Sven Eckelmann [Mon, 1 Oct 2018 09:48:04 +0000 (11:48 +0200)]
base-files: Reintroduce sysupgrade_pre_upgrade hook
The sysupgrade_pre_upgrade hook was removed with
6a27c2f4b1a4 ("base-files:
drop fwtool_pre_upgrade") while there were still scripts using it:
* target/linux/ar71xx/base-files/lib/upgrade/allnet.sh
* target/linux/ar71xx/base-files/lib/upgrade/openmesh.sh
* target/linux/ipq40xx/base-files/lib/upgrade/openmesh.sh
Not running the hooks can either prevent a successful upgrade or brick the
device because the fw_setenv program cannot be started correctly.
Fixes:
6a27c2f4b1a4 ("base-files: drop fwtool_pre_upgrade")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Hans Dedecker [Sun, 7 Oct 2018 13:33:29 +0000 (15:33 +0200)]
netifd: fix segfault (FS#1875)
d0fa124 iprule: fix segfault (FS#1875)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Amol Bhave [Tue, 2 Oct 2018 15:48:27 +0000 (08:48 -0700)]
build: use CMAKE_SOURCE_SUBDIR variable to cmake.mk
Sometimes, the CMakeLists.txt file is not in the root directory of a
repo. In those cases, the CMAKE_SOURCE_SUBDIR variable can be specified
to use CMakeLists.txt from a subdirectory instead.
Signed-off-by: Amol Bhave <ambhave@fb.com>
Koen Vandeputte [Thu, 4 Oct 2018 09:28:09 +0000 (11:28 +0200)]
kernel: bump 4.14 to 4.14.74
Refreshed all patches.
Fixes CVE:
- CVE-2018-7755
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Thu, 4 Oct 2018 09:27:39 +0000 (11:27 +0200)]
kernel: bump 4.9 to 4.9.131
Refreshed all patches.
Fixes CVE:
- CVE-2018-10880
- CVE-2018-7755
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
David Bauer [Tue, 11 Sep 2018 15:04:16 +0000 (17:04 +0200)]
ar71xx: flag FritzBox 4020 buttons as active low
Buttons of AVM FritzBox 4020 are incorrectly flagged as active high.
This was an oversight as RFKill button was working as expected even
with incorrectly flagged GPIO.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit
cd02d4faf981bd4de0427cd23812b41192635d82)
Kevin Darbyshire-Bryant [Tue, 2 Oct 2018 18:54:30 +0000 (19:54 +0100)]
kmod-sched-cake: bump to
20181002
Revert "Add workaround for wrong skb->mac_len values after splitting GSO"
Remove our local patch which did the same thing.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
885052fbfb0ea5ee49e6abc6878ae99ee011688b)
Kevin Darbyshire-Bryant [Fri, 28 Sep 2018 08:42:33 +0000 (09:42 +0100)]
kmod-sched-cake: don't gso fixup on fixed kernels
Kernels 4.14.73 & 4.9.140 include the gso fixup fix, so cake
doesn't need to do it. Let's not waste cpu cycles by doing it in
cake which could be really important on cpu constrained devices.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
b47614f9f18c7d1c24104ef1d53c8d1ac8920ba4)
Koen Vandeputte [Tue, 2 Oct 2018 09:14:20 +0000 (11:14 +0200)]
kerneL: bump 4.14 to 4.14.73
Refreshed all patches.
Removed upstreamed:
- 192-Revert-ubifs-xattr-Don-t-operate-on-deleted-inodes.patch
Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Tue, 2 Oct 2018 09:13:48 +0000 (11:13 +0200)]
kernel: bump 4.9 to 4.9.130
Refreshed all patches.
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Felix Fietkau [Mon, 1 Oct 2018 11:39:48 +0000 (13:39 +0200)]
mt76: update to the latest version, fixes mt76x2 beacon issue
53e1110 mt76: mt76x2: fix multi-interface beacon configuration
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 29 Sep 2018 14:09:17 +0000 (16:09 +0200)]
mac80211: fix management frame protection issue with mt76 (and possibly other drivers)
Software crypto wasn't working for management frames because the flag
indicating management frame crypto was missing
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 29 Sep 2018 11:32:13 +0000 (13:32 +0200)]
mt76: update to the latest version from the 18.06 branch
497c304 mt7603: fix wcid for frames sent via drv_tx
27af7a5 mt76: fix handling ps-poll frames
c3dba28 mt76: check aggregation sequence number for frames sent via drv_tx
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Martin Schiller [Mon, 24 Sep 2018 12:09:05 +0000 (14:09 +0200)]
uboot-lantiq: fix compatibility with gcc7
Backport u-boot commit
704f3acfcf55343043bbed01c5fb0a0094a68e8a to fix
compatibility with gcc7.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Steffen Förster [Mon, 24 Sep 2018 20:37:22 +0000 (22:37 +0200)]
ramips: fix Archer C20 sysupgrade
The sysupgrade image failed the check due to the wrong string in the
supported devices. This patch provides the correct name by dropping the
SUPPORTED_DEVICES to use the default generated name.
Signed-off-by: Steffen Förster <steffen@chemnitz.freifunk.net>
[drop the SUPPORTED_DEVICES, the old name was never used in a release]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Joseph C. Lehner [Fri, 7 Sep 2018 14:22:09 +0000 (16:22 +0200)]
ramips: ex2700: actually remove kmod-mt76*
When building using the multiple devices option with per-device root
filesystem, only the meta package mt76 is omitted but not the
dependencies selected by the package.
Explicitly exclude all 3 mt76 packages, plus the metapackage.
Otherwise, these modules will be included in the build, wasting
a few hundred kilobytes.
Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
[mention the root cause of the issue in the commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Koen Vandeputte [Wed, 26 Sep 2018 10:57:03 +0000 (12:57 +0200)]
kernel: bump 4.14 to 4.14.72
Refreshed all patches.
Removed upstreamed:
- 180-earlycon-initialize-port-uartclk-based-on-clock-frequency-property.patch
- 181-earlycon-remove-hardcoded-port-uartclk-initialization-in-of_setup_earlycon. patch
- 700-1-6-e1000e-Remove-Other-from-EIAC.patch
- 700-2-6-Partial-revert-e1000e-Avoid-receiver-overrun-interrupt-bursts.patch
- 700-3-6-e1000e-Fix-queue-interrupt-re-raising-in-Other-interrupt.patch
- 700-4-6-e1000e-Avoid-missed-interrupts-following-ICR-read.patch
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Wed, 26 Sep 2018 10:55:25 +0000 (12:55 +0200)]
kernel: bump 4.9 to 4.9.129
Refreshed all patches.
Removed upstreamed:
- 203-MIPS-ath79-fix-restart.patch
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Rafał Miłecki [Mon, 24 Sep 2018 11:46:08 +0000 (13:46 +0200)]
kernel: pick earlycon regression fixes from the stable-queue.git
This fixes regression introduced in kernel 4.14 and makes bcm53xx revert
obsolete.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
43d36606d668edf155da9d879110de2894df825a)
Felix Fietkau [Mon, 24 Sep 2018 09:02:30 +0000 (11:02 +0200)]
build: drop buildbot toolchain rebuild check when not using git
The check cleans and rebuilds the toolchain if it changed on update.
When building from a source tarball, it is reasonable to expect that
there will be no updates, so no rebuild check is necessary
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 22 Sep 2018 13:18:46 +0000 (15:18 +0200)]
mac80211: fix tx queue allocation for active monitor interfaces
Fixes a crash with drivers like ath9k
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Felix Fietkau [Sat, 22 Sep 2018 10:56:10 +0000 (12:56 +0200)]
mt76: fix tx power issue for mt76x2
6e1898d mt76x2: fix tx power configuration for VHT mcs 9
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Koen Vandeputte [Fri, 21 Sep 2018 11:48:53 +0000 (13:48 +0200)]
mac80211: backport upstream fixes
Backport most significant upstream fixes (excl. hwsim fixes)
Refreshed all patches.
Contains important fixes for CSA (Channel Switch Announcement)
and A-MSDU frames.
[slightly altered to apply cleanly]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Thu, 20 Sep 2018 12:35:52 +0000 (14:35 +0200)]
kernel: bump 4.14 to 4.14.71
Refreshed all patches.
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Thu, 20 Sep 2018 12:35:27 +0000 (14:35 +0200)]
kernel: bump 4.9 to 4.9.128
Refreshed all patches.
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Felix Fietkau [Thu, 20 Sep 2018 08:06:49 +0000 (10:06 +0200)]
ath9k: fix unloading the module
Registering a GPIO chip with the ath9k device as parent prevents unload,
because the gpiochip core increases the module use count.
Unfortunately, the only way to avoid this at the moment seems to be to
register the GPIO chip without a parent device
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Daniel Golle [Sat, 15 Sep 2018 17:16:52 +0000 (19:16 +0200)]
uqmi: pass-through ipXtable to child interfaces
Allow setting specific routing tables via the ip4table and ip6table
options also when ${ifname}_4 and ${ifname}_6 child interfaces are
being created.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
e51aa699f7ca3ce83a0add622c0fd17d0caafc46)
Stijn Segers [Sun, 16 Sep 2018 15:28:54 +0000 (17:28 +0200)]
kernel: bump 4.14 to 4.14.70 for 18.06
Refreshes patches and bumps 4.14 kernel to 4.14.70 for OpenWrt 18.06.
Compile-tested on ramips/mt7621, x86/64, imx6.
Run-tested on ramips/mt7621, x86/64, imx6.
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
[added ubifs fix + tested on imx6]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Stijn Segers [Sun, 16 Sep 2018 15:28:53 +0000 (17:28 +0200)]
kernel: bump 4.9 to 4.9.127 for 18.06
Refreshes patches and bumps 4.9 kernel to 4.9.127 for OpenWrt 18.06.
Compile-tested on ar71xx.
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Kevin Darbyshire-Bryant [Fri, 14 Sep 2018 20:52:39 +0000 (21:52 +0100)]
iproute2: q_cake: Also print nonat, nowash and no-ack-filter keywords
Pull in latest upstream tweaks:
Similar to the previous patch for no-split-gso, the negative keywords for
'nat', 'wash' and 'ack-filter' were not printed either. Add those as well.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
033f02b9b5580e67e2f1b623f62da60d645e7ba2)
Hans Dedecker [Thu, 13 Sep 2018 07:26:44 +0000 (09:26 +0200)]
toolchain/glibc: update to latest 2.26 commit
c5c90b480e Fix segfault in maybe_script_execute.
174709d879 pthread_cond_broadcast: Fix waiters-after-spinning case [BZ #23538]
c9570bd2f5 x86: Populate COMMON_CPUID_INDEX_80000001 for Intel CPUs [BZ #23459]
86e0996b1a x86: Correct index_cpu_LZCNT [BZ #23456]
cf6deb084b conform/conformtest.pl: Escape literal braces in regular expressions
b12bed3e06 stdio-common/tst-printf.c: Remove part under a non-free license [BZ #23363]
20dc7a909a libio: Add tst-vtables, tst-vtables-interposed
4b10e69b1f Synchronize support/ infrastructure with master
762e9d63d5 NEWS: Reorder out-of-order bugs
2781bd5a86 libio: Disable vtable validation in case of interposition [BZ #23313]
74d16a57a3 Check length of ifname before copying it into to ifreq structure.
3aaf8bda00 getifaddrs: Don't return ifa entries with NULL names [BZ #21812]
f958b45d52 Use _STRUCT_TIMESPEC as guard in <bits/types/struct_timespec.h> [BZ #23349]
81b994bd83 Fix parameter type in C++ version of iseqsig (bug 23171)
7b52c8ae05 libio: Avoid _allocate_buffer, _free_buffer function pointers [BZ #23236]
4df8479e6b Add NEWS entry for CVE-2018-11236
a5bc5ec967 Add references to CVE-2018-11236, CVE-2017-18269
58ad5f8a64 Add a test case for [BZ #23196]
6b4362f2cb Don't write beyond destination in __mempcpy_avx512_no_vzeroupper (bug 23196)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Kevin Darbyshire-Bryant [Wed, 12 Sep 2018 07:24:37 +0000 (08:24 +0100)]
iproute2: q_cake: Add printing of no-split-gso option
When the GSO splitting was turned into dual split-gso/no-split-gso options,
the printing of the latter was left out. Add that, so output is consistent
with the options passed
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
8cac8572897c28e902218b445aa9bed82c40989f)
Kevin Darbyshire-Bryant [Mon, 27 Aug 2018 08:52:55 +0000 (15:52 +0700)]
iproute2: update cake man page
CAKE supports overriding of its internal classification of
packets through the tc filter mechanism.
Update the man page in our package, even though we don't
build them. Someone may find the documentation useful.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
30598a05385b0ac2380dd4f30037a9f9d0318cf2)
(cherry picked from commit
dc9388ac5506f2d0ea0fee6967c003b9129c8ca5)
Kevin Darbyshire-Bryant [Wed, 12 Sep 2018 04:10:55 +0000 (05:10 +0100)]
kmod-sched-cake: fix 6in4/gso performance issue
Bump to latest upstream cake:
Add workaround for wrong skb->mac_len values after splitting GSO
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
66fd41ba79356b1b776ba29dd8191039abc23061)
Kevin Darbyshire-Bryant [Mon, 13 Aug 2018 12:49:19 +0000 (13:49 +0100)]
kmod-sched-cake: bump to
20180827
Expand filter flow mapping to include hosts as well
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
d14ffdc307d36bd9abe908b46ff7baece54c9551)
(cherry picked from commit
721dfd4eb8a4a568c7c4320436a843d30413605e)
Kevin Darbyshire-Bryant [Sun, 29 Jul 2018 13:56:03 +0000 (14:56 +0100)]
iproute2: cake: make gso/gro splitting configurable
This patch makes sch_cake's gso/gro splitting configurable
from userspace.
To disable breaking apart superpackets in sch_cake:
tc qdisc replace dev whatever root cake no-split-gso
to enable:
tc qdisc replace dev whatever root cake split-gso
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Dave Taht <dave.taht@gmail.com>
[pulled from netdev list - no API/ABI change]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
3e8a9389961cd866b867740a2f71c2a0af97ab56)
Kevin Darbyshire-Bryant [Sat, 28 Jul 2018 20:11:14 +0000 (21:11 +0100)]
kmod-sched-cake: bump to
20180728 optional gso split
Follow upstream kernel patch that restores always splitting gso packets
by default whilst making the option configurable from (tc) userspace.
No ABI/API change
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit
fe077d20e3b484e55ad49d5711673d05d7a301de)
Rafał Miłecki [Wed, 12 Sep 2018 06:40:03 +0000 (08:40 +0200)]
mac80211: brcmfmac: backport CYW89342 support & fixes from 4.20
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
b3d441c5f7c5247c1b0c3b6e9827d49a27093d50)
Rafał Miłecki [Tue, 31 Jul 2018 07:44:19 +0000 (09:44 +0200)]
mac80211: brcmfmac: backport patch for per-firmware features
This allows driver to support features that can't be dynamically
discovered.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
fecbd91c7c12b5b1cfe894c2901083cc42863aae)
Rafał Miłecki [Thu, 26 Jul 2018 21:20:30 +0000 (23:20 +0200)]
mac80211: brcmfmac: backport 4.19 patches preparing monitor mode support
Monitor mode isn't supported yet with brcmfmac, it's just an early work.
This also prepares brcmfmac to work stable with new firmwares which use
updated struct for passing STA info.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
c0608c6a27e74923dc94772072d4a279d652b3fc)
pacien [Thu, 6 Sep 2018 13:56:17 +0000 (15:56 +0200)]
odhcp6c: add client fqdn and reconfigure options
Allowing DHCPV6_CLIENT_FQDN and DHCPV6_ACCEPT_RECONFIGURE to be turned off.
Defaulting to false, former behavior remains unchanged.
Signed-off-by: pacien <pacien.trangirard@pacien.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(cherry picked from commit
ef01c1d308d1cb200fc14ab49f0d3d0a07e1a9fe)
Koen Vandeputte [Thu, 6 Sep 2018 12:18:24 +0000 (14:18 +0200)]
kernel: bump 4.14 to 4.14.68
Refreshed all patches.
Remove upstream accepted:
- 330-Revert-MIPS-BCM47XX-Enable-74K-Core-ExternalSync-for.patch
Altered:
- 303-v4.16-netfilter-nf_tables-remove-multihook-chains-and-fami.patch
- 308-mips32r2_tune.patch
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Thu, 6 Sep 2018 12:17:17 +0000 (14:17 +0200)]
kernel: bump 4.9 to 4.9.125
Refreshed all patches.
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Henrique de Moraes Holschuh [Mon, 27 Aug 2018 11:31:29 +0000 (08:31 -0300)]
dnsmasq: allow dnsmasq variants to be included in image
The dnsmasq variants should provide dnsmasq, otherwise it is impossible
to include them in the image.
This change allows one to have CONFIG_PACKAGE_dnsmasq=m and
CONFIG_PACKAGE_dnsmasq-full=y, e.g. because you want DNSSEC support, or
IPSETs suport on your 3000-devices fleet ;-)
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
Matthias Schiffer [Tue, 4 Sep 2018 19:27:27 +0000 (21:27 +0200)]
mpc85xx: add migration script for TP-Link TL-WDR4900 v1 WLAN PCI paths
PCI paths of the WLAN devices have changed between kernel 4.4 and 4.9;
migrate config so existing wifi-iface definitions don't break.
This is implemented as a hotplug handler rather than a uci-defaults script
as the migration script must run before the 10-wifi-detect hotplug handler.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
b452af23a8602ebf7bfb0eb084383ecd595face5)
Jo-Philipp Wich [Tue, 14 Aug 2018 21:54:59 +0000 (23:54 +0200)]
libubox: set RPATH for host build
This is required for programs that indirectly link libjson-c through the
libubox blobmsg_json library.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
5762efd8b29d68e219fc9d00b681269727cbf5d5)
Daniel Golle [Mon, 6 Aug 2018 16:00:15 +0000 (18:00 +0200)]
libubox: set HOST_BUILD_PREFIX
Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make
bundle-libraries.sh happy.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
73100024d335caaa7477e5b3be27fad1d228a234)
Daniel Golle [Thu, 14 Jun 2018 18:10:04 +0000 (20:10 +0200)]
libubox: make sure blobmsg-json is included in host-build
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
56e3a19ad6b09b421db84e7266f3df3d459d23b4)
[While nothing in 18.06 needs the blobmsg-json host build, this prevents
builds failing due to incompatible json-c versions installed on the host
system]
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Daniel Golle [Mon, 6 Aug 2018 15:58:32 +0000 (17:58 +0200)]
libjson-c: set HOST_BUILD_PREFIX
Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make
bundle-libraries.sh happy.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
a5368dc30c18947d260c8b68f2f83ca57bdb95b0)
Rosen Penev [Sun, 29 Jul 2018 07:26:29 +0000 (00:26 -0700)]
libjson-c: Update package URL
Found through UScan.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
31f87ebcb25b4d266faaf347073f1913740a5891)
Daniel Golle [Thu, 14 Jun 2018 20:53:58 +0000 (22:53 +0200)]
libjson-c: fix host-build
Add -Wno-implicit-fallthrough to HOST_CFLAGS.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
5e9470a93b6e79ec63d2eda16f1849d7e3868562)
Daniel Golle [Thu, 14 Jun 2018 18:09:29 +0000 (20:09 +0200)]
libjson-c: add host build (for libblobmsg-json)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
6fc8e06078d30e8d36a00d0ecc97ac9cc148fe60)
David Bauer [Mon, 6 Aug 2018 14:15:05 +0000 (16:15 +0200)]
ar71xx: allow to override at803x sgmii aneg status
When checking the outcome of the PHY autonegotiation status, at803x
currently returns false in case the SGMII side is not established.
Due to a hardware-bug, ag71xx needs to fixup the SoCs SGMII side, which
it can't as it is not aware of the link-establishment.
This commit allows to ignore the SGMII side autonegotiation status to
allow ag71xx to do the fixup work.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit
4e39e213af7e3e0cd747403e8c227e145cfef988)
David Bauer [Mon, 6 Aug 2018 14:15:04 +0000 (16:15 +0200)]
ar71xx: fix QCA955X SGMII link loss
The QCA955X is affected by a hardware bug which causes link-loss of the
SGMII link between SoC and PHY. This happens on change of link-state or
speed.
It is not really known what causes this bug. It definitely occurs when
using a AR8033 Gigabit Ethernet PHY.
Qualcomm solves this Bug in a similar fashion. We need to apply the fix
on a per-device base via platform-data as performing the fixup work will
break connectivity in case the SGMII interface is connected to a Switch.
This bug was first proposed to be fixed by Sven Eckelmann in 2016.
https://patchwork.ozlabs.org/patch/604782/
Based-on-patch-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit
f4f99ec9737c653815268f2efad0210caaa32e2d)
Jo-Philipp Wich [Thu, 23 Aug 2018 17:08:58 +0000 (19:08 +0200)]
grub2: rebase patches
Patch 300-CVE-2015-8370.patch was added without proper rebasing on the
version used by OpenWrt, make it apply and refresh the patch to fix
compilation.
Fixes:
7e73e9128f ("grub2: Fix CVE-2015-8370")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
9ffbe84ea49fc643f41bfdf687de99aee17c9154)
Rosen Penev [Thu, 23 Aug 2018 02:07:57 +0000 (19:07 -0700)]
grub2: Fix CVE-2015-8370
This CVE is a culmination of multiple integer overflow issues that cause
multiple issues like Denial of Service and authentication bypass.
More info: https://nvd.nist.gov/vuln/detail/CVE-2015-8370
Taken from Fedora.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
7e73e9128f6a63b9198c88eea97c267810447be4)
Rosen Penev [Thu, 23 Aug 2018 02:07:56 +0000 (19:07 -0700)]
bzip2: Fix CVE-2016-3189
Issue causes a crash with specially crafted bzip2 files.
More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189
Taken from Fedora.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
f9469efbfa7ce892651f9a6da713eacbef66f177)
Jo-Philipp Wich [Wed, 29 Aug 2018 11:16:34 +0000 (13:16 +0200)]
scripts: bundle-libraries: fix logic flaw
Previous refactoring of the script moved the LDSO detection into a
file-not-exists condition, causing onyl the very first executable to
get bundled.
Solve the problem by unconditionally checking for LDSO again.
Fixes:
9030a78a71 ("scripts: bundle-libraries: prevent loading host locales")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
5ebcd32997b6d10abcd29c8795a598fdcaf4521d)
Jo-Philipp Wich [Sat, 25 Aug 2018 12:46:57 +0000 (14:46 +0200)]
scripts: bundle-libraries: prevent loading host locales (FS#1803)
Binary patch the bundled glibc library to inhibit loading of host locale
archives in order to avoid triggering internal libc assertions when
invoking shipped, bundled executables.
The problem has been solved with upstream Glibc commit
0062ace229 ("Gracefully handle incompatible locale data") but we still
need to deal with older Glibc binaries for some time to come.
Fixes FS#1803
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
9030a78a716b0a2eeed4510d4a314393262255c2)
Jo-Philipp Wich [Thu, 30 Aug 2018 08:51:09 +0000 (10:51 +0200)]
ramips: only limit lzma dictionary size on mt7621
The changed dictionary size leads to a different LZMA header which breaks
sysupgrade image magic checkibng on at least some RT288x boards.
Since the commit message only mentions testing on MT7621 and since the
change appears to break at least one other ramips subtarget, do not take
any chances and restrict the size limitation to only MT7621.
Fixes FS#1797
Fixes
09b6755946 ("ramips: limit dictionary size for lzma compression")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
77e2bccde8f7f98603f60473023dadec4f473cf6)
Thomas Equeter [Thu, 16 Aug 2018 19:39:05 +0000 (21:39 +0200)]
uqmi: wait for the control device too
The control device /dev/cdc-wdm0 is not available immediately on the
D-Link DWR-921 Rev.C3, therefore the wwan interface fails to start at
boot with a "The specified control device does not exist" error.
This patch alters /lib/netifd/proto/qmi.sh to wait for
network.wwan.delay earlier, before checking for the control device,
instead of just before interacting with the modem.
One still has to use network.wwan.proto='qmi', as the "wwan" proto
performs that sort of check before any delay is possible, failing with a
"No valid device was found" error.
Signed-off-by: Thomas Equeter <tequeter@users.noreply.github.com>
Giuseppe Lippolis [Sun, 26 Aug 2018 08:52:27 +0000 (10:52 +0200)]
comgt: increase timeout on runcommands
Some combination of modem/wireless operator requires more time to
execute the commands.
Tested on DWR-512 embedded wwan modem and italian operator iliad (new
virtual operator).
Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
(cherry picked from commit
774d7fc9f2897d7b33ef15ddaa3522531eb85970)
Bruno Randolf [Fri, 24 Aug 2018 15:59:08 +0000 (16:59 +0100)]
ugps: Update to fix position calculation
This is necessary to get my position right.
Without this my longitude is incorrecty -15.85xxxx instead of -16.52yyyy
Signed-off-by: Bruno Randolf <br1@einfach.org>
(cherry picked from commit
fe960cead7005811deb03c220f6bb5660f65e1d5)
Bruno Randolf [Thu, 23 Aug 2018 20:59:58 +0000 (21:59 +0100)]
ugps: Add option disabled
Like many other packages, an option to disable can be practical.
Signed-off-by: Bruno Randolf <br1@einfach.org>
(cherry picked from commit
6b14a73f4f619b7bbdeac1cbcd0d34b0957ca0cb)
Koen Vandeputte [Fri, 24 Aug 2018 16:00:10 +0000 (18:00 +0200)]
kernel: bump 4.14 to 4.14.67
Refreshed all patches.
Removed upstreamed patches:
- 037-v4.18-0008-ARM-dts-BCM5301x-Fix-i2c-controller-interrupt-type.patch
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Fri, 24 Aug 2018 15:58:52 +0000 (17:58 +0200)]
kernel: bump 4.9 to 4.9.124
Refreshed all patches.
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Michal Cieslakiewicz [Mon, 27 Aug 2018 18:24:04 +0000 (20:24 +0200)]
ar71xx: WNR612v2: fix kernel panic due to wrong Wifi LED init
Netgear WNR612v2 flashed with recent OpenWrt builds suffers from kernel
panic at boot during wireless chip initialization, making device
unusable:
ath: phy0: Ignoring endianness difference in EEPROM magic bytes.
ath: phy0: Enable LNA combining
CPU 0 Unable to handle kernel paging request at virtual address
1000fee1, epc ==
801d08f0, ra ==
801d0d90
Oops[#1]:
CPU: 0 PID: 469 Comm: kmodloader Not tainted 4.9.120 #0
[ ... register dump etc ... ]
Kernel panic - not syncing: Fatal exception
Rebooting in 1 seconds..
This simple patch fixes above error. It keeps LED table in memory after
kernel init phase for ath9k driver to operate correctly (__initdata
removed).
Also, another bug is fixed - correct array size is provided to function
that adds platform LEDs (this device has only 1 connected to Wifi chip)
preventing code from going outside array bounds.
Fixes:
1f5ea4eae46e ("ar71xx: add correct named default wireless led by using platform leds")
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
[trimmed commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Matthias Schiffer [Mon, 27 Aug 2018 18:25:01 +0000 (20:25 +0200)]
ar71xx/generic: enable Zyxel NBG6616 in kernel config again
The NBG6616 shares a config symbol with the NBG6716. It was accidentally
removed from the config when the ar71xx-tiny target was split off.
Fixes:
0cd5e85e7ad6 ("ar71xx: create new ar71xx/tiny subtarget for 4MB flash devices")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
a4f4ddba61e61d3f15d19c4e57733a9e44ec8d09)
Antonio Silverio [Fri, 10 Aug 2018 10:05:14 +0000 (12:05 +0200)]
mac80211: mwl8k: Expand non-DFS 5G channels
Add non-DFS 5G upper channels (149-165) besides existed 4 lower channels
(36, 40, 44, 48).
Signed-off-by: Antonio Silverio <menion@gmail.com>
Felix Fietkau [Wed, 22 Aug 2018 10:31:55 +0000 (12:31 +0200)]
mt76: update to the latest version
7daf962 mt7603: add survey support
980c606 mt7603: add fix for CCA signal configuration
30b8371 mt7603: fix BAR rate
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Hans Dedecker [Fri, 24 Aug 2018 13:02:24 +0000 (15:02 +0200)]
dropbear: backport upstream fix for CVE-2018-15599
CVE description :
The recv_msg_userauth_request function in svr-auth.c in Dropbear through
2018.76 is prone to a user enumeration vulnerability because username
validity affects how fields in SSH_MSG_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Roger Pueyo Centelles [Thu, 23 Aug 2018 13:04:31 +0000 (15:04 +0200)]
ramips: mt7620: add dir-810l network config
The device was not included in the /etc/board.d/02_network file, so
the network wouldn't be properly set up on boot.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Mathias Kresin [Wed, 22 Aug 2018 04:57:48 +0000 (06:57 +0200)]
ramips: fix compatibles in SoC dtsi
The former used compatibles aren't defined anywhere and aren't used by
the devicetree source files including them.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Wed, 22 Aug 2018 04:40:28 +0000 (06:40 +0200)]
ramips: fix GL-MT300N-V2 SoC compatible
According to
abbfcc85259a ("ramips: add support for GL-inet
GL-MT300N-V2") the board has a MediaTek MT7628AN. Change the SoC
compatible to match the used hardware.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Wed, 22 Aug 2018 04:26:36 +0000 (06:26 +0200)]
ramips: drop not existing groups from pinmux
RT5350 neither have rgmii nor a mdio pinmux group. MT7628an doesn't
have a jtag group. Having these groups defined might cause a boot
panic.
The pin controller fails to initialise for kernels > 4.9 if invalid
groups are used. If a subsystem references a pin controller
configuration node, it can not find this node and errors out. In worst
case it's the SPI driver which errors out and we have no root
filesystem to mount.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Mathias Kresin [Wed, 15 Aug 2018 06:20:33 +0000 (08:20 +0200)]
generic: revert workarounds for AR8337 switch
The intention of
967b6be118e3 ("ar8327: Add workarounds for AR8337
switch") was to remove the register fixups for AR8337. But instead they
were removed for AR8327.
The RGMII RX delay is forced even if the port is used as phy instead of
mac, which results in no package flow at least for one board.
Fixes: FS#1664
Signed-off-by: Mathias Kresin <dev@kresin.me>
Koen Vandeputte [Wed, 22 Aug 2018 09:24:37 +0000 (11:24 +0200)]
kernel: bump 4.14 to 4.14.66
Refreshed all patches
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Wed, 22 Aug 2018 09:24:00 +0000 (11:24 +0200)]
kernel: bump 4.9 to 4.9.123
Refreshed all patches
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Daniel Engberg [Thu, 7 Jun 2018 17:21:12 +0000 (19:21 +0200)]
tools/bison: Update to 3.0.5
Update bison to 3.0.5
Bugfix release
Remove 001-fix-macos-vasnprintf.patch as it is fixed upstream
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit
df02e7a3c790552c9620242544ec0137dae6a32b)
Mathias Kresin [Sun, 18 Feb 2018 21:48:44 +0000 (22:48 +0100)]
cns3xxx: fix mtu setting with kernel 4.14
Since kernel 4.10 commit
61e84623ace3 ("net: centralize net_device
min/max MTU checking"), the range of mtu is [min_mtu, max_mtu], which
is [68, 1500] by default.
It's necessary to set a max_mtu if a mtu > 1500 is supported.
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Koen Vandeputte [Mon, 20 Aug 2018 08:45:32 +0000 (10:45 +0200)]
kernel: bump 4.14 to 4.14.65
Refreshed all patches.
Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Mon, 20 Aug 2018 08:44:33 +0000 (10:44 +0200)]
kernel: bump 4.9 to 4.9.122
Refreshed all patches.
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Jo-Philipp Wich [Thu, 16 Aug 2018 16:36:52 +0000 (18:36 +0200)]
OpenWrt v18.06.1: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 16 Aug 2018 16:36:48 +0000 (18:36 +0200)]
OpenWrt v18.06.1: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 16 Aug 2018 07:43:11 +0000 (09:43 +0200)]
rpcd: update to latest git HEAD
41333ab uci: tighten uci reorder operation error handling
f91751b uci: tighten uci delete operation error handling
c2c612b uci: tighten uci set operation error handling
948bb51 uci: tighten uci add operation error handling
51980c6 uci: reject invalid section and option names
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
8c91807214c42b481a0893e118d46f488419468a)
Hauke Mehrtens [Wed, 15 Aug 2018 20:17:11 +0000 (22:17 +0200)]
openssl: update to version 1.0.2p
This fixes the following security problems:
* CVE-2018-0732: Client DoS due to large DH parameter
* CVE-2018-0737: Cache timing vulnerability in RSA Key Generation
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Wed, 15 Aug 2018 19:50:09 +0000 (21:50 +0200)]
kernel: bump kernel 4.9 to version 4.9.120
The following patch was integrated upstream:
* target/linux/generic/backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch
This fixes tries to work around the following security problems:
* CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
* CVE-2018-3646 L1 Terminal Fault Virtualization related aspects
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Wed, 15 Aug 2018 20:40:58 +0000 (22:40 +0200)]
kernel: bump kernel 4.14 to version 4.14.63
The following patches were integrated upstream:
* target/linux/ipq40xx/patches-4.14/050-0006-mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch
* target/linux/mediatek/patches-4.14/0177-phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass.patch
This fixes tries to work around the following security problems:
* CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
* CVE-2018-3646 L1 Terminal Fault Virtualization related aspects
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Zoltan HERPAI [Mon, 13 Aug 2018 08:26:03 +0000 (10:26 +0200)]
ramips: add missing USB packages into ASL26555-16M
Mirror the package list from the 8M device profile to the
16M device profile.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Paul Wassi [Sun, 12 Aug 2018 08:02:22 +0000 (10:02 +0200)]
brcm47xx: cosmetic fix in model detection
In "brcm47xx: rework model detection" the file 01_detect was moved
to 01_network, therefore also update the warning message in case
everything fails.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Hauke Mehrtens [Sun, 12 Aug 2018 09:32:57 +0000 (11:32 +0200)]
ath25: Do not build images for ubnt2 and ubnt5
The flash size of the ubnt2 and ubnt5 is limited and the images with
LuCI are getting too big for these boards. Do not build images for these
boards to make the complete build of this target not fail anymore.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 12 Aug 2018 09:31:28 +0000 (11:31 +0200)]
at91: do not build image for at91-q5xr5
The kernel image of the at91-q5xr5 is getting too bing now and this is
breaking the build. Remove the image for the at91-q5xr5 from the build
to at least build images for the other devices.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Yousong Zhou [Sat, 11 Aug 2018 12:03:14 +0000 (12:03 +0000)]
uci: bump to source date 2018-08-11
Fixes segfault when parsing malformed delta lines
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit
3493c1cf41ecaa2f87394059a26578f723109a15)
Kabuli Chana [Thu, 14 Jun 2018 18:39:22 +0000 (12:39 -0600)]
mwlwifi: update to version 10.3.8.0-
20180615
fix mcs rate for HT
support 88W8997
protect rxringdone
Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
Luis Araneda [Thu, 9 Aug 2018 02:32:46 +0000 (22:32 -0400)]
tools: findutils: fix compilation with glibc 2.28
Add a temporary workaround to compile with glibc 2.28
as some constants were removed and others made private
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
Luis Araneda [Thu, 9 Aug 2018 02:32:45 +0000 (22:32 -0400)]
tools: m4: fix compilation with glibc 2.28
Add a temporary workaround to compile with glibc 2.28
as some constants were removed and others made private
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
Koen Vandeputte [Thu, 9 Aug 2018 15:18:12 +0000 (17:18 +0200)]
kernel: bump 4.14 to 4.14.62
Refreshed all patches.
Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Thu, 9 Aug 2018 15:17:50 +0000 (17:17 +0200)]
kernel: bump 4.9 to 4.9.119
Refreshed all patches.
Delete upstreamed patch:
- 100-tcp-add-tcp_ooo_try_coalesce-helper.patch
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
John Crispin [Fri, 10 Aug 2018 13:48:21 +0000 (15:48 +0200)]
wpa_supplicant: fix CVE-2018-14526
Unauthenticated EAPOL-Key decryption in wpa_supplicant
Published: August 8, 2018
Identifiers:
- CVE-2018-14526
Latest version available from: https://w1.fi/security/2018-1/
Vulnerability
A vulnerability was found in how wpa_supplicant processes EAPOL-Key
frames. It is possible for an attacker to modify the frame in a way that
makes wpa_supplicant decrypt the Key Data field without requiring a
valid MIC value in the frame, i.e., without the frame being
authenticated. This has a potential issue in the case where WPA2/RSN
style of EAPOL-Key construction is used with TKIP negotiated as the
pairwise cipher. It should be noted that WPA2 is not supposed to be used
with TKIP as the pairwise cipher. Instead, CCMP is expected to be used
and with that pairwise cipher, this vulnerability is not applicable in
practice.
When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data
field is encrypted using RC4. This vulnerability allows unauthenticated
EAPOL-Key frames to be processed and due to the RC4 design, this makes
it possible for an attacker to modify the plaintext version of the Key
Data field with bitwise XOR operations without knowing the contents.
This can be used to cause a denial of service attack by modifying
GTK/IGTK on the station (without the attacker learning any of the keys)
which would prevent the station from accepting received group-addressed
frames. Furthermore, this might be abused by making wpa_supplicant act
as a decryption oracle to try to recover some of the Key Data payload
(GTK/IGTK) to get knowledge of the group encryption keys.
Full recovery of the group encryption keys requires multiple attempts
(128 connection attempts per octet) and each attempt results in
disconnection due to a failure to complete the 4-way handshake. These
failures can result in the AP/network getting disabled temporarily or
even permanently (requiring user action to re-enable) which may make it
impractical to perform the attack to recover the keys before the AP has
already changes the group keys. By default, wpa_supplicant is enforcing
at minimum a ten second wait time between each failed connection
attempt, i.e., over 20 minutes waiting to recover each octet while
hostapd AP implementation uses 10 minute default for GTK rekeying when
using TKIP. With such timing behavior, practical attack would need large
number of impacted stations to be trying to connect to the same AP to be
able to recover sufficient information from the GTK to be able to
determine the key before it gets changed.
Vulnerable versions/configurations
All wpa_supplicant versions.
Acknowledgments
Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU
Leuven for discovering and reporting this issue.
Possible mitigation steps
- Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This
can be done also on the AP side.
- Merge the following commits to wpa_supplicant and rebuild:
WPA: Ignore unauthenticated encrypted EAPOL-Key data
This patch is available from https://w1.fi/security/2018-1/
- Update to wpa_supplicant v2.7 or newer, once available
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit
1961948585e008ad0095d7074784893229b00d06)
Jo-Philipp Wich [Thu, 9 Aug 2018 13:27:12 +0000 (15:27 +0200)]
Revert "libevent2: Don't build tests and samples"
This reverts commit
fe90d14880ad80e5cbc0eba036f8f9f83fa77396.
The cherry pick does not apply cleanly to 18.06.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>