 end
 
 function collect_dir(dir)
-	local ret = {}
+	local ret = { [json.null] = true }
 
 	for _, entry in ipairs(fs.dir(dir)) do
 		if entry:sub(1, 1) ~= '.' then

package/gluon-config-mode-geo-location/i18n/de.po

@@ -27,7 +27,7 @@ msgid "Longitude"
 msgstr "Längengrad"
 
 msgid "Altitude"
-msgstr "Höhenmeter über Normalnull"
+msgstr "Höhe"
 
 msgid "Show node on the map"
 msgstr "Knoten auf der Karte anzeigen"

package/gluon-core/files/lib/gluon/upgrade/010-primary-mac

@@ -15,19 +15,18 @@ local util = require 'luci.util'
 
 
 local try_files = {
-  '/sys/class/ieee80211/phy0/macaddress',
-  '/sys/class/net/eth0/address',
+  '/sys/class/net/eth0/address'
 }
 
+if not util.contains({'x86', 'brcm2708'}, platform.get_target()) then
+  table.insert(try_files, 1, '/sys/class/ieee80211/phy0/macaddress')
+end
+
 if platform.match('ar71xx', 'generic', {'tl-wdr3600', 'tl-wdr4300'}) then
   table.insert(try_files, 1, '/sys/class/ieee80211/phy1/macaddress')
-end
-
-if platform.match('ar71xx', 'generic', {'unifi-outdoor-plus'}) then
+elseif platform.match('ar71xx', 'generic', {'unifi-outdoor-plus'}) then
   table.insert(try_files, 1, '/sys/class/net/eth0/address')
-end
-
-if platform.match('ar71xx', 'generic', {'archer-c5', 'archer-c7'}) then
+elseif platform.match('ar71xx', 'generic', {'archer-c5', 'archer-c7'}) then
   table.insert(try_files, 1, '/sys/class/net/eth1/address')
 end
 

package/gluon-luci-admin/i18n/de.po

@@ -27,7 +27,7 @@ msgid "Don't switch off the device in any circumstance!"
 msgstr "Unterbrich auf keinen Fall die Stromversorgung!"
 
 msgid "Expert Mode"
-msgstr "Export Mode"
+msgstr "Expert Mode"
 
 msgid "Firmware image"
 msgstr "Firmware-Datei"

package/gluon-mesh-batman-adv-core/files/lib/gluon/announce/neighbours.d/batadv

@@ -1,7 +1,3 @@
-local json = require 'luci.json'
-local util = require 'luci.util'
-local fs = require 'nixio.fs'
-
 local ifname_address_cache = {}
 
 function ifname2address(ifname)
@@ -26,7 +22,7 @@ function batadv()
     if mac1 ~= nil and mac1 == mac2 then
       ifaddress = ifname2address(ifname)
       if interfaces[ifaddress] == nil then
-        interfaces[ifaddress] = { neighbours = {} }
+        interfaces[ifaddress] = { neighbours = { [json.null] = true } }
       end
 
       interfaces[ifaddress].neighbours[mac1] = { tq = tonumber(tq)
@@ -35,7 +31,9 @@ function batadv()
     end
   end
 
-  return interfaces
+  if next(interfaces) then
+    return interfaces
+  end
 end
 
 return batadv()

package/gluon-mesh-batman-adv-core/files/lib/gluon/announce/neighbours.d/wifi

@@ -1,6 +1,3 @@
-local json = require 'luci.json'
-local util = require 'luci.util'
-local fs = require 'nixio.fs'
 local iwinfo = require 'iwinfo'
 
 function neighbours(iface)
@@ -12,7 +9,9 @@ function neighbours(iface)
                           }
   end
 
-  return stations
+  if next(stations) then
+    return stations
+  end
 end
 
 function interfaces()
@@ -38,4 +37,6 @@ for address, iface in pairs(interfaces()) do
   wifi[address] = { neighbours = neighbours(iface) }
 end
 
-return wifi
+if next(wifi) then
+  return wifi
+end

package/gluon-mesh-batman-adv-core/files/lib/gluon/announce/nodeinfo.d/network/mesh/bat0/interfaces

@@ -48,5 +48,6 @@ end
 return {
   wireless = nil_table(wireless),
   tunnel = nil_table(tunnel),
-  other = nil_table(other)
+  other = nil_table(other),
+  [json.null] = true
 }

package/gluon-mesh-batman-adv-core/files/lib/gluon/upgrade/300-gluon-mesh-batman-adv-core-wan

@@ -1,14 +1,11 @@
 #!/usr/bin/lua
 
-local sysconfig = require 'gluon.sysconfig'
 local util = require 'gluon.util'
 local uci = require('luci.model.uci').cursor()
 
 
-if sysconfig.wan_ifname:match('%.') then
-  -- fix up duplicate mac addresses (for mesh-on-WAN)
-  uci:set('network', 'wan', 'macaddr', util.generate_mac(1, 0))
-  uci:save('network')
-  uci:commit('network')
-end
+-- fix up duplicate mac addresses (for mesh-on-WAN)
+uci:set('network', 'wan', 'macaddr', util.generate_mac(1, 0))
+uci:save('network')
+uci:commit('network')
 

package/gluon-mesh-batman-adv-core/files/lib/gluon/upgrade/340-gluon-mesh-batman-adv-core-mesh-on-lan

@@ -1,23 +1,32 @@
 #!/usr/bin/lua
 
 local site = require 'gluon.site_config'
-local uci = require 'luci.model.uci'
 local util = require 'gluon.util'
 local sysconfig = require 'gluon.sysconfig'
 
-local c = uci.cursor()
+local uci = require('luci.model.uci').cursor()
+local lutil = require 'luci.util'
 
-if sysconfig.lan_ifname then
-  if not c:get('network', 'mesh_lan') then
-    c:section('network', 'interface', 'mesh_lan',
+if sysconfig.lan_ifname and not uci:get('network', 'mesh_lan') then
+  local enable = site.mesh_on_lan
+
+  if enable then
+    local interfaces = uci:get('network', 'client', 'ifname')
+
+    if interfaces and lutil.contains(interfaces:split(' '), sysconfig.lan_ifname) then
+      enable = false
+    end
+  end
+
+  uci:section('network', 'interface', 'mesh_lan',
               { ifname  = sysconfig.lan_ifname
               , proto   = 'batadv'
               , mesh    = 'bat0'
               , macaddr = util.generate_mac(1, 1)
-              , auto    = site.mesh_on_lan and 1 or 0
-              })
-  end
+              , auto    = enable and 1 or 0
+  })
+
+  uci:save('network')
+  uci:commit('network')
 end
 
-c:save('network')
-c:commit('network')

package/gluon-mesh-batman-adv-core/files/lib/gluon/upgrade/350-gluon-mesh-batman-adv-core-rssid

@@ -0,0 +1,10 @@
+#!/usr/bin/lua
+
+local uci = require('luci.model.uci').cursor()
+
+if uci:get('system', 'rssid_wlan0') then
+  uci:set('system', 'rssid_wlan0', 'dev', 'mesh0')
+
+  uci:save('system')
+  uci:commit('system')
+end

package/gluon-wan-dnsmasq/files/etc/init.d/gluon-wan-dnsmasq

@@ -18,7 +18,10 @@ start() {
 	mkdir -p $RESOLV_CONF_DIR
 	/lib/gluon/wan-dnsmasq/update.lua
 
-	LD_PRELOAD=libpacketmark.so LIBPACKETMARK_MARK=$PACKET_MARK service_start /usr/sbin/dnsmasq -x $SERVICE_PID_FILE -u root -i lo -p $PORT -h -r $RESOLV_CONF
+	export LD_PRELOAD=libpacketmark.so
+	export LIBPACKETMARK_MARK=$PACKET_MARK
+
+	service_start /usr/sbin/dnsmasq -x $SERVICE_PID_FILE -u root -i lo -p $PORT -h -r $RESOLV_CONF
 }
 
 stop() {

patches/openwrt/0036-build-prevent-race-condition-between-tool-symlink-creation.patch

@@ -0,0 +1,20 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Thu, 28 May 2015 03:48:14 +0200
+Subject: build: prevent race condition between tool symlink creation
+
+Filter out STAGING_DIR_HOST binary path to prevent picking up grep from this
+path.
+
+diff --git a/tools/Makefile b/tools/Makefile
+index 137ad61..c24bca1 100644
+--- a/tools/Makefile
++++ b/tools/Makefile
+@@ -120,7 +120,7 @@ $(STAGING_DIR_HOST)/.prepared: $(TMP_DIR)/.build
+ define PrepareCommand
+ $(STAGING_DIR_HOST)/bin/$(1): $(STAGING_DIR_HOST)/.prepared
+ 	@mkdir -p "$$(dir $$@)"; rm -f "$$@"
+-	@export FILE="$$$$(which $(2) 2>/dev/null | grep -v 'not found' | head -n1)"; [ -n "$$$$FILE" ] || { \
++	@export PATH="$(subst $(space),:,$(filter-out $(STAGING_DIR_HOST)/%,$(subst :,$(space),$(PATH))))"; export FILE="$$$$(which $(2) 2>/dev/null | grep -v 'not found' | head -n1)"; [ -n "$$$$FILE" ] || { \
+ 		echo "Command $(1) not found."; false; \
+ 	}; ln -s "$$$$FILE" "$$@"
+ 

patches/openwrt/0037-ar71xx-fix-AR71XX_MODEL-for-TP-Link-TL-WA830RE-v1.patch

@@ -0,0 +1,24 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Mon, 15 Jun 2015 21:28:06 +0200
+Subject: ar71xx: fix AR71XX_MODEL for TP-Link TL-WA830RE v1
+
+The v1 identifies as v10 internally. As there is no TL-WA830RE v10, add a
+workaround to avoid confusing users.
+
+Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
+
+diff --git a/target/linux/ar71xx/base-files/lib/ar71xx.sh b/target/linux/ar71xx/base-files/lib/ar71xx.sh
+index 1838cb4..d79776b 100755
+--- a/target/linux/ar71xx/base-files/lib/ar71xx.sh
++++ b/target/linux/ar71xx/base-files/lib/ar71xx.sh
+@@ -145,6 +145,10 @@ tplink_board_detect() {
+ 		;;
+ 	"083000"*)
+ 		model="TP-Link TL-WA830RE"
++
++		if [ "$hwver" = 'v10' ]; then
++			hwver='v1'
++		fi
+ 		;;
+ 	"084100"*)
+ 		model="TP-Link TL-WR841N/ND"

patches/openwrt/0038-x86-remove-old-soekris-config-hacks-install-a-more-appropriate-default-etc-config-network-with-lan-wan.patch

@@ -0,0 +1,137 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Tue, 16 Jun 2015 01:07:41 +0200
+Subject: x86: remove old soekris config hacks, install a more appropriate default /etc/config/network with lan+wan
+
+Signed-off-by: Felix Fietkau <nbd@openwrt.org>
+
+diff --git a/target/linux/x86/base-files/etc/config/network b/target/linux/x86/base-files/etc/config/network
+new file mode 100644
+index 0000000..c9953a0
+--- /dev/null
++++ b/target/linux/x86/base-files/etc/config/network
+@@ -0,0 +1,26 @@
++# Copyright (C) 2006 OpenWrt.org
++
++config interface loopback
++	option ifname	lo
++	option proto	static
++	option ipaddr	127.0.0.1
++	option netmask	255.0.0.0
++
++config interface lan
++	option ifname	eth0
++	option type 	bridge
++	option proto	static
++	option ipaddr	192.168.1.1
++	option netmask	255.255.255.0
++	option ip6assign 60
++
++config interface wan
++	option ifname	eth1
++	option proto	dhcp
++
++config interface wan6
++	option ifname	eth1
++	option proto	dhcpv6
++
++config globals globals
++	option ula_prefix auto
+diff --git a/target/linux/x86/base-files/etc/defconfig/net4801/network b/target/linux/x86/base-files/etc/defconfig/net4801/network
+deleted file mode 100644
+index 172d513..0000000
+--- a/target/linux/x86/base-files/etc/defconfig/net4801/network
++++ /dev/null
+@@ -1,24 +0,0 @@
+-config interface loopback
+-	option ifname	lo
+-	option proto	static
+-	option ipaddr	127.0.0.1
+-	option netmask	255.0.0.0
+-
+-config interface lan
+-	option ifname	eth1
+-	option type	bridge
+-	option proto	static
+-	option ipaddr	192.168.1.1
+-	option netmask	255.255.255.0
+-	option ip6assign 60
+-
+-config interface wan
+-	option ifname	eth0
+-	option proto	dhcp
+-
+-config interface wan6
+-	option ifname   @wan
+-	option proto    dhcpv6
+-
+-config globals globals
+-	option ula_prefix auto
+diff --git a/target/linux/x86/base-files/etc/defconfig/net4826/network b/target/linux/x86/base-files/etc/defconfig/net4826/network
+deleted file mode 100644
+index 7c9fb63..0000000
+--- a/target/linux/x86/base-files/etc/defconfig/net4826/network
++++ /dev/null
+@@ -1,12 +0,0 @@
+-config interface loopback
+-	option ifname	lo
+-	option proto	static
+-	option ipaddr	127.0.0.1
+-	option netmask	255.0.0.0
+-
+-config interface lan
+-	option ifname	eth0
+-	option type	bridge
+-	option proto	static
+-	option ipaddr	192.168.1.1
+-	option netmask	255.255.255.0
+diff --git a/target/linux/x86/base-files/etc/init.d/defconfig b/target/linux/x86/base-files/etc/init.d/defconfig
+deleted file mode 100755
+index 4b4f28f..0000000
+--- a/target/linux/x86/base-files/etc/init.d/defconfig
++++ /dev/null
+@@ -1,20 +0,0 @@
+-#!/bin/sh /etc/rc.common
+-#
+-# Copyright (C) 2010 Thinktube Inc.
+-#
+-
+-START=05
+-
+-start() {
+-	. /lib/soekris.sh
+-
+-	local board=$(net48xx_board_name)
+-
+-	[ ! -d /etc/defconfig/$board ] && board="net4826"
+-
+-	for f in $( ls /etc/defconfig/$board ); do
+-		if [ ! -e /etc/config/$f ]; then
+-			cp /etc/defconfig/$board/$f /etc/config/
+-		fi
+-	done
+-}
+diff --git a/target/linux/x86/base-files/lib/soekris.sh b/target/linux/x86/base-files/lib/soekris.sh
+deleted file mode 100755
+index e416ad3..0000000
+--- a/target/linux/x86/base-files/lib/soekris.sh
++++ /dev/null
+@@ -1,19 +0,0 @@
+-#!/bin/sh
+-
+-net48xx_board_name () {
+-    local name
+-    local pci=`wc -l /proc/bus/pci/devices`
+-
+-    case "$pci" in
+-	*"8"*)
+-	    name="net4826"
+-	    ;;
+-	*1[0-4]*)
+-	    name="net4801"
+-	    ;;
+-	*)
+-	    name="net4826"
+-	    ;;
+-    esac
+-    echo $name
+-}

patches/openwrt/0039-Revert-netns_ct-ABI-change-introduced-in-r44874.patch

@@ -0,0 +1,20 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Wed, 17 Jun 2015 00:03:39 +0200
+Subject: Revert netns_ct ABI change introduced in r44874
+
+diff --git a/target/linux/generic/patches-3.10/617-netfilter_skip_filter_compat.patch b/target/linux/generic/patches-3.10/617-netfilter_skip_filter_compat.patch
+new file mode 100644
+index 0000000..dce0cd0
+--- /dev/null
++++ b/target/linux/generic/patches-3.10/617-netfilter_skip_filter_compat.patch
+@@ -0,0 +1,10 @@
++--- a/include/net/netns/conntrack.h
+++++ b/include/net/netns/conntrack.h
++@@ -80,6 +80,7 @@ struct netns_ct {
++ 	int			sysctl_acct;
++ 	int			sysctl_tstamp;
++ 	int			sysctl_checksum;
+++	int			skip_filter;
++ 	unsigned int		sysctl_log_invalid; /* Log invalid packets */
++ 	int			sysctl_auto_assign_helper;
++ 	bool			auto_assign_helper_warned;

patches/openwrt/0040-ar71xx-add-support-for-TP-LINK-TL-WR740N-TL-WR741ND.patch

@@ -0,0 +1,28 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Mon, 22 Jun 2015 00:50:09 +0200
+Subject: ar71xx: add support for TP-LINK TL-WR740N/TL-WR741ND
+
+diff --git a/target/linux/ar71xx/image/Makefile b/target/linux/ar71xx/image/Makefile
+index fc59c33..53ae3f6 100644
+--- a/target/linux/ar71xx/image/Makefile
++++ b/target/linux/ar71xx/image/Makefile
+@@ -1233,6 +1233,8 @@ $(eval $(call SingleProfile,TPLINK-LZMA,64kraw,TLWR710,tl-wr710n-v1,TL-WR710N,tt
+ $(eval $(call SingleProfile,TPLINK-LZMA,64kraw,TLWR720NV3,tl-wr720n-v3,TL-WR720N-v3,ttyATH0,115200,0x07200103,1,4Mlzma))
+ $(eval $(call SingleProfile,TPLINK-LZMA,64kraw,TLWR740NV4,tl-wr740n-v4,TL-WR741ND-v4,ttyATH0,115200,0x07400004,1,4Mlzma))
+ $(eval $(call SingleProfile,TPLINK-LZMA,64kraw,TLWR741NV4,tl-wr741nd-v4,TL-WR741ND-v4,ttyATH0,115200,0x07410004,1,4Mlzma))
++$(eval $(call SingleProfile,TPLINK-LZMA,64kraw,TLWR740NV5,tl-wr740n-v5,TL-WR741ND-v4,ttyATH0,115200,0x07400005,1,4Mlzma))
++$(eval $(call SingleProfile,TPLINK-LZMA,64kraw,TLWR741NV5,tl-wr741nd-v5,TL-WR741ND-v4,ttyATH0,115200,0x07400005,1,4Mlzma))
+ $(eval $(call SingleProfile,TPLINK-LZMA,64kraw,TLWR743NV2,tl-wr743nd-v2,TL-WR741ND-v4,ttyATH0,115200,0x07430002,1,4Mlzma))
+ $(eval $(call SingleProfile,TPLINK-LZMA,64kraw,TLWA750,tl-wa750re-v1,TL-WA750RE,ttyS0,115200,0x07500001,1,4Mlzma))
+ $(eval $(call SingleProfile,TPLINK-LZMA,64kraw,TLWR841NV8,tl-wr841n-v8,TL-WR841N-v8,ttyS0,115200,0x08410008,1,4Mlzma))
+@@ -1318,8 +1320,8 @@ $(eval $(call MultiProfile,TLWA830,TLWA830RV1 TLWA830RV2))
+ $(eval $(call MultiProfile,TLWA901,TLWA901NV1 TLWA901NV2 TLWA901NV3))
+ $(eval $(call MultiProfile,TLWA7510,TLWA7510NV1))
+ $(eval $(call MultiProfile,TLWR720,TLWR720NV3))
+-$(eval $(call MultiProfile,TLWR740,TLWR740NV1 TLWR740NV3 TLWR740NV4))
+-$(eval $(call MultiProfile,TLWR741,TLWR741NV1 TLWR741NV2 TLWR741NV4))
++$(eval $(call MultiProfile,TLWR740,TLWR740NV1 TLWR740NV3 TLWR740NV4 TLWR740NV5))
++$(eval $(call MultiProfile,TLWR741,TLWR741NV1 TLWR741NV2 TLWR741NV4 TLWR741NV5))
+ $(eval $(call MultiProfile,TLWR743,TLWR743NV1 TLWR743NV2))
+ $(eval $(call MultiProfile,TLWR841,TLWR841NV15 TLWR841NV3 TLWR841NV5 TLWR841NV7 TLWR841NV8 TLWR841NV9))
+ $(eval $(call MultiProfile,TLWR842,TLWR842V1 TLWR842V2))

patches/openwrt/0041-ar71xx-fix-wndr3700_board_detect-for-some-NETGEAR-WNDR3700v2.patch

@@ -0,0 +1,26 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Thu, 23 Jul 2015 01:31:05 +0200
+Subject: ar71xx: fix wndr3700_board_detect for some NETGEAR WNDR3700v2
+
+There are a few NETGEAR devices which don't terminate the model name in the
+ART with a NUL byte, at least some NETGEAR WNDR3700v2. The current awk
+expression doesn't match 0xFF bytes, so AR71XX_MODEL contains lots of
+trailing 0xFF garbage in this case.
+
+Fix this by matching for the first non-printable character and explicitly
+setting LC_CTYPE=C (probably not strictly necessary on OpenWrt, but will
+definitely work like this, even when awk supports locales and LANG is set).
+
+diff --git a/target/linux/ar71xx/base-files/lib/ar71xx.sh b/target/linux/ar71xx/base-files/lib/ar71xx.sh
+index d79776b..6ba40aa 100755
+--- a/target/linux/ar71xx/base-files/lib/ar71xx.sh
++++ b/target/linux/ar71xx/base-files/lib/ar71xx.sh
+@@ -38,7 +38,7 @@ wndr3700_board_detect() {
+ 		;;
+ 	"33373031")
+ 		# Use awk to remove everything after the first zero byte
+-		model="$(ar71xx_get_mtd_offset_size_format art 41 32 %c | awk 'BEGIN{FS="[[:cntrl:]]"} {print $1; exit}')"
++		model="$(ar71xx_get_mtd_offset_size_format art 41 32 %c | LC_CTYPE=C awk -v 'FS=[^[:print:]]' '{print $1; exit}')"
+ 		case $model in
+ 		$'\xff'*)
+ 			if [ "${model:24:1}" = 'N' ]; then

patches/openwrt/0042-hostapd-prevent-channel-switch-for-5GHz.patch

@@ -0,0 +1,77 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Mon, 27 Jul 2015 20:42:50 +0200
+Subject: hostapd: prevent channel switch for 5GHz
+
+hostapd would switch the primary and secondary channel on 5GHz networks in
+certain circumstances, completely breaking the adhoc interfaces of the WLAN
+adapter (they would lose their configuration).
+
+As a temporary fix, disable this channel switch function.
+
+diff --git a/package/network/services/hostapd/patches/472-no_channel_switch.patch b/package/network/services/hostapd/patches/472-no_channel_switch.patch
+new file mode 100644
+index 0000000..046969b
+--- /dev/null
++++ b/package/network/services/hostapd/patches/472-no_channel_switch.patch
+@@ -0,0 +1,61 @@
++--- a/src/ap/hw_features.c
+++++ b/src/ap/hw_features.c
++@@ -339,58 +339,6 @@ static int ieee80211n_check_40mhz_5g(str
++ 	else
++ 		sec_freq = pri_freq - 20;
++ 
++-	/*
++-	 * Switch PRI/SEC channels if Beacons were detected on selected SEC
++-	 * channel, but not on selected PRI channel.
++-	 */
++-	pri_bss = sec_bss = 0;
++-	for (i = 0; i < scan_res->num; i++) {
++-		struct wpa_scan_res *bss = scan_res->res[i];
++-		if (bss->freq == pri_freq)
++-			pri_bss++;
++-		else if (bss->freq == sec_freq)
++-			sec_bss++;
++-	}
++-	if (sec_bss && !pri_bss) {
++-		wpa_printf(MSG_INFO, "Switch own primary and secondary "
++-			   "channel to get secondary channel with no Beacons "
++-			   "from other BSSes");
++-		ieee80211n_switch_pri_sec(iface);
++-		return 1;
++-	}
++-
++-	/*
++-	 * Match PRI/SEC channel with any existing HT40 BSS on the same
++-	 * channels that we are about to use (if already mixed order in
++-	 * existing BSSes, use own preference).
++-	 */
++-	match = 0;
++-	for (i = 0; i < scan_res->num; i++) {
++-		struct wpa_scan_res *bss = scan_res->res[i];
++-		ieee80211n_get_pri_sec_chan(bss, &bss_pri_chan, &bss_sec_chan);
++-		if (pri_chan == bss_pri_chan &&
++-		    sec_chan == bss_sec_chan) {
++-			match = 1;
++-			break;
++-		}
++-	}
++-	if (!match) {
++-		for (i = 0; i < scan_res->num; i++) {
++-			struct wpa_scan_res *bss = scan_res->res[i];
++-			ieee80211n_get_pri_sec_chan(bss, &bss_pri_chan,
++-						    &bss_sec_chan);
++-			if (pri_chan == bss_sec_chan &&
++-			    sec_chan == bss_pri_chan) {
++-				wpa_printf(MSG_INFO, "Switch own primary and "
++-					   "secondary channel due to BSS "
++-					   "overlap with " MACSTR,
++-					   MAC2STR(bss->bssid));
++-				ieee80211n_switch_pri_sec(iface);
++-				break;
++-			}
++-		}
++-	}
++-
++ 	return 1;
++ }
++ 

patches/openwrt/0043-curl-backport-CC-version.patch

@@ -0,0 +1,875 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Sun, 16 Aug 2015 10:50:20 +0200
+Subject: curl: backport CC version
+
+diff --git a/package/network/utils/curl/Config.in b/package/network/utils/curl/Config.in
+index 086f5c2..11cfa39 100644
+--- a/package/network/utils/curl/Config.in
++++ b/package/network/utils/curl/Config.in
+@@ -1,112 +1,154 @@
+-menu "Configuration"
+-	depends on PACKAGE_libcurl
++if PACKAGE_libcurl
++
++comment "SSL support"
+ 
+ choice
+-	prompt "SSL library"
++	prompt "Selected SSL library"
+ 	default LIBCURL_POLARSSL
+ 
+-config LIBCURL_POLARSSL
+-	bool "PolarSSL"
++	config LIBCURL_POLARSSL
++		bool "PolarSSL"
+ 
+-config LIBCURL_CYASSL
+-	bool "CyaSSL"
++	config LIBCURL_CYASSL
++		bool "CyaSSL"
+ 
+-config LIBCURL_AXTLS
+-	bool "axTLS"
++	config LIBCURL_AXTLS
++		bool "axTLS"
+ 
+-config LIBCURL_OPENSSL
+-	bool "OpenSSL"
++	config LIBCURL_OPENSSL
++		bool "OpenSSL"
+ 
+-config LIBCURL_GNUTLS
+-	bool "GNUTLS"
++	config LIBCURL_GNUTLS
++		bool "GNUTLS"
+ 
+-config LIBCURL_NOSSL
+-	bool "No SSL support"
++	config LIBCURL_NOSSL
++		bool "No SSL support"
+ 
+ endchoice
+ 
+-config LIBCURL_COOKIES
+-	bool "Enable cookies support"
+-	default y
+-
+-config LIBCURL_CRYPTO_AUTH
+-	bool "Enable cryptographic authentication"
+-	default n
++comment "Supported protocols"
+ 
+ config LIBCURL_DICT
+-	bool "Enable DICT support"
++	bool "DICT protocol"
+ 	default n
+ 
+ config LIBCURL_FILE
+-	bool "Enable FILE support"
++	bool "FILE protocol"
+ 	default y
+ 
+ config LIBCURL_FTP
+-	bool "Enable FTP support"
++	bool "FTP / FTPS protocol"
+ 	default y
+ 
+ config LIBCURL_GOPHER
+-	bool "Enable Gopher support"
++	bool "Gopher protocol"
+ 	default n
+ 
+ config LIBCURL_HTTP
+-	bool "Enable HTTP support"
++	bool "HTTP / HTTPS protocol"
++	default y
++
++config LIBCURL_COOKIES
++	bool "Enable Cookies support"
++	depends on LIBCURL_HTTP
+ 	default y
+ 
+ config LIBCURL_IMAP
+-	bool "Enable IMAP support"
++	bool "IMAP / IMAPS protocol"
+ 	default n
+ 
+ config LIBCURL_LDAP
+-	bool "Enable LDAP support"
++	bool "LDAP protocol"
+ 	default n
+ 
+ config LIBCURL_LDAPS
+ 	bool "Enable LDAPS support"
+-	default n
+-
+-config LIBCURL_LIBCURL_OPTION
+-	bool "Enable --libcurl C code generation support"
+-	default n
++	depends on LIBCURL_LDAP && !LIBCURL_NOSSL
++	default y
+ 
+ config LIBCURL_POP3
+-	bool "Enable POP3 support"
++	bool "POP3 / POP3S protocol"
+ 	default n
+ 
+-config LIBCURL_PROXY
+-	bool "Enable proxy support"
++config LIBCURL_RTSP
++	bool "RTSP protocol"
++	depends on LIBCURL_HTTP
+ 	default n
++config LIBCURL_NO_RTSP
++	string "RTSP require HTTP protocol"
++	depends on !LIBCURL_HTTP
++	default "!"
+ 
+-config LIBCURL_RTSP
+-	bool "Enable RTSP support"
++config LIBCURL_SSH2
++	bool "SCP / SFTP protocol"
+ 	default n
+ 
+-config LIBCURL_SMTP
+-	bool "Enable SMTP support"
++config LIBCURL_SMB
++	bool "SMB protocol (CIFS)"
++	depends on LIBCURL_CRYPTO_AUTH && (LIBCURL_GNUTLS || LIBCURL_OPENSSL)
+ 	default n
++config LIBCURL_NO_SMB
++	string "SMB require 'cryptographic authentication' and either 'GnuTLS' or 'OpenSSL'"
++	depends on !LIBCURL_CRYPTO_AUTH || (!LIBCURL_GNUTLS && !LIBCURL_OPENSSL)
++	default "!"
+ 
+-config LIBCURL_SSPI
+-	bool "Enable SSPI"
++config LIBCURL_SMTP
++	bool "SMTP / SMTPS protocol"
+ 	default n
+ 
+ config LIBCURL_TELNET
+-	bool "Enable TELNET support"
++	bool "TELNET protocol"
+ 	default n
+ 
+ config LIBCURL_TFTP
+-	bool "Enable TFTP support"
++	bool "TFTP protocol"
+ 	default n
+ 
+-config LIBCURL_THREADED_RESOLVER
+-	bool "Enable threaded resolver"
++comment "Miscellaneous"
++
++config LIBCURL_PROXY
++	bool "Enable proxy support"
++	default y
++
++config LIBCURL_CRYPTO_AUTH
++	bool "Enable cryptographic authentication"
+ 	default n
+ 
+-config LIBCURL_TLS-SRP
++config LIBCURL_TLS_SRP
+ 	bool "Enable TLS-SRP authentication"
+ 	default n
+ 
++config LIBCURL_LIBIDN
++	bool "Enable IDN support"
++	default n
++
++config LIBCURL_THREADED_RESOLVER
++	bool "Enable threaded DNS resolver"
++	default n
++	help
++		Enable POSIX threaded asynchronous DNS resolution
++
+ config LIBCURL_ZLIB
+-	bool "Use zlib"
++	bool "Enable zlib support"
++	default n
++
++config LIBCURL_UNIX_SOCKETS
++	bool "Enable unix domain socket support"
++	default n
++	help
++		Enable HTTP over unix domain sockets.
++		To use this with the curl command line, you specify the socket path to the new --unix-domain option.
++		This feature is actually not limited to HTTP, you can do all the TCP-based protocols 
++		except FTP over the unix domain socket, but it is only HTTP that is regularly used this way. 
++		The reason FTP isn't supported is of course its use of two connections 
++		which would be even weirder to do like this.
++
++config LIBCURL_LIBCURL_OPTION
++	bool "Enable generation of C code"
++	default n
++
++config LIBCURL_VERBOSE
++	bool "Enable verbose error strings"
+ 	default n
+ 
+-endmenu
++endif
+diff --git a/package/network/utils/curl/Makefile b/package/network/utils/curl/Makefile
+index 0bb8323..7f6d355 100644
+--- a/package/network/utils/curl/Makefile
++++ b/package/network/utils/curl/Makefile
+@@ -1,5 +1,5 @@
+ #
+-# Copyright (C) 2007-2014 OpenWrt.org
++# Copyright (C) 2007-2015 OpenWrt.org
+ #
+ # This is free software, licensed under the GNU General Public License v2.
+ # See /LICENSE for more information.
+@@ -8,8 +8,8 @@
+ include $(TOPDIR)/rules.mk
+ 
+ PKG_NAME:=curl
+-PKG_VERSION:=7.38.0
+-PKG_RELEASE:=1
++PKG_VERSION:=7.40.0
++PKG_RELEASE:=3
+ 
+ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+ PKG_SOURCE_URL:=http://curl.haxx.se/download/ \
+@@ -18,7 +18,7 @@ PKG_SOURCE_URL:=http://curl.haxx.se/download/ \
+ 	ftp://ftp.planetmirror.com/pub/curl/ \
+ 	http://www.mirrormonster.com/curl/download/ \
+ 	http://curl.mirrors.cyberservers.net/download/
+-PKG_MD5SUM:=af6b3c299bd891f43cb5f76c4091b7b4
++PKG_MD5SUM:=8d30594212e65657a5c32030f0998fa9
+ 
+ PKG_LICENSE:=MIT
+ PKG_LICENSE_FILES:=COPYING
+@@ -26,34 +26,45 @@ PKG_LICENSE_FILES:=COPYING
+ PKG_FIXUP:=autoreconf
+ PKG_BUILD_PARALLEL:=1
+ 
+-PKG_CONFIG_DEPENDS := \
+-  LIBCURL_AXTLS \
+-  LIBCURL_COOKIES \
+-  LIBCURL_CRYPTO_AUTH \
+-  LIBCURL_CYASSL \
+-  LIBCURL_DICT \
+-  LIBCURL_FILE \
+-  LIBCURL_FTP \
+-  LIBCURL_GNUTLS \
+-  LIBCURL_GOPHER \
+-  LIBCURL_HTTP \
+-  LIBCURL_IMAP \
+-  LIBCURL_LDAP \
+-  LIBCURL_LDAPS \
+-  LIBCURL_LIBCURL_OPTION \
+-  LIBCURL_NOSSL \
+-  LIBCURL_OPENSSL \
+-  LIBCURL_POLARSSL \
+-  LIBCURL_POP3 \
+-  LIBCURL_PROXY \
+-  LIBCURL_RTSP \
+-  LIBCURL_SMTP \
+-  LIBCURL_SSPI \
+-  LIBCURL_TELNET \
+-  LIBCURL_TFTP \
+-  LIBCURL_THREADED_RESOLVER \
+-  LIBCURL_TLS-SRP \
+-  LIBCURL_ZLIB
++PKG_CONFIG_DEPENDS:= \
++  CONFIG_IPV6 \
++  \
++  CONFIG_LIBCURL_AXTLS \
++  CONFIG_LIBCURL_CYASSL \
++  CONFIG_LIBCURL_GNUTLS \
++  CONFIG_LIBCURL_OPENSSL \
++  CONFIG_LIBCURL_POLARSSL \
++  CONFIG_LIBCURL_NOSSL \
++  \
++  CONFIG_LIBCURL_LIBIDN \
++  CONFIG_LIBCURL_SSH2 \
++  CONFIG_LIBCURL_ZLIB \
++  \
++  CONFIG_LIBCURL_DICT \
++  CONFIG_LIBCURL_FILE \
++  CONFIG_LIBCURL_FTP \
++  CONFIG_LIBCURL_GOPHER \
++  CONFIG_LIBCURL_HTTP \
++  CONFIG_LIBCURL_IMAP \
++  CONFIG_LIBCURL_LDAP \
++  CONFIG_LIBCURL_LDAPS \
++  CONFIG_LIBCURL_POP3 \
++  CONFIG_LIBCURL_RTSP \
++  CONFIG_LIBCURL_NO_RTSP \
++  CONFIG_LIBCURL_SMB \
++  CONFIG_LIBCURL_NO_SMB \
++  CONFIG_LIBCURL_SMTP \
++  CONFIG_LIBCURL_TELNET \
++  CONFIG_LIBCURL_TFTP \
++  \
++  CONFIG_LIBCURL_COOKIES \
++  CONFIG_LIBCURL_CRYPTO_AUTH \
++  CONFIG_LIBCURL_LIBCURL_OPTION \
++  CONFIG_LIBCURL_PROXY \
++  CONFIG_LIBCURL_THREADED_RESOLVER \
++  CONFIG_LIBCURL_TLS_SRP \
++  CONFIG_LIBCURL_UNIX_SOCKETS \
++  CONFIG_LIBCURL_VERBOSE
+ 
+ include $(INCLUDE_DIR)/package.mk
+ 
+@@ -75,8 +86,9 @@ define Package/libcurl
+   $(call Package/curl/Default)
+   SECTION:=libs
+   CATEGORY:=Libraries
+-  DEPENDS:=+LIBCURL_POLARSSL:libpolarssl +LIBCURL_CYASSL:libcyassl +LIBCURL_AXTLS:libaxtls +LIBCURL_OPENSSL:libopenssl +LIBCURL_GNUTLS:libgnutls +LIBCURL_ZLIB:zlib +LIBCURL_THREADED_RESOLVER:libpthread
+-  TITLE:=A client-side URL transfer library using $(if $(CONFIG_LIBCURL_POLARSSL),PolarSSL)$(if $(CONFIG_LIBCURL_OPENSSL),OpenSSL)$(if $(CONFIG_LIBCURL_GNUTLS),GNUTLS)$(if $(CONFIG_LIBCURL_NOSSL),no SSL)
++  DEPENDS:=+LIBCURL_POLARSSL:libpolarssl +LIBCURL_CYASSL:libcyassl +LIBCURL_AXTLS:libaxtls +LIBCURL_OPENSSL:libopenssl +LIBCURL_GNUTLS:libgnutls 
++  DEPENDS += +LIBCURL_ZLIB:zlib +LIBCURL_THREADED_RESOLVER:libpthread +LIBCURL_LDAP:libopenldap +LIBCURL_LIBIDN:libidn +LIBCURL_SSH2:libssh2
++  TITLE:=A client-side URL transfer library
+   MENU:=1
+ endef
+ 
+@@ -88,46 +100,51 @@ endef
+ TARGET_CFLAGS += $(FPIC)
+ 
+ CONFIGURE_ARGS += \
++	--disable-debug \
++	--disable-ares \
+ 	--enable-shared \
+ 	--enable-static \
+-	--disable-thread \
+-	--enable-nonblocking \
+-	--disable-ares \
+-	--disable-debug \
+ 	--disable-manual \
+-	--disable-verbose \
+ 	--without-ca-bundle \
+-	--without-krb4 \
+-	--without-libidn \
+ 	--without-nss \
+-	--without-libssh2 \
++	--without-libmetalink \
++	--without-librtmp \
++	\
+ 	$(call autoconf_bool,CONFIG_IPV6,ipv6) \
+-	$(if $(CONFIG_LIBCURL_AXTLS),--with-axtls="$(STAGING_DIR)/usr",--without-axtls) \
+-	$(if $(CONFIG_LIBCURL_COOKIES),--enable,--disable)-cookies \
+-	$(if $(CONFIG_LIBCURL_CRYPTO-AUTH),--enable,--disable)-crypto-auth \
+-	$(if $(CONFIG_LIBCURL_CYASSL),--with-cyassl="$(STAGING_DIR)/usr",--without-cyassl) \
+-	$(if $(CONFIG_LIBCURL_DICT),--enable,--disable)-dict \
+-	$(if $(CONFIG_LIBCURL_FILE),--enable,--disable)-file \
+-	$(if $(CONFIG_LIBCURL_FTP),--enable,--disable)-ftp \
+-	$(if $(CONFIG_LIBCURL_GOPHER),--enable,--disable)-gopher \
+-	$(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr",--without-gnutls) \
+-	$(if $(CONFIG_LIBCURL_HTTP),--enable,--disable)-http \
+-	$(if $(CONFIG_LIBCURL_IMAP),--enable,--disable)-imap \
+-	$(if $(CONFIG_LIBCURL_LDAP),--enable,--disable)-ldap \
+-	$(if $(CONFIG_LIBCURL_LDAPS),--enable,--disable)-ldaps \
+-	$(if $(CONFIG_LIBCURL_LIBCURL-OPTION),--enable,--disable)-libcurl-option \
+-	$(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr",--without-ssl) \
+-	$(if $(CONFIG_LIBCURL_POLARSSL),--with-polarssl="$(STAGING_DIR)/usr",--without-polarssl) \
+-	$(if $(CONFIG_LIBCURL_POP3),--enable,--disable)-pop3 \
+-	$(if $(CONFIG_LIBCURL_PROXY),--enable,--disable)-proxy \
+-	$(if $(CONFIG_LIBCURL_RTSP),--enable,--disable)-rtsp \
+-	$(if $(CONFIG_LIBCURL_TELNET),--enable,--disable)-telnet \
+-	$(if $(CONFIG_LIBCURL_TFTP),--enable,--disable)-tftp \
+-	$(if $(CONFIG_LIBCURL_SMTP),--enable,--disable)-smtp \
+-	$(if $(CONFIG_LIBCURL_SSPI),--enable,--disable)-sspi \
+-	$(if $(CONFIG_LIBCURL_THREADED_RESOLVER),--enable,--disable)-threaded-resolver \
+-	$(if $(CONFIG_LIBCURL_TLS-SRP),--enable,--disable)-tls-srp \
++	\
++	$(if $(CONFIG_LIBCURL_AXTLS),--with-axtls="$(STAGING_DIR)/usr" --without-ca-path,--without-axtls) \
++	$(if $(CONFIG_LIBCURL_CYASSL),--with-cyassl="$(STAGING_DIR)/usr" --without-ca-path,--without-cyassl) \
++	$(if $(CONFIG_LIBCURL_GNUTLS),--with-gnutls="$(STAGING_DIR)/usr" --without-ca-path,--without-gnutls) \
++	$(if $(CONFIG_LIBCURL_OPENSSL),--with-ssl="$(STAGING_DIR)/usr" --with-ca-path=/etc/ssl/certs,--without-ssl) \
++	$(if $(CONFIG_LIBCURL_POLARSSL),--with-polarssl="$(STAGING_DIR)/usr" --with-ca-path=/etc/ssl/certs,--without-polarssl) \
++	\
++	$(if $(CONFIG_LIBCURL_LIBIDN),--with-libidn="$(STAGING_DIR)/usr",--without-libidn) \
++	$(if $(CONFIG_LIBCURL_SSH2),--with-libssh2="$(STAGING_DIR)/usr",--without-libssh2) \
+ 	$(if $(CONFIG_LIBCURL_ZLIB),--with-zlib="$(STAGING_DIR)/usr",--without-zlib) \
++	\
++	$(call autoconf_bool,CONFIG_LIBCURL_DICT,dict) \
++	$(call autoconf_bool,CONFIG_LIBCURL_FILE,file) \
++	$(call autoconf_bool,CONFIG_LIBCURL_FTP,ftp) \
++	$(call autoconf_bool,CONFIG_LIBCURL_GOPHER,gopher) \
++	$(call autoconf_bool,CONFIG_LIBCURL_HTTP,http) \
++	$(call autoconf_bool,CONFIG_LIBCURL_IMAP,imap) \
++	$(call autoconf_bool,CONFIG_LIBCURL_LDAP,ldap) \
++	$(call autoconf_bool,CONFIG_LIBCURL_LDAPS,ldaps) \
++	$(call autoconf_bool,CONFIG_LIBCURL_POP3,pop3) \
++	$(call autoconf_bool,CONFIG_LIBCURL_RTSP,rtsp) \
++	$(call autoconf_bool,CONFIG_LIBCURL_SMB,smb) \
++	$(call autoconf_bool,CONFIG_LIBCURL_SMTP,smtp) \
++	$(call autoconf_bool,CONFIG_LIBCURL_TELNET,telnet) \
++	$(call autoconf_bool,CONFIG_LIBCURL_TFTP,tftp) \
++	\
++	$(call autoconf_bool,CONFIG_LIBCURL_COOKIES,cookies) \
++	$(call autoconf_bool,CONFIG_LIBCURL_CRYPTO_AUTH,crypto-auth) \
++	$(call autoconf_bool,CONFIG_LIBCURL_LIBCURL_OPTION,libcurl-option) \
++	$(call autoconf_bool,CONFIG_LIBCURL_PROXY,proxy) \
++	$(call autoconf_bool,CONFIG_LIBCURL_THREADED_RESOLVER,threaded-resolver) \
++	$(call autoconf_bool,CONFIG_LIBCURL_TLS_SRP,tls-srp) \
++	$(call autoconf_bool,CONFIG_LIBCURL_UNIX_SOCKETS,unix-sockets) \
++	$(call autoconf_bool,CONFIG_LIBCURL_VERBOSE,verbose) \
+ 
+ define Build/Compile
+ 	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
+@@ -144,7 +161,7 @@ define Build/InstallDev
+ 	$(CP) $(PKG_BUILD_DIR)/libcurl.pc $(1)/usr/lib/pkgconfig/
+ 	$(SED) 's,-L$$$${exec_prefix}/lib,,g' $(1)/usr/bin/curl-config
+ 	[ -n "$(TARGET_LDFLAGS)" ] && $(SED) 's#$(TARGET_LDFLAGS)##g' $(1)/usr/lib/pkgconfig/libcurl.pc || true
+-	ln -sf $(STAGING_DIR)/usr/bin/curl-config $(2)/bin/
++	$(LN) $(STAGING_DIR)/usr/bin/curl-config $(2)/bin/
+ endef
+ 
+ define Package/curl/install
+diff --git a/package/network/utils/curl/patches/010-CVE-2015-3143.patch b/package/network/utils/curl/patches/010-CVE-2015-3143.patch
+new file mode 100644
+index 0000000..697c9c9
+--- /dev/null
++++ b/package/network/utils/curl/patches/010-CVE-2015-3143.patch
+@@ -0,0 +1,28 @@
++From d7d1bc8f08eea1a85ab0d794bc1561659462d937 Mon Sep 17 00:00:00 2001
++From: Daniel Stenberg <daniel@haxx.se>
++Date: Thu, 16 Apr 2015 13:26:46 +0200
++Subject: [PATCH] ConnectionExists: for NTLM re-use, require credentials to
++ match
++
++CVE-2015-3143
++
++Bug: http://curl.haxx.se/docs/adv_20150422A.html
++Reported-by: Paras Sethia
++---
++ lib/url.c | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++--- a/lib/url.c
+++++ b/lib/url.c
++@@ -3184,7 +3184,11 @@ ConnectionExists(struct SessionHandle *d
++       }
++ 
++       if((!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) ||
+++#if defined(USE_NTLM)
+++         (wantNTLMhttp || check->ntlm.state != NTLMSTATE_NONE)) {
+++#else
++          wantNTLMhttp) {
+++#endif
++         /* This protocol requires credentials per connection or is HTTP+NTLM,
++            so verify that we're using the same name and password as well */
++         if(!strequal(needle->user, check->user) ||
+diff --git a/package/network/utils/curl/patches/011-CVE-2015-3144.patch b/package/network/utils/curl/patches/011-CVE-2015-3144.patch
+new file mode 100644
+index 0000000..7da9489
+--- /dev/null
++++ b/package/network/utils/curl/patches/011-CVE-2015-3144.patch
+@@ -0,0 +1,32 @@
++From 6218ded6001ea330e589f92b6b2fa12777752b5d Mon Sep 17 00:00:00 2001
++From: Daniel Stenberg <daniel@haxx.se>
++Date: Thu, 16 Apr 2015 23:52:04 +0200
++Subject: [PATCH] fix_hostname: zero length host name caused -1 index offset
++MIME-Version: 1.0
++Content-Type: text/plain; charset=UTF-8
++Content-Transfer-Encoding: 8bit
++
++If a URL is given with a zero-length host name, like in "http://:80" or
++just ":80", `fix_hostname()` will index the host name pointer with a -1
++offset (as it blindly assumes a non-zero length) and both read and
++assign that address.
++
++CVE-2015-3144
++
++Bug: http://curl.haxx.se/docs/adv_20150422D.html
++Reported-by: Hanno Böck
++---
++ lib/url.c | 2 +-
++ 1 file changed, 1 insertion(+), 1 deletion(-)
++
++--- a/lib/url.c
+++++ b/lib/url.c
++@@ -3606,7 +3606,7 @@ static void fix_hostname(struct SessionH
++   host->dispname = host->name;
++ 
++   len = strlen(host->name);
++-  if(host->name[len-1] == '.')
+++  if(len && (host->name[len-1] == '.'))
++     /* strip off a single trailing dot if present, primarily for SNI but
++        there's no use for it */
++     host->name[len-1]=0;
+diff --git a/package/network/utils/curl/patches/012-CVE-2015-3145.patch b/package/network/utils/curl/patches/012-CVE-2015-3145.patch
+new file mode 100644
+index 0000000..c7ecbe9
+--- /dev/null
++++ b/package/network/utils/curl/patches/012-CVE-2015-3145.patch
+@@ -0,0 +1,53 @@
++From ea595c516bc936a514753597aa6c59fd6eb0765e Mon Sep 17 00:00:00 2001
++From: Daniel Stenberg <daniel@haxx.se>
++Date: Thu, 16 Apr 2015 16:37:40 +0200
++Subject: [PATCH] cookie: cookie parser out of boundary memory access
++MIME-Version: 1.0
++Content-Type: text/plain; charset=UTF-8
++Content-Transfer-Encoding: 8bit
++
++The internal libcurl function called sanitize_cookie_path() that cleans
++up the path element as given to it from a remote site or when read from
++a file, did not properly validate the input. If given a path that
++consisted of a single double-quote, libcurl would index a newly
++allocated memory area with index -1 and assign a zero to it, thus
++destroying heap memory it wasn't supposed to.
++
++CVE-2015-3145
++
++Bug: http://curl.haxx.se/docs/adv_20150422C.html
++Reported-by: Hanno Böck
++---
++ lib/cookie.c | 12 +++++++-----
++ 1 file changed, 7 insertions(+), 5 deletions(-)
++
++--- a/lib/cookie.c
+++++ b/lib/cookie.c
++@@ -236,11 +236,14 @@ static char *sanitize_cookie_path(const
++     return NULL;
++ 
++   /* some stupid site sends path attribute with '"'. */
+++  len = strlen(new_path);
++   if(new_path[0] == '\"') {
++-    memmove((void *)new_path, (const void *)(new_path + 1), strlen(new_path));
+++    memmove((void *)new_path, (const void *)(new_path + 1), len);
+++    len--;
++   }
++-  if(new_path[strlen(new_path) - 1] == '\"') {
++-    new_path[strlen(new_path) - 1] = 0x0;
+++  if(len && (new_path[len - 1] == '\"')) {
+++    new_path[len - 1] = 0x0;
+++    len--;
++   }
++ 
++   /* RFC6265 5.2.4 The Path Attribute */
++@@ -252,8 +255,7 @@ static char *sanitize_cookie_path(const
++   }
++ 
++   /* convert /hoge/ to /hoge */
++-  len = strlen(new_path);
++-  if(1 < len && new_path[len - 1] == '/') {
+++  if(len && new_path[len - 1] == '/') {
++     new_path[len - 1] = 0x0;
++   }
++ 
+diff --git a/package/network/utils/curl/patches/013-CVE-2015-3148.patch b/package/network/utils/curl/patches/013-CVE-2015-3148.patch
+new file mode 100644
+index 0000000..ed52160
+--- /dev/null
++++ b/package/network/utils/curl/patches/013-CVE-2015-3148.patch
+@@ -0,0 +1,37 @@
++From 6abfb512ed22c2de891a4398616d81a2a0690b5a Mon Sep 17 00:00:00 2001
++From: Daniel Stenberg <daniel@haxx.se>
++Date: Sat, 18 Apr 2015 23:50:16 +0200
++Subject: [PATCH] http_done: close Negotiate connections when done
++
++When doing HTTP requests Negotiate authenticated, the entire connnection
++may become authenticated and not just the specific HTTP request which is
++otherwise how HTTP works, as Negotiate can basically use NTLM under the
++hood. curl was not adhering to this fact but would assume that such
++requests would also be authenticated per request.
++
++CVE-2015-3148
++
++Bug: http://curl.haxx.se/docs/adv_20150422B.html
++Reported-by: Isaac Boukris
++---
++ lib/http.c | 8 +++++++-
++ 1 file changed, 7 insertions(+), 1 deletion(-)
++
++--- a/lib/http.c
+++++ b/lib/http.c
++@@ -1493,8 +1493,14 @@ CURLcode Curl_http_done(struct connectda
++ 
++ #ifdef USE_SPNEGO
++   if(data->state.proxyneg.state == GSS_AUTHSENT ||
++-      data->state.negotiate.state == GSS_AUTHSENT)
+++      data->state.negotiate.state == GSS_AUTHSENT) {
+++    /* add forbid re-use if http-code != 401 as a WA
+++     * only needed for 401 that failed handling
+++     * otherwie state will be RECV with current code */
+++    if((data->req.httpcode != 401) && (data->req.httpcode != 407))
+++      connclose(conn, "Negotiate transfer completed");
++     Curl_cleanup_negotiate(data);
+++  }
++ #endif
++ 
++   /* set the proper values (possibly modified on POST) */
+diff --git a/package/network/utils/curl/patches/014-CVE-2015-3153.patch b/package/network/utils/curl/patches/014-CVE-2015-3153.patch
+new file mode 100644
+index 0000000..f6d37d4
+--- /dev/null
++++ b/package/network/utils/curl/patches/014-CVE-2015-3153.patch
+@@ -0,0 +1,95 @@
++From 69a2e8d7ec581695a62527cb2252e7350f314ffa Mon Sep 17 00:00:00 2001
++From: Daniel Stenberg <daniel@haxx.se>
++Date: Thu, 23 Apr 2015 15:58:21 +0200
++Subject: [PATCH] CURLOPT_HEADEROPT: default to separate
++
++Make the HTTP headers separated by default for improved security and
++reduced risk for information leakage.
++
++Bug: http://curl.haxx.se/docs/adv_20150429.html
++Reported-by: Yehezkel Horowitz, Oren Souroujon
++---
++ docs/libcurl/opts/CURLOPT_HEADEROPT.3 | 12 ++++++------
++ lib/url.c                             |  1 +
++ tests/data/test1527                   |  2 +-
++ tests/data/test287                    |  2 +-
++ tests/libtest/lib1527.c               |  1 +
++ 5 files changed, 10 insertions(+), 8 deletions(-)
++
++--- a/docs/libcurl/opts/CURLOPT_HEADEROPT.3
+++++ b/docs/libcurl/opts/CURLOPT_HEADEROPT.3
++@@ -5,7 +5,7 @@
++ .\" *                            | (__| |_| |  _ <| |___
++ .\" *                             \___|\___/|_| \_\_____|
++ .\" *
++-.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
+++.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
++ .\" *
++ .\" * This software is licensed as described in the file COPYING, which
++ .\" * you should have received as part of this distribution. The terms
++@@ -31,10 +31,10 @@ CURLcode curl_easy_setopt(CURL *handle,
++ Pass a long that is a bitmask of options of how to deal with headers. The two
++ mutually exclusive options are:
++ 
++-\fBCURLHEADER_UNIFIED\fP - keep working as before. This means
++-\fICURLOPT_HTTPHEADER(3)\fP headers will be used in requests both to servers
++-and proxies. With this option enabled, \fICURLOPT_PROXYHEADER(3)\fP will not
++-have any effect.
+++\fBCURLHEADER_UNIFIED\fP - the headers specified in
+++\fICURLOPT_HTTPHEADER(3)\fP will be used in requests both to servers and
+++proxies. With this option enabled, \fICURLOPT_PROXYHEADER(3)\fP will not have
+++any effect.
++ 
++ \fBCURLHEADER_SEPARATE\fP - makes \fICURLOPT_HTTPHEADER(3)\fP headers only get
++ sent to a server and not to a proxy. Proxy headers must be set with
++@@ -44,7 +44,7 @@ headers. When doing CONNECT, libcurl wil
++ headers only to the proxy and then \fICURLOPT_HTTPHEADER(3)\fP headers only to
++ the server.
++ .SH DEFAULT
++-CURLHEADER_UNIFIED
+++CURLHEADER_SEPARATE (changed in 7.42.1, ased CURLHEADER_UNIFIED before then)
++ .SH PROTOCOLS
++ HTTP
++ .SH EXAMPLE
++--- a/lib/url.c
+++++ b/lib/url.c
++@@ -605,6 +605,7 @@ CURLcode Curl_init_userdefined(struct Us
++   set->ssl_enable_alpn = TRUE;
++ 
++   set->expect_100_timeout = 1000L; /* Wait for a second by default. */
+++  set->sep_headers = TRUE; /* separated header lists by default */
++   return result;
++ }
++ 
++--- a/tests/data/test1527
+++++ b/tests/data/test1527
++@@ -45,7 +45,7 @@ http-proxy
++ lib1527
++ </tool>
++  <name>
++-Check same headers are generated without CURLOPT_PROXYHEADER
+++Check same headers are generated with CURLOPT_HEADEROPT == CURLHEADER_UNIFIED
++  </name>
++  <command>
++  http://the.old.moo.1527:%HTTPPORT/1527 %HOSTIP:%PROXYPORT
++--- a/tests/data/test287
+++++ b/tests/data/test287
++@@ -28,7 +28,7 @@ http
++ HTTP proxy CONNECT with custom User-Agent header
++  </name>
++  <command>
++-http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2007" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel
+++http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2015" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel --proxy-header "User-Agent: looser/2007"
++ </command>
++ </client>
++ 
++--- a/tests/libtest/lib1527.c
+++++ b/tests/libtest/lib1527.c
++@@ -83,6 +83,7 @@ int test(char *URL)
++   test_setopt(curl, CURLOPT_READFUNCTION, read_callback);
++   test_setopt(curl, CURLOPT_HTTPPROXYTUNNEL, 1L);
++   test_setopt(curl, CURLOPT_INFILESIZE, strlen(data));
+++  test_setopt(curl, CURLOPT_HEADEROPT, CURLHEADER_UNIFIED);
++ 
++   res = curl_easy_perform(curl);
++ 
+diff --git a/package/network/utils/curl/patches/015-CVE-2015-3236.patch b/package/network/utils/curl/patches/015-CVE-2015-3236.patch
+new file mode 100644
+index 0000000..720fb94
+--- /dev/null
++++ b/package/network/utils/curl/patches/015-CVE-2015-3236.patch
+@@ -0,0 +1,42 @@
++From e6d7c30734487246e83b95520e81bc1ccf0a2376 Mon Sep 17 00:00:00 2001
++From: Kamil Dudka <kdudka@redhat.com>
++Date: Thu, 28 May 2015 20:04:35 +0200
++Subject: [PATCH] http: do not leak basic auth credentials on re-used
++ connections
++
++CVE-2015-3236
++
++This partially reverts commit curl-7_39_0-237-g87c4abb
++
++Bug: http://curl.haxx.se/docs/adv_20150617A.html
++---
++ lib/http.c | 16 ++++------------
++ 1 file changed, 4 insertions(+), 12 deletions(-)
++
++--- a/lib/http.c
+++++ b/lib/http.c
++@@ -2333,20 +2333,12 @@ CURLcode Curl_http(struct connectdata *c
++                      te
++       );
++ 
++-  /*
++-   * Free userpwd for Negotiate/NTLM. Cannot reuse as it is associated with
++-   * the connection and shouldn't be repeated over it either.
++-   */
++-  switch (data->state.authhost.picked) {
++-  case CURLAUTH_NEGOTIATE:
++-  case CURLAUTH_NTLM:
++-  case CURLAUTH_NTLM_WB:
++-    Curl_safefree(conn->allocptr.userpwd);
++-    break;
++-  }
+++  /* clear userpwd to avoid re-using credentials from re-used connections */
+++  Curl_safefree(conn->allocptr.userpwd);
++ 
++   /*
++-   * Same for proxyuserpwd
+++   * Free proxyuserpwd for Negotiate/NTLM. Cannot reuse as it is associated
+++   * with the connection and shouldn't be repeated over it either.
++    */
++   switch (data->state.authproxy.picked) {
++   case CURLAUTH_NEGOTIATE:
+diff --git a/package/network/utils/curl/patches/016-CVE-2015-3237.patch b/package/network/utils/curl/patches/016-CVE-2015-3237.patch
+new file mode 100644
+index 0000000..6942a04
+--- /dev/null
++++ b/package/network/utils/curl/patches/016-CVE-2015-3237.patch
+@@ -0,0 +1,35 @@
++From d2f1a8bdce9d77a277d05adae025d369c1bdd9e6 Mon Sep 17 00:00:00 2001
++From: Daniel Stenberg <daniel@haxx.se>
++Date: Fri, 22 May 2015 10:28:21 +0200
++Subject: [PATCH] SMB: rangecheck values read off incoming packet
++
++CVE-2015-3237
++
++Detected by Coverity. CID 1299430.
++
++Bug: http://curl.haxx.se/docs/adv_20150617B.html
++---
++ lib/smb.c | 12 +++++++++---
++ 1 file changed, 9 insertions(+), 3 deletions(-)
++
++--- a/lib/smb.c
+++++ b/lib/smb.c
++@@ -783,9 +783,15 @@ static CURLcode smb_request_state(struct
++     off = Curl_read16_le(((unsigned char *) msg) +
++                          sizeof(struct smb_header) + 13);
++     if(len > 0) {
++-      result = Curl_client_write(conn, CLIENTWRITE_BODY,
++-                                 (char *)msg + off + sizeof(unsigned int),
++-                                 len);
+++      struct smb_conn *smbc = &conn->proto.smbc;
+++      if(off + sizeof(unsigned int) + len > smbc->got) {
+++        failf(conn->data, "Invalid input packet");
+++        result = CURLE_RECV_ERROR;
+++      }
+++      else
+++        result = Curl_client_write(conn, CLIENTWRITE_BODY,
+++                                   (char *)msg + off + sizeof(unsigned int),
+++                                   len);
++       if(result) {
++         req->result = result;
++         next_state = SMB_CLOSE;
+diff --git a/package/network/utils/curl/patches/100-check_long_long.patch b/package/network/utils/curl/patches/100-check_long_long.patch
+index 05fb1bf..2dd8cc7 100644
+--- a/package/network/utils/curl/patches/100-check_long_long.patch
++++ b/package/network/utils/curl/patches/100-check_long_long.patch
+@@ -1,6 +1,6 @@
+ --- a/configure.ac
+ +++ b/configure.ac
+-@@ -2877,6 +2877,7 @@ CURL_VERIFY_RUNTIMELIBS
++@@ -2885,6 +2885,7 @@ CURL_VERIFY_RUNTIMELIBS
+  
+  AC_CHECK_SIZEOF(size_t)
+  AC_CHECK_SIZEOF(long)
+diff --git a/package/network/utils/curl/patches/200-no_docs_tests.patch b/package/network/utils/curl/patches/200-no_docs_tests.patch
+index 42619a3..2845577 100644
+--- a/package/network/utils/curl/patches/200-no_docs_tests.patch
++++ b/package/network/utils/curl/patches/200-no_docs_tests.patch
+@@ -1,6 +1,6 @@
+ --- a/Makefile.am
+ +++ b/Makefile.am
+-@@ -128,7 +128,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP)
++@@ -129,7 +129,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP)
+  bin_SCRIPTS = curl-config
+  
+  SUBDIRS = lib src include
+@@ -11,7 +11,7 @@
+  pkgconfig_DATA = libcurl.pc
+ --- a/Makefile.in
+ +++ b/Makefile.in
+-@@ -574,7 +574,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP)
++@@ -577,7 +577,7 @@ CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP)
+  
+  bin_SCRIPTS = curl-config
+  SUBDIRS = lib src include
+@@ -19,4 +19,4 @@
+ +DIST_SUBDIRS = $(SUBDIRS) packages
+  pkgconfigdir = $(libdir)/pkgconfig
+  pkgconfig_DATA = libcurl.pc
+- LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c	\
++ LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c     \
+diff --git a/package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch b/package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch
+new file mode 100644
+index 0000000..3f88861
+--- /dev/null
++++ b/package/network/utils/curl/patches/300-fix-disable-crypto-auth.patch
+@@ -0,0 +1,25 @@
++--- a/lib/curl_ntlm_msgs.c
+++++ b/lib/curl_ntlm_msgs.c
++@@ -571,7 +571,7 @@ CURLcode Curl_sasl_create_ntlm_type3_mes
++   else
++ #endif
++ 
++-#if USE_NTRESPONSES && USE_NTLM2SESSION
+++#if USE_NTRESPONSES && USE_NTLM2SESSION && !defined(CURL_DISABLE_CRYPTO_AUTH)
++   /* We don't support NTLM2 if we don't have USE_NTRESPONSES */
++   if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM2_KEY) {
++     unsigned char ntbuffer[0x18];
++--- a/lib/vtls/vtls.c
+++++ b/lib/vtls/vtls.c
++@@ -835,9 +835,9 @@ void Curl_ssl_md5sum(unsigned char *tmp,
++                      unsigned char *md5sum, /* output */
++                      size_t md5len)
++ {
++-#ifdef curlssl_md5sum
+++#if defined(curlssl_md5sum)
++   curlssl_md5sum(tmp, tmplen, md5sum, md5len);
++-#else
+++#elif !defined(CURL_DISABLE_CRYPTO_AUTH)
++   MD5_context *MD5pw;
++ 
++   (void) md5len;
+diff --git a/package/network/utils/curl/patches/310-polarssl-disable-runtime-version-check.patch b/package/network/utils/curl/patches/310-polarssl-disable-runtime-version-check.patch
+new file mode 100644
+index 0000000..d008227
+--- /dev/null
++++ b/package/network/utils/curl/patches/310-polarssl-disable-runtime-version-check.patch
+@@ -0,0 +1,11 @@
++--- a/lib/vtls/polarssl.c
+++++ b/lib/vtls/polarssl.c
++@@ -591,7 +591,7 @@ void Curl_polarssl_session_free(void *pt
++ 
++ size_t Curl_polarssl_version(char *buffer, size_t size)
++ {
++-  unsigned int version = version_get_number();
+++  unsigned int version = POLARSSL_VERSION_NUMBER;
++   return snprintf(buffer, size, "PolarSSL/%d.%d.%d", version>>24,
++                   (version>>16)&0xff, (version>>8)&0xff);
++ }

patches/openwrt/0044-toolchain-gdb-update-source-URL.patch

@@ -0,0 +1,17 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Sun, 25 Oct 2015 18:05:18 +0100
+Subject: toolchain/gdb: update source URL
+
+diff --git a/toolchain/gdb/Makefile b/toolchain/gdb/Makefile
+index 10de1f8..d437c9a 100644
+--- a/toolchain/gdb/Makefile
++++ b/toolchain/gdb/Makefile
+@@ -13,7 +13,7 @@ PKG_VERSION:=linaro-$(PKG_REV)
+ 
+ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+ PKG_MD5SUM:=816290b91cff03912320089d353e8a12
+-PKG_SOURCE_URL:=https://releases.linaro.org/13.05/components/toolchain/gdb-linaro/
++PKG_SOURCE_URL:=https://releases.linaro.org/archive/13.05/components/toolchain/gdb-linaro/
+ 
+ HOST_BUILD_PARALLEL:=1
+ 

patches/openwrt/0045-tools-firmware-utils-tplink-safeloader-clean-up-code.patch

@@ -0,0 +1,107 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Thu, 15 Oct 2015 20:03:51 +0200
+Subject: tools/firmware-utils: tplink-safeloader: clean up code
+
+There is no reason for the internal functions not to be static.
+
+Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
+
+diff --git a/tools/firmware-utils/src/tplink-safeloader.c b/tools/firmware-utils/src/tplink-safeloader.c
+index 9c5bb54..4607a1d 100644
+--- a/tools/firmware-utils/src/tplink-safeloader.c
++++ b/tools/firmware-utils/src/tplink-safeloader.c
+@@ -152,7 +152,7 @@ static const unsigned char cpe510_support_list[] =
+ 
+ 
+ /** Allocates a new image partition */
+-struct image_partition_entry alloc_image_partition(const char *name, size_t len) {
++static struct image_partition_entry alloc_image_partition(const char *name, size_t len) {
+ 	struct image_partition_entry entry = {name, len, malloc(len)};
+ 	if (!entry.data)
+ 		error(1, errno, "malloc");
+@@ -161,12 +161,12 @@ struct image_partition_entry alloc_image_partition(const char *name, size_t len)
+ }
+ 
+ /** Frees an image partition */
+-void free_image_partition(struct image_partition_entry entry) {
++static void free_image_partition(struct image_partition_entry entry) {
+ 	free(entry.data);
+ }
+ 
+ /** Generates the partition-table partition */
+-struct image_partition_entry make_partition_table(const struct flash_partition_entry *p) {
++static struct image_partition_entry make_partition_table(const struct flash_partition_entry *p) {
+ 	struct image_partition_entry entry = alloc_image_partition("partition-table", 0x800);
+ 
+ 	char *s = (char *)entry.data, *end = (char *)(s+entry.size);
+@@ -202,7 +202,7 @@ static inline uint8_t bcd(uint8_t v) {
+ 
+ 
+ /** Generates the soft-version partition */
+-struct image_partition_entry make_soft_version(uint32_t rev) {
++static struct image_partition_entry make_soft_version(uint32_t rev) {
+ 	struct image_partition_entry entry = alloc_image_partition("soft-version", sizeof(struct soft_version));
+ 	struct soft_version *s = (struct soft_version *)entry.data;
+ 
+@@ -233,14 +233,14 @@ struct image_partition_entry make_soft_version(uint32_t rev) {
+ }
+ 
+ /** Generates the support-list partition */
+-struct image_partition_entry make_support_list(const unsigned char *support_list, size_t len) {
++static struct image_partition_entry make_support_list(const unsigned char *support_list, size_t len) {
+ 	struct image_partition_entry entry = alloc_image_partition("support-list", len);
+ 	memcpy(entry.data, support_list, len);
+ 	return entry;
+ }
+ 
+ /** Creates a new image partition with an arbitrary name from a file */
+-struct image_partition_entry read_file(const char *part_name, const char *filename, bool add_jffs2_eof) {
++static struct image_partition_entry read_file(const char *part_name, const char *filename, bool add_jffs2_eof) {
+ 	struct stat statbuf;
+ 
+ 	if (stat(filename, &statbuf) < 0)
+@@ -300,7 +300,7 @@ struct image_partition_entry read_file(const char *part_name, const char *filena
+ 
+    I think partition-table must be the first partition in the firmware image.
+ */
+-void put_partitions(uint8_t *buffer, const struct image_partition_entry *parts) {
++static void put_partitions(uint8_t *buffer, const struct image_partition_entry *parts) {
+ 	size_t i;
+ 	char *image_pt = (char *)buffer, *end = image_pt + 0x800;
+ 
+@@ -325,7 +325,7 @@ void put_partitions(uint8_t *buffer, const struct image_partition_entry *parts)
+ }
+ 
+ /** Generates and writes the image MD5 checksum */
+-void put_md5(uint8_t *md5, uint8_t *buffer, unsigned int len) {
++static void put_md5(uint8_t *md5, uint8_t *buffer, unsigned int len) {
+ 	MD5_CTX ctx;
+ 
+ 	MD5_Init(&ctx);
+@@ -349,7 +349,7 @@ void put_md5(uint8_t *md5, uint8_t *buffer, unsigned int len) {
+      1014-1813    Image partition table (2048 bytes, padded with 0xff)
+      1814-xxxx    Firmware partitions
+ */
+-void * generate_factory_image(const unsigned char *vendor, size_t vendor_len, const struct image_partition_entry *parts, size_t *len) {
++static void * generate_factory_image(const unsigned char *vendor, size_t vendor_len, const struct image_partition_entry *parts, size_t *len) {
+ 	*len = 0x1814;
+ 
+ 	size_t i;
+@@ -381,7 +381,7 @@ void * generate_factory_image(const unsigned char *vendor, size_t vendor_len, co
+    should be generalized when TP-LINK starts building its safeloader into hardware with
+    different flash layouts.
+ */
+-void * generate_sysupgrade_image(const struct flash_partition_entry *flash_parts, const struct image_partition_entry *image_parts, size_t *len) {
++static void * generate_sysupgrade_image(const struct flash_partition_entry *flash_parts, const struct image_partition_entry *image_parts, size_t *len) {
+ 	const struct flash_partition_entry *flash_os_image = &flash_parts[5];
+ 	const struct flash_partition_entry *flash_soft_version = &flash_parts[6];
+ 	const struct flash_partition_entry *flash_support_list = &flash_parts[7];
+@@ -459,7 +459,7 @@ static void do_cpe510(const char *output, const char *kernel_image, const char *
+ 
+ 
+ /** Usage output */
+-void usage(const char *argv0) {
++static void usage(const char *argv0) {
+ 	fprintf(stderr,
+ 		"Usage: %s [OPTIONS...]\n"
+ 		"\n"

patches/openwrt/0046-tools-firmware-utils-tplink-safeloader-fix-support-list-format-clean-up-vendor-information.patch

@@ -0,0 +1,126 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Thu, 15 Oct 2015 21:01:25 +0200
+Subject: tools/firmware-utils: tplink-safeloader: fix support-list format, clean up vendor information
+
+The first 4 bytes of the support list and the vendor information are
+supposed to contain the length of these fields.
+
+Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
+
+diff --git a/tools/firmware-utils/src/tplink-safeloader.c b/tools/firmware-utils/src/tplink-safeloader.c
+index 4607a1d..66658aa 100644
+--- a/tools/firmware-utils/src/tplink-safeloader.c
++++ b/tools/firmware-utils/src/tplink-safeloader.c
+@@ -103,7 +103,7 @@ static const uint8_t md5_salt[16] = {
+ 
+ 
+ /** Vendor information for CPE210/220/510/520 */
+-static const unsigned char cpe510_vendor[] = "\x00\x00\x00\x1f""CPE510(TP-LINK|UN|N300-5):1.0\r\n";
++static const char cpe510_vendor[] = "CPE510(TP-LINK|UN|N300-5):1.0\r\n";
+ 
+ 
+ /**
+@@ -133,14 +133,13 @@ static const struct flash_partition_entry cpe510_partitions[] = {
+    The stock images also contain strings for two more devices: BS510 and BS210.
+    At the moment, there exists no public information about these devices.
+ */
+-static const unsigned char cpe510_support_list[] =
+-	"\x00\x00\x00\xc8\x00\x00\x00\x00"
++static const char cpe510_support_list[] =
+ 	"SupportList:\r\n"
+ 	"CPE510(TP-LINK|UN|N300-5):1.0\r\n"
+ 	"CPE520(TP-LINK|UN|N300-5):1.0\r\n"
+ 	"CPE210(TP-LINK|UN|N300-2):1.0\r\n"
+ 	"CPE220(TP-LINK|UN|N300-2):1.0\r\n"
+-	"\r\n\xff";
++	"\r\n";
+ 
+ #define error(_ret, _errno, _str, ...)				\
+ 	do {							\
+@@ -151,6 +150,14 @@ static const unsigned char cpe510_support_list[] =
+ 	} while (0)
+ 
+ 
++/** Stores a uint32 as big endian */
++static inline void put32(uint8_t *buf, uint32_t val) {
++	buf[0] = val >> 24;
++	buf[1] = val >> 16;
++	buf[2] = val >> 8;
++	buf[3] = val;
++}
++
+ /** Allocates a new image partition */
+ static struct image_partition_entry alloc_image_partition(const char *name, size_t len) {
+ 	struct image_partition_entry entry = {name, len, malloc(len)};
+@@ -233,9 +240,15 @@ static struct image_partition_entry make_soft_version(uint32_t rev) {
+ }
+ 
+ /** Generates the support-list partition */
+-static struct image_partition_entry make_support_list(const unsigned char *support_list, size_t len) {
+-	struct image_partition_entry entry = alloc_image_partition("support-list", len);
+-	memcpy(entry.data, support_list, len);
++static struct image_partition_entry make_support_list(const char *support_list) {
++	size_t len = strlen(support_list);
++	struct image_partition_entry entry = alloc_image_partition("support-list", len + 9);
++
++	put32(entry.data, len);
++	memset(entry.data+4, 0, 4);
++	memcpy(entry.data+8, support_list, len);
++	entry.data[len+8] = '\xff';
++
+ 	return entry;
+ }
+ 
+@@ -344,12 +357,13 @@ static void put_md5(uint8_t *md5, uint8_t *buffer, unsigned int len) {
+      -----------  -----
+      0000-0003    Image size (4 bytes, big endian)
+      0004-0013    MD5 hash (hash of a 16 byte salt and the image data starting with byte 0x14)
+-     0014-1013    Vendor information (4096 bytes, padded with 0xff; there seem to be older
++     0014-0017    Vendor information length (without padding) (4 bytes, big endian)
++     0018-1013    Vendor information (4092 bytes, padded with 0xff; there seem to be older
+                   (VxWorks-based) TP-LINK devices which use a smaller vendor information block)
+      1014-1813    Image partition table (2048 bytes, padded with 0xff)
+      1814-xxxx    Firmware partitions
+ */
+-static void * generate_factory_image(const unsigned char *vendor, size_t vendor_len, const struct image_partition_entry *parts, size_t *len) {
++static void * generate_factory_image(const char *vendor, const struct image_partition_entry *parts, size_t *len) {
+ 	*len = 0x1814;
+ 
+ 	size_t i;
+@@ -360,13 +374,12 @@ static void * generate_factory_image(const unsigned char *vendor, size_t vendor_
+ 	if (!image)
+ 		error(1, errno, "malloc");
+ 
+-	image[0] = *len >> 24;
+-	image[1] = *len >> 16;
+-	image[2] = *len >> 8;
+-	image[3] = *len;
++	put32(image, *len);
+ 
+-	memcpy(image+0x14, vendor, vendor_len);
+-	memset(image+0x14+vendor_len, 0xff, 4096-vendor_len);
++	size_t vendor_len = strlen(vendor);
++	put32(image+0x14, vendor_len);
++	memcpy(image+0x18, vendor, vendor_len);
++	memset(image+0x18+vendor_len, 0xff, 4092-vendor_len);
+ 
+ 	put_partitions(image + 0x1014, parts);
+ 	put_md5(image+0x04, image+0x14, *len-0x14);
+@@ -430,7 +443,7 @@ static void do_cpe510(const char *output, const char *kernel_image, const char *
+ 
+ 	parts[0] = make_partition_table(cpe510_partitions);
+ 	parts[1] = make_soft_version(rev);
+-	parts[2] = make_support_list(cpe510_support_list, sizeof(cpe510_support_list)-1);
++	parts[2] = make_support_list(cpe510_support_list);
+ 	parts[3] = read_file("os-image", kernel_image, false);
+ 	parts[4] = read_file("file-system", rootfs_image, add_jffs2_eof);
+ 
+@@ -439,7 +452,7 @@ static void do_cpe510(const char *output, const char *kernel_image, const char *
+ 	if (sysupgrade)
+ 		image = generate_sysupgrade_image(cpe510_partitions, parts, &len);
+ 	else
+-		image = generate_factory_image(cpe510_vendor, sizeof(cpe510_vendor)-1, parts, &len);
++		image = generate_factory_image(cpe510_vendor, parts, &len);
+ 
+ 	FILE *file = fopen(output, "wb");
+ 	if (!file)

patches/openwrt/0047-tools-firmware-utils-tplink-safeloader-add-version-1.1-support-to-CPE210-220-510-520.patch

@@ -0,0 +1,38 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Thu, 15 Oct 2015 21:56:40 +0200
+Subject: tools/firmware-utils: tplink-safeloader: add version 1.1 support to CPE210/220/510/520
+
+The hardware is identical to version 1.0, add the new models to the support
+list.
+
+Also remove the empty line at the end of the support list, the current
+stock images don't have it either.
+
+Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
+
+diff --git a/tools/firmware-utils/src/tplink-safeloader.c b/tools/firmware-utils/src/tplink-safeloader.c
+index 66658aa..77a894b 100644
+--- a/tools/firmware-utils/src/tplink-safeloader.c
++++ b/tools/firmware-utils/src/tplink-safeloader.c
+@@ -129,17 +129,17 @@ static const struct flash_partition_entry cpe510_partitions[] = {
+ 
+ /**
+    The support list for CPE210/220/510/520
+-
+-   The stock images also contain strings for two more devices: BS510 and BS210.
+-   At the moment, there exists no public information about these devices.
+ */
+ static const char cpe510_support_list[] =
+ 	"SupportList:\r\n"
+ 	"CPE510(TP-LINK|UN|N300-5):1.0\r\n"
++	"CPE510(TP-LINK|UN|N300-5):1.1\r\n"
+ 	"CPE520(TP-LINK|UN|N300-5):1.0\r\n"
++	"CPE520(TP-LINK|UN|N300-5):1.1\r\n"
+ 	"CPE210(TP-LINK|UN|N300-2):1.0\r\n"
++	"CPE210(TP-LINK|UN|N300-2):1.1\r\n"
+ 	"CPE220(TP-LINK|UN|N300-2):1.0\r\n"
+-	"\r\n";
++	"CPE220(TP-LINK|UN|N300-2):1.1\r\n";
+ 
+ #define error(_ret, _errno, _str, ...)				\
+ 	do {							\

patches/openwrt/0048-ar71xx-fix-AR71XX_MODEL-on-TP-Link-TL-WR703N.patch

@@ -0,0 +1,22 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Thu, 19 Nov 2015 23:29:17 +0100
+Subject: ar71xx: fix AR71XX_MODEL on TP-Link TL-WR703N
+
+The hwid check was wrong, causing the AR71XX_MODEL value to end with a
+space (as $hwver was unset).
+
+Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
+
+diff --git a/target/linux/ar71xx/base-files/lib/ar71xx.sh b/target/linux/ar71xx/base-files/lib/ar71xx.sh
+index 6ba40aa..329f558 100755
+--- a/target/linux/ar71xx/base-files/lib/ar71xx.sh
++++ b/target/linux/ar71xx/base-files/lib/ar71xx.sh
+@@ -110,7 +110,7 @@ tplink_board_detect() {
+ 	"3C0001"*)
+ 		model="OOLITE"
+ 		;;
+-	"070300"*)
++	"070301"*)
+ 		model="TP-Link TL-WR703N"
+ 		;;
+ 	"071000"*)

patches/openwrt/0049-ar71xx-fix-wndr3700_board_detect-for-some-NETGEAR-WNDR3700v2-again.patch

@@ -0,0 +1,46 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Fri, 20 Nov 2015 15:09:03 +0100
+Subject: ar71xx: fix wndr3700_board_detect for some NETGEAR WNDR3700v2 (again)
+
+When fixing the model string for WNDR3700v2 which contain a model string
+followed by 0xff in r46455, the match for other versions of the WNDR3700v2
+which just contain lots of 0xff broke (as the 0xff $model is checked for
+is stripped off).
+
+Fix by stripping off non-printable characters only for the actual output
+string, but not for the internal matching.
+
+diff --git a/target/linux/ar71xx/base-files/lib/ar71xx.sh b/target/linux/ar71xx/base-files/lib/ar71xx.sh
+index 329f558..1f341e3 100755
+--- a/target/linux/ar71xx/base-files/lib/ar71xx.sh
++++ b/target/linux/ar71xx/base-files/lib/ar71xx.sh
+@@ -37,8 +37,9 @@ wndr3700_board_detect() {
+ 		machine="NETGEAR WNDR3700"
+ 		;;
+ 	"33373031")
+-		# Use awk to remove everything after the first zero byte
+-		model="$(ar71xx_get_mtd_offset_size_format art 41 32 %c | LC_CTYPE=C awk -v 'FS=[^[:print:]]' '{print $1; exit}')"
++		model="$(ar71xx_get_mtd_offset_size_format art 41 32 %c)"
++		# Use awk to remove everything unprintable
++		model_stripped="$(echo -n "$model" | LC_CTYPE=C awk -v 'FS=[^[:print:]]' '{print $1; exit}')"
+ 		case $model in
+ 		$'\xff'*)
+ 			if [ "${model:24:1}" = 'N' ]; then
+@@ -48,14 +49,14 @@ wndr3700_board_detect() {
+ 			fi
+ 			;;
+ 		'29763654+16+64'*)
+-			machine="NETGEAR ${model:14}"
++			machine="NETGEAR ${model_stripped:14}"
+ 			;;
+ 		'29763654+16+128'*)
+-			machine="NETGEAR ${model:15}"
++			machine="NETGEAR ${model_stripped:15}"
+ 			;;
+ 		*)
+ 			# Unknown ID
+-			machine="NETGEAR $model"
++			machine="NETGEAR ${model_stripped}"
+ 		esac
+ 	esac
+ 

patches/openwrt/0050-ar71xx-another-fix-to-wndr3700_board_detect.patch

@@ -0,0 +1,29 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Sat, 2 Jan 2016 23:36:25 +0100
+Subject: ar71xx: another fix to wndr3700_board_detect
+
+My last bugfix (r47538) introduced a new bug in wndr3700_board_detect
+(again...).
+
+Assigning the result of ar71xx_get_mtd_offset_size_format to the model
+variable before stripping of garbage using awk will cause all NUL bytes to
+be removed before awk is applied, leading to model strings like
+"NETGEAR WNDRMACv2NETGEAR", where a NUL byte after the v2 is supposed to
+terminate the string.
+
+Fix by calling ar71xx_get_mtd_offset_size_format twice, once piping to awk
+directly.
+
+diff --git a/target/linux/ar71xx/base-files/lib/ar71xx.sh b/target/linux/ar71xx/base-files/lib/ar71xx.sh
+index 1f341e3..b411e80 100755
+--- a/target/linux/ar71xx/base-files/lib/ar71xx.sh
++++ b/target/linux/ar71xx/base-files/lib/ar71xx.sh
+@@ -39,7 +39,7 @@ wndr3700_board_detect() {
+ 	"33373031")
+ 		model="$(ar71xx_get_mtd_offset_size_format art 41 32 %c)"
+ 		# Use awk to remove everything unprintable
+-		model_stripped="$(echo -n "$model" | LC_CTYPE=C awk -v 'FS=[^[:print:]]' '{print $1; exit}')"
++		model_stripped="$(ar71xx_get_mtd_offset_size_format art 41 32 %c | LC_CTYPE=C awk -v 'FS=[^[:print:]]' '{print $1; exit}')"
+ 		case $model in
+ 		$'\xff'*)
+ 			if [ "${model:24:1}" = 'N' ]; then

patches/openwrt/0051-ar71xx-add-support-for-TP-Link-TL-WR1043ND-v3.patch

@@ -0,0 +1,25 @@
+From: Andreas Ziegler <github@andreas-ziegler.de>
+Date: Thu, 5 Nov 2015 15:48:09 +0100
+Subject: ar71xx: add support for TP-Link TL-WR1043ND v3
+
+diff --git a/target/linux/ar71xx/image/Makefile b/target/linux/ar71xx/image/Makefile
+index 53ae3f6..68c8c47 100644
+--- a/target/linux/ar71xx/image/Makefile
++++ b/target/linux/ar71xx/image/Makefile
+@@ -1249,6 +1249,7 @@ $(eval $(call SingleProfile,TPLINK-LZMA,64kraw,TLWR941NV5,tl-wr941nd-v5,TL-WR941
+ $(eval $(call SingleProfile,TPLINK-LZMA,64kraw,TLWR941NV6,tl-wr941nd-v6,TL-WDR3500,ttyS0,115200,0x09410006,1,4Mlzma))
+ $(eval $(call SingleProfile,TPLINK-LZMA,64kraw,TLWR1041,tl-wr1041n-v2,TL-WR1041N-v2,ttyS0,115200,0x10410002,1,4Mlzma))
+ $(eval $(call SingleProfile,TPLINK-LZMA,64kraw,TLWR1043V2,tl-wr1043nd-v2,TL-WR1043ND-v2,ttyS0,115200,0x10430002,1,8M))
++$(eval $(call SingleProfile,TPLINK-LZMA,64kraw,TLWR1043V3,tl-wr1043nd-v3,TL-WR1043ND-v2,ttyS0,115200,0x10430003,1,8M))
+ $(eval $(call SingleProfile,TPLINK-LZMA,64kraw,TLWR2543,tl-wr2543-v1,TL-WR2543N,ttyS0,115200,0x25430001,1,8Mlzma,-v 3.13.99))
+ $(eval $(call SingleProfile,TPLINK-LZMA,64kraw,TLWDR3500V1,tl-wdr3500-v1,TL-WDR3500,ttyS0,115200,0x35000001,1,8Mlzma))
+ $(eval $(call SingleProfile,TPLINK-LZMA,64kraw,TLWDR3600V1,tl-wdr3600-v1,TL-WDR4300,ttyS0,115200,0x36000001,1,8Mlzma))
+@@ -1326,7 +1327,7 @@ $(eval $(call MultiProfile,TLWR743,TLWR743NV1 TLWR743NV2))
+ $(eval $(call MultiProfile,TLWR841,TLWR841NV15 TLWR841NV3 TLWR841NV5 TLWR841NV7 TLWR841NV8 TLWR841NV9))
+ $(eval $(call MultiProfile,TLWR842,TLWR842V1 TLWR842V2))
+ $(eval $(call MultiProfile,TLWR941,TLWR941NV2 TLWR941NV3 TLWR941NV4 TLWR941NV5 TLWR941NV6))
+-$(eval $(call MultiProfile,TLWR1043,TLWR1043V1 TLWR1043V2))
++$(eval $(call MultiProfile,TLWR1043,TLWR1043V1 TLWR1043V2 TLWR1043V3))
+ $(eval $(call MultiProfile,TLWDR4300,TLWDR3500V1 TLWDR3600V1 TLWDR4300V1 TLWDR4300V1IL TLWDR4310V1 MW4530RV1))
+ $(eval $(call MultiProfile,TUBE2H,TUBE2H8M TUBE2H16M))
+ $(eval $(call MultiProfile,UBNT,UBNTAIRROUTER UBNTRS UBNTRSPRO UBNTLSSR71 UBNTBULLETM UBNTROCKETM UBNTNANOM UBNTNANOMXW UBNTLOCOXW UBNTUNIFI UBNTUNIFIOUTDOOR UBNTUNIFIOUTDOORPLUS UAPPRO UBNTAIRGW))

patches/packages/luci/0003-luci-lib-json-ignore-null-keys-to-allow-encoding-empty-objects.patch

@@ -0,0 +1,36 @@
+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Thu, 4 Jun 2015 21:03:24 +0200
+Subject: luci-lib-json: ignore null keys to allow encoding empty objects
+
+There is currently no way to encode an empty object {}, as empty tables are
+encoded as empty lists [].
+
+With this patch, encode() will ignore table fields with the key json.null (which
+doesn't make sense anyways). This allows adding a field with key json.null to
+force encoding it as an object.
+
+Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
+
+diff --git a/libs/json/luasrc/json.lua b/libs/json/luasrc/json.lua
+index 8dbaf91..11a5608 100644
+--- a/libs/json/luasrc/json.lua
++++ b/libs/json/luasrc/json.lua
+@@ -205,11 +205,13 @@ function Encoder.parse_iter(self, obj)
+ 		local first = true
+ 
+ 		for key, entry in pairs(obj) do
+-			first = first or self:put(",")
+-			first = first and false
+-			self:parse_string(tostring(key))
+-			self:put(":")
+-			self:dispatch(entry)
++			if key ~= null then
++				first = first or self:put(",")
++				first = first and false
++				self:parse_string(tostring(key))
++				self:put(":")
++				self:dispatch(entry)
++			end
+ 		end
+ 
+ 		self:put("}")

patches/packages/routing/0001-Update-batman-adv-and-alfred-to-v2014.4.patch

@@ -1,52 +0,0 @@
-From: Matthias Schiffer <mschiffer@universe-factory.net>
-Date: Wed, 7 Jan 2015 16:40:43 +0100
-Subject: Update batman-adv and alfred to v2014.4
-
-diff --git a/alfred/Makefile b/alfred/Makefile
-index 648a5ef..0a5fcac 100644
---- a/alfred/Makefile
-+++ b/alfred/Makefile
-@@ -11,9 +11,9 @@ include $(TOPDIR)/rules.mk
- # The latest alfred git hash in PKG_REV can be obtained from http://git.open-mesh.org/alfred.git
- #
- PKG_NAME:=alfred
--PKG_VERSION:=2014.3.0
-+PKG_VERSION:=2014.4.0
- PKG_RELEASE:=0
--PKG_MD5SUM:=b8ab5677ed73d817b02b0e4fae10357a
-+PKG_MD5SUM:=053cb5d9e7ca9384598e82944343dea2
- 
- PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
- PKG_SOURCE_URL:=http://downloads.open-mesh.org/batman/releases/batman-adv-$(PKG_VERSION)
-diff --git a/batctl/Makefile b/batctl/Makefile
-index ae22286..1009b03 100644
---- a/batctl/Makefile
-+++ b/batctl/Makefile
-@@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk
- 
- PKG_NAME:=batctl
- 
--PKG_VERSION:=2014.2.0
-+PKG_VERSION:=2014.4.0
- PKG_RELEASE:=1
--PKG_MD5SUM:=c196cf95b7324d9123b701a56b06b31d
-+PKG_MD5SUM:=f3a14565699313258ee6ba3de783eb0a
- 
- PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
- PKG_SOURCE_URL:=http://downloads.open-mesh.org/batman/releases/batman-adv-$(PKG_VERSION)
-diff --git a/batman-adv/Makefile b/batman-adv/Makefile
-index 889dea7..0d5ed33 100644
---- a/batman-adv/Makefile
-+++ b/batman-adv/Makefile
-@@ -10,9 +10,9 @@ include $(TOPDIR)/rules.mk
- 
- PKG_NAME:=batman-adv
- 
--PKG_VERSION:=2014.2.0
-+PKG_VERSION:=2014.4.0
- PKG_RELEASE:=1
--PKG_MD5SUM:=1243029b3a3e2f4fa721d1a59c2faaf5
-+PKG_MD5SUM:=b1518e84ce530883d224c6ca4c673ce8
- 
- PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
- PKG_SOURCE_URL:=http://downloads.open-mesh.org/batman/releases/batman-adv-$(PKG_VERSION)

patches/packages/routing/0002-alfred-adjust-intervals.patch

@@ -1,25 +0,0 @@
-From: Matthias Schiffer <mschiffer@universe-factory.net>
-Date: Wed, 7 Jan 2015 16:45:09 +0100
-Subject: alfred: adjust intervals
-
-diff --git a/alfred/patches/0001-alfred-adjust-intervals.patch b/alfred/patches/0001-alfred-adjust-intervals.patch
-new file mode 100644
-index 0000000..a8e0b4d
---- /dev/null
-+++ b/alfred/patches/0001-alfred-adjust-intervals.patch
-@@ -0,0 +1,15 @@
-+--- a/alfred.h
-++++ b/alfred.h
-+@@ -32,10 +32,10 @@
-+ #include "list.h"
-+ #include "packet.h"
-+ 
-+-#define ALFRED_INTERVAL			10
-++#define ALFRED_INTERVAL			60
-+ #define ALFRED_IF_CHECK_INTERVAL	60
-+ #define ALFRED_REQUEST_TIMEOUT		10
-+-#define ALFRED_SERVER_TIMEOUT		60
-++#define ALFRED_SERVER_TIMEOUT		180
-+ #define ALFRED_DATA_TIMEOUT		600
-+ #define ALFRED_SOCK_PATH_DEFAULT	"/var/run/alfred.sock"
-+ #define NO_FILTER			-1

patches/packages/routing/0003-batman-adv-introduce-no_rebroadcast-option.patch

@@ -1,221 +0,0 @@
-From: Matthias Schiffer <mschiffer@universe-factory.net>
-Date: Thu, 2 Apr 2015 20:24:14 +0200
-Subject: batman-adv: introduce 'no_rebroadcast' option
-
-diff --git a/batman-adv/files/lib/netifd/proto/batadv.sh b/batman-adv/files/lib/netifd/proto/batadv.sh
-index 632a209..01f567f 100644
---- a/batman-adv/files/lib/netifd/proto/batadv.sh
-+++ b/batman-adv/files/lib/netifd/proto/batadv.sh
-@@ -6,16 +6,19 @@ init_proto "$@"
- 
- proto_batadv_init_config() {
- 	proto_config_add_string "mesh"
-+	proto_config_add_string "mesh_no_rebroadcast"
- }
- 
- proto_batadv_setup() {
- 	local config="$1"
- 	local iface="$2"
- 
--	local mesh
--	json_get_vars mesh
-+	local mesh mesh_no_rebroadcast
-+	json_get_vars mesh mesh_no_rebroadcast
- 
- 	echo "$mesh" > "/sys/class/net/$iface/batman_adv/mesh_iface"
-+	[ -n "$mesh_no_rebroadcast" ] && echo "$mesh_no_rebroadcast" > "/sys/class/net/$iface/batman_adv/no_rebroadcast"
-+
- 	proto_init_update "$iface" 1
- 	proto_send_update "$config"
- }
-diff --git a/batman-adv/patches/0001-batman-adv-introduce-no_rebroadcast-option.patch b/batman-adv/patches/0001-batman-adv-introduce-no_rebroadcast-option.patch
-new file mode 100644
-index 0000000..cd79917
---- /dev/null
-+++ b/batman-adv/patches/0001-batman-adv-introduce-no_rebroadcast-option.patch
-@@ -0,0 +1,185 @@
-+From 5ba3f1eac041857deabe39432fdfe1a584bbdd81 Mon Sep 17 00:00:00 2001
-+Message-Id: <5ba3f1eac041857deabe39432fdfe1a584bbdd81.1420645650.git.mschiffer@universe-factory.net>
-+From: =?UTF-8?q?Linus=20L=C3=BCssing?= <linus.luessing@web.de>
-+Date: Tue, 24 Sep 2013 04:36:27 +0200
-+Subject: [PATCH] batman-adv: introduce 'no_rebroadcast' option
-+MIME-Version: 1.0
-+Content-Type: text/plain; charset=UTF-8
-+Content-Transfer-Encoding: 8bit
-+
-+This patch introduces a new sysfs option named "no_rebroadcast" on
-+a per hard interface basis. It allows manually enabling a split-horizon
-+like behaviour for the layer 2 multicast payload frames, in that
-+incoming multicast payload frames on such a hard interface are only
-+being rebroadcasted on all interfaces except the incoming one instead
-+of being rebroadcasted on all interfaces.
-+
-+Such an option should only be enabled if you are certain that these
-+rebroadcasts are unnecessary. This is usually the case for instance
-+for point-to-point wifi longshots or wired links.
-+
-+This option can especially safe a significant amount of upload overhead
-+if the neighbourhood on a link is rather large, for instance in some
-+transitive, symmetric VPN configurations.
-+
-+Using this option wrongly will break your mesh network, use this option
-+wisely and at your own risk!
-+
-+Signed-off-by: Linus Lüssing <linus.luessing@web.de>
-+---
-+ hard-interface.c           |  2 ++
-+ send.c                     |  4 ++++
-+ sysfs-class-net-batman-adv | 10 ++++++++
-+ sysfs.c                    | 59 ++++++++++++++++++++++++++++++++++++++++++++++
-+ types.h                    |  1 +
-+ 5 files changed, 76 insertions(+)
-+
-+diff --git a/hard-interface.c b/hard-interface.c
-+index fbda6b5..3997f9c 100644
-+--- a/hard-interface.c
-++++ b/hard-interface.c
-+@@ -591,6 +591,8 @@ batadv_hardif_add_interface(struct net_device *net_dev)
-+ 	/* extra reference for return */
-+ 	atomic_set(&hard_iface->refcount, 2);
-+ 
-++	atomic_set(&hard_iface->no_rebroadcast, 0);
-++
-+ 	batadv_check_known_mac_addr(hard_iface->net_dev);
-+ 	list_add_tail_rcu(&hard_iface->list, &batadv_hardif_list);
-+ 
-+diff --git a/send.c b/send.c
-+index d27161e..4383a66 100644
-+--- a/send.c
-++++ b/send.c
-+@@ -513,6 +513,10 @@ static void batadv_send_outstanding_bcast_packet(struct work_struct *work)
-+ 		if (forw_packet->num_packets >= hard_iface->num_bcasts)
-+ 			continue;
-+ 
-++		if (atomic_read(&hard_iface->no_rebroadcast) &&
-++		    forw_packet->skb->dev == hard_iface->net_dev)
-++			continue;
-++
-+ 		/* send a copy of the saved skb */
-+ 		skb1 = skb_clone(forw_packet->skb, GFP_ATOMIC);
-+ 		if (skb1)
-+diff --git a/sysfs-class-net-batman-adv b/sysfs-class-net-batman-adv
-+index 7f34a95..cf7fe00 100644
-+--- a/sysfs-class-net-batman-adv
-++++ b/sysfs-class-net-batman-adv
-+@@ -13,3 +13,13 @@ Description:
-+                 displays the batman mesh interface this <iface>
-+                 currently is associated with.
-+ 
-++What:           /sys/class/net/<iface>/batman-adv/no_rebroadcast
-++Date:           Sep 2013
-++Contact:        Linus Lüssing <linus.luessing@web.de>
-++Description:
-++                With this option set incoming multicast payload frames on
-++                <iface> are not being rebroadcasted on <iface> again. This
-++                option should be set on links which are known to be transitive
-++                and symmetric only, for instance point-to-point wifi longshots
-++                or wired links. Using this option wrongly is going to
-++                break your mesh network, use at your own risk!
-+diff --git a/sysfs.c b/sysfs.c
-+index fc47baa..adaeca4 100644
-+--- a/sysfs.c
-++++ b/sysfs.c
-+@@ -110,6 +110,17 @@ struct batadv_attribute batadv_attr_vlan_##_name = {	\
-+ 	.store  = _store,				\
-+ }
-+ 
-++/* Use this, if you have customized show and store functions
-++ * for hard interface attrs
-++ */
-++#define BATADV_ATTR_HIF(_name, _mode, _show, _store)	\
-++struct batadv_attribute batadv_attr_hif_##_name = {	\
-++	.attr = {.name = __stringify(_name),		\
-++		 .mode = _mode },			\
-++	.show   = _show,				\
-++	.store  = _store,				\
-++};
-++
-+ /* Use this, if you have customized show and store functions */
-+ #define BATADV_ATTR(_name, _mode, _show, _store)	\
-+ struct batadv_attribute batadv_attr_##_name = {		\
-+@@ -221,6 +232,52 @@ ssize_t batadv_show_vlan_##_name(struct kobject *kobj,			\
-+ 	static BATADV_ATTR_VLAN(_name, _mode, batadv_show_vlan_##_name,	\
-+ 				batadv_store_vlan_##_name)
-+ 
-++#define BATADV_ATTR_HIF_STORE_BOOL(_name, _post_func)			\
-++ssize_t batadv_store_hif_##_name(struct kobject *kobj,			\
-++				 struct attribute *attr, char *buff,	\
-++				 size_t count)				\
-++{									\
-++	struct net_device *net_dev = batadv_kobj_to_netdev(kobj);	\
-++	struct batadv_hard_iface *hard_iface;				\
-++	size_t res;							\
-++									\
-++	hard_iface = batadv_hardif_get_by_netdev(net_dev);		\
-++	if (!hard_iface)						\
-++		return 0;						\
-++									\
-++	res = __batadv_store_bool_attr(buff, count, _post_func,		\
-++					      attr, &hard_iface->_name,	\
-++					      hard_iface->soft_iface);	\
-++	batadv_hardif_free_ref(hard_iface);				\
-++	return res;							\
-++}
-++
-++#define BATADV_ATTR_HIF_SHOW_BOOL(_name)				\
-++ssize_t batadv_show_hif_##_name(struct kobject *kobj,			\
-++				struct attribute *attr, char *buff)	\
-++{									\
-++	struct net_device *net_dev = batadv_kobj_to_netdev(kobj);	\
-++	struct batadv_hard_iface *hard_iface;				\
-++	size_t res;							\
-++									\
-++	hard_iface = batadv_hardif_get_by_netdev(net_dev);		\
-++	if (!hard_iface)						\
-++		return 0;						\
-++									\
-++	res = sprintf(buff, "%s\n",					\
-++		      atomic_read(&hard_iface->_name) == 0 ?		\
-++				"disabled" : "enabled");		\
-++	batadv_hardif_free_ref(hard_iface);				\
-++	return res;							\
-++}
-++
-++/* Use this, if you are going to turn a [name] in the vlan struct on or off */
-++#define BATADV_ATTR_HIF_BOOL(_name, _mode, _post_func)			\
-++	static BATADV_ATTR_HIF_STORE_BOOL(_name, _post_func)		\
-++	static BATADV_ATTR_HIF_SHOW_BOOL(_name)				\
-++	static BATADV_ATTR_HIF(_name, _mode, batadv_show_hif_##_name,	\
-++			       batadv_store_hif_##_name)
-++
-+ static int batadv_store_bool_attr(char *buff, size_t count,
-+ 				  struct net_device *net_dev,
-+ 				  const char *attr_name, atomic_t *attr)
-+@@ -844,10 +901,12 @@ static ssize_t batadv_show_iface_status(struct kobject *kobj,
-+ static BATADV_ATTR(mesh_iface, S_IRUGO | S_IWUSR, batadv_show_mesh_iface,
-+ 		   batadv_store_mesh_iface);
-+ static BATADV_ATTR(iface_status, S_IRUGO, batadv_show_iface_status, NULL);
-++BATADV_ATTR_HIF_BOOL(no_rebroadcast, S_IRUGO | S_IWUSR, NULL);
-+ 
-+ static struct batadv_attribute *batadv_batman_attrs[] = {
-+ 	&batadv_attr_mesh_iface,
-+ 	&batadv_attr_iface_status,
-++	&batadv_attr_hif_no_rebroadcast,
-+ 	NULL,
-+ };
-+ 
-+diff --git a/types.h b/types.h
-+index 8854c05..39619fb 100644
-+--- a/types.h
-++++ b/types.h
-+@@ -101,6 +101,7 @@ struct batadv_hard_iface {
-+ 	struct batadv_hard_iface_bat_iv bat_iv;
-+ 	struct work_struct cleanup_work;
-+ 	struct dentry *debug_dir;
-++	atomic_t no_rebroadcast;
-+ };
-+ 
-+ /**
-+-- 
-+2.2.1
-+

targets/ar71xx-generic/profiles.mk

@@ -8,13 +8,15 @@ $(eval $(call GluonModel,CPE510,cpe210-220-510-520,tp-link-cpe210-v1.0))
 $(eval $(call GluonModel,CPE510,cpe210-220-510-520,tp-link-cpe220-v1.0))
 $(eval $(call GluonModel,CPE510,cpe210-220-510-520,tp-link-cpe510-v1.0))
 $(eval $(call GluonModel,CPE510,cpe210-220-510-520,tp-link-cpe520-v1.0))
+$(eval $(call GluonModel,CPE510,cpe210-220-510-520,tp-link-cpe210-v1.1))
+$(eval $(call GluonModel,CPE510,cpe210-220-510-520,tp-link-cpe220-v1.1))
+$(eval $(call GluonModel,CPE510,cpe210-220-510-520,tp-link-cpe510-v1.1))
+$(eval $(call GluonModel,CPE510,cpe210-220-510-520,tp-link-cpe520-v1.1))
 
 # TL-WA701N/ND v1, v2
 $(eval $(call GluonProfile,TLWA701))
 $(eval $(call GluonModel,TLWA701,tl-wa701n-v1,tp-link-tl-wa701n-nd-v1))
-ifeq ($(BROKEN),1)
-$(eval $(call GluonModel,TLWA701,tl-wa701nd-v2,tp-link-tl-wa701n-nd-v2)) # BROKEN: untested
-endif
+$(eval $(call GluonModel,TLWA701,tl-wa701nd-v2,tp-link-tl-wa701n-nd-v2))
 
 # TL-WR703N v1
 $(eval $(call GluonProfile,TLWR703))
@@ -24,25 +26,28 @@ $(eval $(call GluonModel,TLWR703,tl-wr703n-v1,tp-link-tl-wr703n-v1))
 $(eval $(call GluonProfile,TLWR710))
 $(eval $(call GluonModel,TLWR710,tl-wr710n-v1,tp-link-tl-wr710n-v1))
 
-# TL-WR740N v1, v3, v4
+# TL-WR740N v1, v3, v4, v5
 $(eval $(call GluonProfile,TLWR740))
 $(eval $(call GluonModel,TLWR740,tl-wr740n-v1,tp-link-tl-wr740n-nd-v1))
 $(eval $(call GluonModel,TLWR740,tl-wr740n-v3,tp-link-tl-wr740n-nd-v3))
 $(eval $(call GluonModel,TLWR740,tl-wr740n-v4,tp-link-tl-wr740n-nd-v4))
+$(eval $(call GluonModel,TLWR740,tl-wr740n-v5,tp-link-tl-wr740n-nd-v5))
 
-# TL-WR741N/ND v1, v2, v4
+# TL-WR741N/ND v1, v2, v4, v5
 $(eval $(call GluonProfile,TLWR741))
 $(eval $(call GluonModel,TLWR741,tl-wr741nd-v1,tp-link-tl-wr741n-nd-v1))
 $(eval $(call GluonModel,TLWR741,tl-wr741nd-v2,tp-link-tl-wr741n-nd-v2))
 $(eval $(call GluonModel,TLWR741,tl-wr741nd-v4,tp-link-tl-wr741n-nd-v4))
+$(eval $(call GluonModel,TLWR741,tl-wr741nd-v5,tp-link-tl-wr741n-nd-v5))
 
 # TL-WR743N/ND v1, v1.1, v2
 $(eval $(call GluonProfile,TLWR743))
 $(eval $(call GluonModel,TLWR743,tl-wr743nd-v1,tp-link-tl-wr743n-nd-v1))
 $(eval $(call GluonModel,TLWR743,tl-wr743nd-v2,tp-link-tl-wr743n-nd-v2))
 
-# TL-WR801N/ND v2
+# TL-WR801N/ND v1, v2
 $(eval $(call GluonProfile,TLWA801))
+$(eval $(call GluonModel,TLWA801,tl-wa801nd-v1,tp-link-tl-wa801n-nd-v1))
 $(eval $(call GluonModel,TLWA801,tl-wa801nd-v2,tp-link-tl-wa801n-nd-v2))
 
 # TL-WR841N/ND v3, v5, v7, v8, v9
@@ -64,14 +69,12 @@ $(eval $(call GluonModel,TLWR941,tl-wr941nd-v2,tp-link-tl-wr941n-nd-v2))
 $(eval $(call GluonModel,TLWR941,tl-wr941nd-v3,tp-link-tl-wr941n-nd-v3))
 $(eval $(call GluonModel,TLWR941,tl-wr941nd-v4,tp-link-tl-wr941n-nd-v4))
 $(eval $(call GluonModel,TLWR941,tl-wr941nd-v5,tp-link-tl-wr941n-nd-v5))
-ifeq ($(BROKEN),1)
-$(eval $(call GluonModel,TLWR941,tl-wr941nd-v6,tp-link-tl-wr941n-nd-v6)) # BROKEN: untested
-endif
 
-# TL-WR1043N/ND v1, v2
+# TL-WR1043N/ND v1, v2, v3
 $(eval $(call GluonProfile,TLWR1043))
 $(eval $(call GluonModel,TLWR1043,tl-wr1043nd-v1,tp-link-tl-wr1043n-nd-v1))
 $(eval $(call GluonModel,TLWR1043,tl-wr1043nd-v2,tp-link-tl-wr1043n-nd-v2))
+$(eval $(call GluonModel,TLWR1043,tl-wr1043nd-v3,tp-link-tl-wr1043n-nd-v3))
 
 # TL-WDR3500/3600/4300 v1
 $(eval $(call GluonProfile,TLWDR4300))
@@ -83,11 +86,10 @@ $(eval $(call GluonModel,TLWDR4300,tl-wdr4300-v1,tp-link-tl-wdr4300-v1))
 $(eval $(call GluonProfile,TLWA750))
 $(eval $(call GluonModel,TLWA750,tl-wa750re-v1,tp-link-tl-wa750re-v1))
 
-ifeq ($(BROKEN),1)
-# TL-WA830RE v2
+# TL-WA830RE v1, v2
 $(eval $(call GluonProfile,TLWA830))
+$(eval $(call GluonModel,TLWA830,tl-wa830re-v1,tp-link-tl-wa830re-v1))
 $(eval $(call GluonModel,TLWA830,tl-wa830re-v2,tp-link-tl-wa830re-v2))
-endif
 
 # TL-WA850RE v1
 $(eval $(call GluonProfile,TLWA850))
@@ -135,6 +137,10 @@ endif
 ## Ubiquiti (everything)
 $(eval $(call GluonProfile,UBNT))
 $(eval $(call GluonModel,UBNT,ubnt-bullet-m,ubiquiti-bullet-m))
+$(eval $(call GluonModel,UBNT,ubnt-bullet-m,ubiquiti-loco-m))
+$(eval $(call GluonModel,UBNT,ubnt-bullet-m,ubiquiti-picostation-m))
+$(eval $(call GluonModel,UBNT,ubnt-bullet-m,ubiquiti-rocket-m))
+
 $(eval $(call GluonModel,UBNT,ubnt-loco-m-xw,ubiquiti-loco-m-xw))
 $(eval $(call GluonModel,UBNT,ubnt-nano-m,ubiquiti-nanostation-m))
 $(eval $(call GluonModel,UBNT,ubnt-nano-m-xw,ubiquiti-nanostation-m-xw))

targets/x86-generic/profiles.mk

@@ -1,4 +1,4 @@
-X86_GENERIC_NETWORK_MODULES := kmod-3c59x kmod-e100 kmod-e1000 kmod-natsemi kmod-ne2k-pci kmod-pcnet32 kmod-8139too kmod-r8169 kmod-sis900 kmod-tg3 kmod-via-rhine kmod-via-velocity
+X86_GENERIC_NETWORK_MODULES := kmod-3c59x kmod-e100 kmod-e1000 kmod-e1000e kmod-natsemi kmod-ne2k-pci kmod-pcnet32 kmod-8139too kmod-r8169 kmod-sis900 kmod-tg3 kmod-via-rhine kmod-via-velocity
 
 
 $(eval $(call GluonProfile,GENERIC,$(X86_GENERIC_NETWORK_MODULES)))