oweals/openwrt.git
5 years agokernel: bump 4.9 to 4.9.191
Koen Vandeputte [Mon, 9 Sep 2019 10:43:30 +0000 (12:43 +0200)]
kernel: bump 4.9 to 4.9.191

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoramips: fix duplicate network setup for dlink, dir-615-h1
Adrian Schmutzler [Sat, 7 Sep 2019 15:06:51 +0000 (17:06 +0200)]
ramips: fix duplicate network setup for dlink, dir-615-h1

In 555ca422d1cb ("ramips: fix D-Link DIR-615 H1 switch port
mapping"), port setup for dir-615-h1 was changed without removing
the old one. This was working as the new one was triggered earlier
than the old one.

(In the meantine, changed sorting during ramips rename patches
actually inversed that order.)

Anyway, just remove the wrong case now.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit e35e4a996e26f17b69d200505ecea78af96a2704)

5 years agoramips: fix D-Link DIR-615 H1 switch port mapping
Mirko Parthey [Sat, 7 Sep 2019 15:06:50 +0000 (17:06 +0200)]
ramips: fix D-Link DIR-615 H1 switch port mapping

Reuse a device-specific switch port mapping which also applies to the
D-Link DIR-615 H1.

Signed-off-by: Mirko Parthey <mirko.parthey@web.de>
[cherry-pick/rebase]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 555ca422d1cbc2db354c0ed03d1a79650f590859)

5 years agoramips: remove duplicate case for MAC setup of freestation5
Adrian Schmutzler [Sat, 7 Sep 2019 15:06:49 +0000 (17:06 +0200)]
ramips: remove duplicate case for MAC setup of freestation5

ARC FreeStation5 is present twice in MAC address setup.

>From older commits/changes, it is not possible to reconstruct
the correct choice only by reading the annotations.

Thus, remove the second case and keep the first one, so behavior
stays the same (as nobody seems to have complained about it).

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit ad4eb2241b33b05b0942a3fa7ed2e53fb6e84386)

5 years agomac80211: brcmfmac: backport more kernel 5.4 changes
Rafał Miłecki [Mon, 9 Sep 2019 07:37:53 +0000 (09:37 +0200)]
mac80211: brcmfmac: backport more kernel 5.4 changes

Patch getting RAM info got upstreamed. A debugging fs entry for testing
reset feature was added.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 681acdcc54d2e59135bb706c38bed942f74ccf74)

5 years agobzip2: Fix CVE-2019-12900
Josef Schlehofer [Sun, 1 Sep 2019 18:34:01 +0000 (20:34 +0200)]
bzip2: Fix CVE-2019-12900

More details about this CVE:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
5 years agoar71xx: WNR2200: remove redundant GPIO for WLAN LED
Michal Cieslakiewicz [Fri, 2 Aug 2019 15:12:34 +0000 (17:12 +0200)]
ar71xx: WNR2200: remove redundant GPIO for WLAN LED

Without this patch, an extra entry appears for AR9287 GPIO
that duplicates WLAN LED but in fact drives nothing:

gpiochip1: GPIOs 502-511, ath9k-phy0:
 gpio-502 (                    |netgear:blue:wlan   ) out hi
 gpio-503 (                    |netgear:amber:test  ) out hi
 gpio-504 (                    |netgear:green:power ) out lo
 gpio-505 (                    |rfkill              ) in  hi
 gpio-507 (                    |wps                 ) in  hi
 gpio-508 (                    |reset               ) in  hi
 gpio-510 (                    |ath9k-phy0          ) out hi <===!

The pin pointed above is default LED GPIO (8) for AR9287.
For WNR2200 it is not connected anywhere - pin 0 drives blue WLAN
LED instead - but initialization code is missing that information.

This fix calls ap9x_pci_setup_wmac_led_pin() function at device
setup, forcing WLAN LED pin to be 0 and removing redundant entry.

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
5 years agokernel: bump 4.14 to 4.14.141
Koen Vandeputte [Thu, 29 Aug 2019 09:00:17 +0000 (11:00 +0200)]
kernel: bump 4.14 to 4.14.141

Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoath9k: backport dynack improvements
Koen Vandeputte [Wed, 28 Aug 2019 10:12:41 +0000 (12:12 +0200)]
ath9k: backport dynack improvements

Close cooperation with Lorenzo Bianconi resulted
in these patches which fix all remaining seen issues
when using dynack.

Fix link losses when:
- Late Ack's are not seen or not present
- switching from too low static coverage class to dynack on a live link

These are fixed by setting the Ack Timeout/Slottime to
the max possible value for the currently used channel width when
a new station has been discovered.

When traffic flows, dynack is able to adjust to optimal values
within a few packets received (typically < 1 second)

These changes have been thoroughly tested on ~60 offshore devices
all interconnected using mesh over IBSS and dynack enabled on all.

Distances between devices varied from <100m up to ~35km

[move patches to correct folder + renumber]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
(cherry picked from commit f6e8ba0238fe349b7529357793e2fb18635819ed)

5 years agokernel: bump 4.14 to 4.14.140
Koen Vandeputte [Tue, 27 Aug 2019 10:32:17 +0000 (12:32 +0200)]
kernel: bump 4.14 to 4.14.140

Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.190
Koen Vandeputte [Tue, 27 Aug 2019 10:31:51 +0000 (12:31 +0200)]
kernel: bump 4.9 to 4.9.190

Refreshed all patches.

Fixes:
- CVE-2019-3900

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.14 to 4.14.139
Koen Vandeputte [Fri, 16 Aug 2019 10:05:22 +0000 (12:05 +0200)]
kernel: bump 4.14 to 4.14.139

Refreshed all patches.

Also add a missing symbol for x86 which got used now in this bump.
- ISCSI_IBFT

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agomusl: Fix CVE-2019-14697
Hauke Mehrtens [Sun, 18 Aug 2019 21:24:43 +0000 (23:24 +0200)]
musl: Fix CVE-2019-14697

musl libc through 1.1.23 has an x87 floating-point stack adjustment
imbalance, related to the math/i386/ directory. In some cases, use of
this library could introduce out-of-bounds writes that are not present
in an application's source code.

This problem only affects x86 and no other architectures.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit c262daf308e0f0bd93bb5c5ee6238773935079ee)

5 years agoiptables: patch CVE-2019-11360 (security fix)
Jan Pavlinec [Thu, 15 Aug 2019 10:51:52 +0000 (12:51 +0200)]
iptables: patch CVE-2019-11360 (security fix)

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
5 years agomusl: ldso/dlsym: fix mips returning undef dlsym
Luiz Angelo Daros de Luca [Tue, 13 Aug 2019 06:01:07 +0000 (03:01 -0300)]
musl: ldso/dlsym: fix mips returning undef dlsym

This happens only the second time a library is loaded by dlopen().
After lib1 is loaded, dlsym(lib1,"undef1") correctly resolves the undef
symbol from lib1 dependencies. After the second library is loaded,
dlsym(lib2,"undef1") was returning the address of "undef1" in lib2
instead of searching lib2 dependencies.

Backporting upstream fix which now uses the same logic for relocation
time and dlsym.

Fixes openwrt/packages#9297

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
5 years agowolfssl: fixes for CVE-2018-16870 & CVE-2019-13628
Eneas U de Queiroz [Mon, 5 Aug 2019 17:45:41 +0000 (14:45 -0300)]
wolfssl: fixes for CVE-2018-16870 & CVE-2019-13628

CVE-2018-16870: medium-severity, new variant of the Bleichenbacher
attack to perform downgrade attacks against TLS, which may lead to
leakage of sensible data. Backported from 3.15.7.

CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes
when performing ECDSA signing operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack. Backported from 4.1.0.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
5 years agokernel: bump 4.14 to 4.14.138
Koen Vandeputte [Mon, 12 Aug 2019 08:45:33 +0000 (10:45 +0200)]
kernel: bump 4.14 to 4.14.138

Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.189
Koen Vandeputte [Mon, 12 Aug 2019 08:11:14 +0000 (10:11 +0200)]
kernel: bump 4.9 to 4.9.189

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoxfsprogs: Replace valloc with posix_memalign
Rosen Penev [Mon, 6 May 2019 21:57:18 +0000 (14:57 -0700)]
xfsprogs: Replace valloc with posix_memalign

Fixes compilation under uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit e49b6bb61828b8b903db0ef48113b4065a215c63)

5 years agolibbsd: Fix compilation under ARC
Rosen Penev [Wed, 1 May 2019 17:04:45 +0000 (10:04 -0700)]
libbsd: Fix compilation under ARC

The 8 year old file does not have any ARC definitions.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[updated content of the patch with version sent to upstream]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 395bef4bbacc0dd1cca72907529539194504be27)

5 years agonftables: Fix compilation with uClibc-ng
Rosen Penev [Wed, 1 May 2019 17:08:10 +0000 (10:08 -0700)]
nftables: Fix compilation with uClibc-ng

Missing header for va_list.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
(cherry picked from commit 2f977974714468e1a0ee20e4cce233da63d06dd0)

5 years agotools/patch: apply upstream patch for cve-2019-13638
Russell Senior [Sun, 11 Aug 2019 20:57:08 +0000 (13:57 -0700)]
tools/patch: apply upstream patch for cve-2019-13638

GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed style

diff payload with shell metacharacters. The ed editor does not need to be
present on the vulnerable system. This is different from CVE-2018-1000156.

https://nvd.nist.gov/vuln/detail/CVE-2019-13638

Signed-off-by: Russell Senior <russell@personaltelco.net>
(cherry picked from commit bcfd1d76852974170780dbe368e6194dbb0e123e)

5 years agotools/patch: apply upstream patch for CVE-2019-13636
Russell Senior [Mon, 29 Jul 2019 19:09:09 +0000 (12:09 -0700)]
tools/patch: apply upstream patch for CVE-2019-13636

In GNU patch through 2.7.6, the following of symlinks is mishandled in
certain cases other than input files. This affects inp.c and util.c.

https://nvd.nist.gov/vuln/detail/CVE-2019-13636

Signed-off-by: Russell Senior <russell@personaltelco.net>
(cherry picked from commit 995bcc532943639f3df36dbcaa361f9167f9f4d5)

5 years agokernel: bump 4.14 to 4.14.137
Koen Vandeputte [Wed, 7 Aug 2019 12:25:32 +0000 (14:25 +0200)]
kernel: bump 4.14 to 4.14.137

Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.188
Koen Vandeputte [Wed, 7 Aug 2019 11:54:26 +0000 (13:54 +0200)]
kernel: bump 4.9 to 4.9.188

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoconfig: introduce separate CONFIG_SIGNATURE_CHECK option
Jo-Philipp Wich [Tue, 6 Aug 2019 19:22:27 +0000 (21:22 +0200)]
config: introduce separate CONFIG_SIGNATURE_CHECK option

Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value
of CONFIG_SIGNED_PACKAGES and thus is enabled by default.

This option is needed to support building target opkg with enabled
signature verification while having the signed package lists disabled.

Our buildbots currently disable package signing globally in the
buildroot and SDK to avoid the need to ship private signing keys to
the build workers and to prevent the triggering of random key generation
on the worker nodes since package signing happens off-line on the master
nodes.

As unintended side-effect, updated opkg packages will get built with
disabled signature verification, hence the need for a new override option.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f565f276e2c06ac8f3176e0b16d6f2d40cd653d4)

5 years agopackages: apply usign padding workarounds to package indexes if needed
Jo-Philipp Wich [Wed, 7 Aug 2019 05:15:07 +0000 (07:15 +0200)]
packages: apply usign padding workarounds to package indexes if needed

Since usign miscalculates SHA-512 digests for input sizes of exactly
64 + N * 128 + 110 or 64 + N * 128 + 111 bytes, we need to apply some
white space padding to avoid triggering the hashing edge case.

While usign itself has been fixed already, there is still many firmwares
in the wild which use broken usign versions to verify current package
indexes so we'll need to carry this workaround in the forseeable future.

Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Ref: https://git.openwrt.org/5a52b379902471cef495687547c7b568142f66d2
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit e1f588e446c7ceb696b644b37aeab9b3476e2a57)

5 years agousign: update to latest Git HEAD
Jo-Philipp Wich [Tue, 6 Aug 2019 18:55:39 +0000 (20:55 +0200)]
usign: update to latest Git HEAD

This update fixes usign signature verification on files with certain
file sizes triggering a bug in the shipped SHA-512 implementation.

5a52b37 sha512: fix bad hardcoded constant in sha512_final()
3e6648b README: replace unicode character
716c3f2 README: add reference to OpenBSD signify
86d3668 README: provide reference for ed25519 algorithm
939ec35 usign: main.c: describe necessary arguments for -G

Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 991dd5a89340367920315a3fd0390a7423e6b34a)

5 years agokernel: bump 4.14 to 4.14.136
Koen Vandeputte [Mon, 5 Aug 2019 10:21:47 +0000 (12:21 +0200)]
kernel: bump 4.14 to 4.14.136

Refreshed all patches.

Altered patches:
- 306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch

Remove upstreamed:
- 505-arm64-dts-marvell-Fix-A37xx-UART0-register-size

Fixes:
- CVE-2019-13648
- CVE-2019-10207

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.187
Koen Vandeputte [Mon, 5 Aug 2019 09:06:09 +0000 (11:06 +0200)]
kernel: bump 4.9 to 4.9.187

Refreshed all patches.

Altered patches:
- 021-bridge-multicast-to-unicast.patch

Remove upstreamed:
- 001-um-Allow-building-and-running-on-older-hosts.patch
- 003-um-Fix-check-for-_xstate-for-older-hosts.patch

Fixes:
- CVE-2019-10207
- CVE-2019-13648

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoar71xx: wpj531: fix SIG1/RSS1 LED GPIO
Leon M. George [Fri, 26 Jul 2019 18:21:26 +0000 (20:21 +0200)]
ar71xx: wpj531: fix SIG1/RSS1 LED GPIO

In commit 6c937df749c7 ("ar71xx: wpj531: fix GPIOs for LED") wrong GPIO
13 for SIG1/RSS1 LED was commited, the correct GPIO number for this LED
is 12.

It's listed in "Hardware Guide - wpj531 7A06 (02/07/2019)" as GPIO12/RSS1
on the LED header and same GPIO 12 is used in the vendor's SDK as well.

Fixes: 6c937df749c7 ("ar71xx: wpj531: fix GPIOs for LED")
Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit subject/message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit c070662980047838004b83f7af59e7015d3c7922)

5 years agoar71xx: fix HiveAP 121 PLL for 1000M
David Bauer [Tue, 30 Jul 2019 17:16:21 +0000 (19:16 +0200)]
ar71xx: fix HiveAP 121 PLL for 1000M

The Aerohive HiveAP 121 has the wrong PLL value set for Gigabit speeds,
leading to packet-loss. 10M and 100M work fine.

This commit sets the Gigabit Ethernet PLL value to the correct value,
fixing packet loss.

Confirmed with iperf and floodping.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit cb49e46a8a4526d86270ced3ba3aa90225ca82d7)

5 years agokernel: bump 4.14 to 4.14.134
Koen Vandeputte [Mon, 29 Jul 2019 11:55:26 +0000 (13:55 +0200)]
kernel: bump 4.14 to 4.14.134

Refreshed all patches.

Fixes:
- CVE-2019-3846
- CVE-2019-3900

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.186
Koen Vandeputte [Mon, 29 Jul 2019 11:53:37 +0000 (13:53 +0200)]
kernel: bump 4.9 to 4.9.186

Refreshed all patches.

Fixes:
- CVE-2019-3846

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoimx6: bump SDMA firmware to 3.5
Koen Vandeputte [Mon, 29 Jul 2019 13:15:02 +0000 (15:15 +0200)]
imx6: bump SDMA firmware to 3.5

- add uart rom script address in header of sdma firmware to support
  the uart driver of latest kernel working well while old firmware
  assume ram script used for uart driver as NXP internal legacy
  kernel.
- add multi-fifo SAI/PDM scripts.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 819b6345a206ad182dd3c2d786a3d7f04e33f751)

5 years agoimx6: bump sdma firmware to 3.4
Koen Vandeputte [Mon, 8 Apr 2019 16:06:38 +0000 (18:06 +0200)]
imx6: bump sdma firmware to 3.4

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit fa8d5ad21bd7f12c2d9c3580226d0c708255e55d)

5 years agomac80211: brcm: improve brcmfmac debugging of firmware crashes
Rafał Miłecki [Sun, 28 Jul 2019 14:21:04 +0000 (16:21 +0200)]
mac80211: brcm: improve brcmfmac debugging of firmware crashes

This provides a complete console messages dump.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
5 years agomac80211: brcm: update brcmfmac 5.4 patches
Rafał Miłecki [Sun, 28 Jul 2019 14:13:47 +0000 (16:13 +0200)]
mac80211: brcm: update brcmfmac 5.4 patches

Use commits from wireless-drivers-next.git.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
5 years agoomcproxy: fix compilation on little-endian CPUs
Eneas U de Queiroz [Fri, 14 Dec 2018 18:25:27 +0000 (16:25 -0200)]
omcproxy: fix compilation on little-endian CPUs

Don't use cpu_to_be32 outside of a function.

In file included from /omcproxy-2017-02-14-1fe6f48f/src/omcproxy.h:51:0,
                 from omcproxy-2017-02-14-1fe6f48f/src/mrib.c:39:
omcproxy-2017-02-14-1fe6f48f/src/mrib.c:57:34: error: braced-group within expression allowed only inside a function
 static uint32_t ipv4_rtr_alert = cpu_to_be32(0x94040000);
                                  ^
cc1: warning: unrecognized command line option '-Wno-gnu'

Ref: https://downloads.openwrt.org/releases/faillogs-18.06/arm_cortex-a9_vfpv3/base/omcproxy/compile.txt
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
[more verbose commit message]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit cb4d00d1841ef6269114f2bd3880800dbdfba3b1)

5 years agoscripts: ipkg-make-index.sh: dereference symbolic links
Jo-Philipp Wich [Thu, 31 Jan 2019 11:25:19 +0000 (12:25 +0100)]
scripts: ipkg-make-index.sh: dereference symbolic links

Use `stat -L` instead of `ls -l` to follow symbolic links when obtaining
the file size of .ipk archives.

Without this change, the size of the symlink, not the size of the target
file is encoded in the package index file.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit ece5cab743f9df6c9655d6117e92fda110292173)
Fixes: e6af9c017b0c ("opkg: bump to version 2019-06-14")
[ rmilecki: this has to be backported due to the recent opkg update and
  cb6640381808 ("libopkg: check for file size mismatches") to fix false
  "opkg_install_pkg: Package size mismatch" errors ]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
5 years agomac80211: brcmfmac: backport fixes from kernel 5.4
Rafał Miłecki [Sun, 21 Jul 2019 21:09:53 +0000 (23:09 +0200)]
mac80211: brcmfmac: backport fixes from kernel 5.4

This fixes:
1) Crash during USB disconnect
2) Crash in brcmf_txfinalize() on rmmod with packets queued
3) Some errors in exit path

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
5 years agobusybox: strip off ALTERNATIVES spec
Yousong Zhou [Fri, 12 Jul 2019 07:50:21 +0000 (07:50 +0000)]
busybox: strip off ALTERNATIVES spec

Now that busybox is a known alternatives provider by opkg, we remove the
ALTERNATIVES spec and add a note to make the implicit situation clear

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry-picked from 62be427067ee3883b68bcfb08dfc0c43dce22fa3)

5 years agoopkg: bump to version 2019-06-14
Yousong Zhou [Fri, 12 Jul 2019 07:52:03 +0000 (07:52 +0000)]
opkg: bump to version 2019-06-14

Changelog

  dcbc142 alternatives: remove duplicate 'const' specifier
  21b7bd7 alternatives: special-case busybox as alternatives provider
  d4ba162 libopkg: only perform size check when information is available
  cb66403 libopkg: check for file size mismatches

Opkg starting from this version special-cases busybox as alternatives
provider.  There should be no need to add entries to ALTERNATIVES of
busybox package

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
5 years agobase-files: Fix path check in get_mac_binary
Adrian Schmutzler [Mon, 8 Jul 2019 08:17:28 +0000 (10:17 +0200)]
base-files: Fix path check in get_mac_binary

Logic was inverted when changing from string check to file check.
Fix it.

Fixes: 8592602d0a88 ("base-files: Really check path in get_mac_binary")
Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 6ed3349308b24a6bac753643970a1f9f56ff6070)

5 years agokernel: bump 4.14 to 4.14.132
Koen Vandeputte [Tue, 9 Jul 2019 09:21:04 +0000 (11:21 +0200)]
kernel: bump 4.14 to 4.14.132

Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agobase-files: Really check path in get_mac_binary
Adrian Schmutzler [Thu, 4 Jul 2019 21:28:44 +0000 (23:28 +0200)]
base-files: Really check path in get_mac_binary

Currently, path argument is only checked for being not empty.

This changes behavior to actually check whether path exists.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
5 years agowireguard: bump to 0.0.20190601
Jason A. Donenfeld [Sat, 1 Jun 2019 11:39:59 +0000 (13:39 +0200)]
wireguard: bump to 0.0.20190601

There was an issue with the backport compat layer in yesterday's snapshot,
causing issues on certain (mostly Atom) Intel chips on kernels older than
4.2, due to the use of xgetbv without checking cpu flags for xsave support.
This manifested itself simply at module load time. Indeed it's somewhat tricky
to support 33 different kernel versions (3.10+), plus weird distro
frankenkernels.

If OpenWRT doesn't support < 4.2, you probably don't need to apply this.
But it also can't hurt, and probably best to stay updated.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit 593b487538079f2a22300f3f22ffb21b20da36a0)

5 years agoramips: fix mt7620 pinmux for second SPI
Mathias Kresin [Wed, 22 Aug 2018 05:30:36 +0000 (07:30 +0200)]
ramips: fix mt7620 pinmux for second SPI

The mt7620 doesn't have a pinmux group named spi_cs1. The cs1 is part
of the "spi refclk" group. The function "spi refclk" enables the second
chip select.

On reset, the pins of the "spi refclk" group are used as reference
clock and GPIO.

Signed-off-by: Mathias Kresin <dev@kresin.me>
(cherry picked from commit 3601c3de23f15e2735adc4becdca14c803b6b1a5)

5 years agoOpenWrt v18.06.4: revert to branch defaults
Jo-Philipp Wich [Sun, 30 Jun 2019 10:16:44 +0000 (12:16 +0200)]
OpenWrt v18.06.4: revert to branch defaults

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agoOpenWrt v18.06.4: adjust config defaults v18.06.4
Jo-Philipp Wich [Sun, 30 Jun 2019 10:16:40 +0000 (12:16 +0200)]
OpenWrt v18.06.4: adjust config defaults

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agouqmi: bump to latest git HEAD
Koen Vandeputte [Thu, 20 Jun 2019 11:08:30 +0000 (13:08 +0200)]
uqmi: bump to latest git HEAD

1965c7139374 uqmi: add explicit check for message type when expecting a response
01944dd7089b uqmi_add_command: fixed command argument assignment

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 47986dc6ea1d643cd348501da09cd2e3ee2f9ee1)

5 years agouqmi: inherit firewall zone membership to virtual sub interfaces
Jo-Philipp Wich [Wed, 14 Nov 2018 11:49:45 +0000 (12:49 +0100)]
uqmi: inherit firewall zone membership to virtual sub interfaces

Fix an issue where subinterfaces were not added to the same
firewall zone as their parent.

Fixes: FS#2122
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 64bb88841fbc2d9a9dfee12775a18e5dc89ac16e)

5 years agouqmi: fix PIN_STATUS_FAILED error with MC7455 WCDMA/LTE modem
Daniel Golle [Wed, 20 Feb 2019 14:12:44 +0000 (15:12 +0100)]
uqmi: fix PIN_STATUS_FAILED error with MC7455 WCDMA/LTE modem

Apparently this modem replies differently to attempted --get-pin-status
which makes the script fail if a pincode is set. Fix this.

Manufacturer: Sierra Wireless, Incorporated
Model: MC7455
Revision: SWI9X30C_02.24.05.06 r7040 CARMD-EV-FRMWR2 2017/05/19 06:23:09

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 0b373bf4d6a1a7a53e06946972ebb812b4cc2f0f)

5 years agokernel: bump 4.14 to 4.14.131
Koen Vandeputte [Thu, 27 Jun 2019 10:36:48 +0000 (12:36 +0200)]
kernel: bump 4.14 to 4.14.131

Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.184
Koen Vandeputte [Thu, 27 Jun 2019 10:35:59 +0000 (12:35 +0200)]
kernel: bump 4.9 to 4.9.184

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.14 to 4.14.130
Koen Vandeputte [Tue, 25 Jun 2019 10:53:55 +0000 (12:53 +0200)]
kernel: bump 4.14 to 4.14.130

Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.14 to 4.14.129
Koen Vandeputte [Mon, 24 Jun 2019 11:44:29 +0000 (13:44 +0200)]
kernel: bump 4.14 to 4.14.129

Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.183
Koen Vandeputte [Mon, 24 Jun 2019 11:42:02 +0000 (13:42 +0200)]
kernel: bump 4.9 to 4.9.183

Refreshed all patches.

Remove upstreamed:
- 010-revert-staging-vc04_services-prevent-integer-overflow-in-create_pagelist.patch

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoOpenWrt v18.06.3: revert to branch defaults
Jo-Philipp Wich [Fri, 21 Jun 2019 12:26:23 +0000 (14:26 +0200)]
OpenWrt v18.06.3: revert to branch defaults

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agoOpenWrt v18.06.3: adjust config defaults v18.06.3
Jo-Philipp Wich [Fri, 21 Jun 2019 12:26:22 +0000 (14:26 +0200)]
OpenWrt v18.06.3: adjust config defaults

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agofstools: block-mount: fix restart of fstab service
Karel Kočí [Wed, 5 Jun 2019 11:18:41 +0000 (13:18 +0200)]
fstools: block-mount: fix restart of fstab service

Restarting service causes file-systems to be unmounted without being
mounted back. When this service was obsoleted it should have been
implemented in a way that all actions are ignored. Up to this commit
default handler was called when restart was requested. This default
handler just simply calls stop and start. That means that stop called
unmount but start just printed that this service is obsoleted.

This instead implements restart that just prints same message like start
does. It just calls start in reality. This makes restart unavailable for
call.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit 3ead9e7b743b1fbd3b07f5a72a16999abbec9347)

5 years agofstools: update to the latest master branch
Petr Štetiar [Thu, 28 Mar 2019 11:57:08 +0000 (12:57 +0100)]
fstools: update to the latest master branch

ff1ded6 libfstools: Fix overflow of F2FS_MINSIZE constant
bc2c876 libfstools: Print error in case of loop blkdev failure

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 1e55171a1213472e180e9320d8b1d08621d2b8d5)

5 years agofstools: media change detection (eg:sdcard) using kernel polling
Matthias Badaire [Tue, 15 May 2018 22:07:37 +0000 (00:07 +0200)]
fstools: media change detection (eg:sdcard) using kernel polling

Linux kernel has a polling mechanism that can be activated by changing
the parameter /sys/module/block/parameters/events_dfl_poll_msecs which
is deactivated by default or the /sys/block/[device]/events_poll_msecs
for one device.

This patch set the events_poll_msecs when a disk is inserted.
Once the media disk change event is sent by the kernel then we force a
re-read of the devices using /sbin/block info.

With this patch, insertion and ejection of sd card will automatically
generate partition devices in /dev.

Signed-off-by: Matthias Badaire <mbadaire@gmail.com>
[rewrap commit message, fix bashisms, fix non-matching condition,
 bump pkg release]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit cf8483cb4ffc99bf3f512bb134860ccc8c099abe)

5 years agohostapd: fix multiple security problems
Hauke Mehrtens [Fri, 17 May 2019 21:22:02 +0000 (23:22 +0200)]
hostapd: fix multiple security problems

This fixes the following security problems:
* CVE-2019-9494:  cache attack against SAE
* CVE-2019-9495:  cache attack against EAP-pwd
* CVE-2019-9496:  SAE confirm missing state validation in hostapd/AP
* CVE-2019-9497:  EAP-pwd server not checking for reflection attack)
* CVE-2019-9498:  EAP-pwd server missing commit validation for scalar/element
* CVE-2019-9499:  EAP-pwd peer missing commit validation for scalar/element
* CVE-2019-11555: EAP-pwd message reassembly issue with unexpected fragment

Most of these problems are not relevant for normal users, SAE is only
used in ieee80211s mesh mode and EAP-pwd is normally not activated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
5 years agobrcm2708: Revert "staging: vc04_services: prevent integer overflow in create_pagelist()"
Matthias Schiffer [Thu, 20 Jun 2019 21:42:38 +0000 (23:42 +0200)]
brcm2708: Revert "staging: vc04_services: prevent integer overflow in create_pagelist()"

The bump to 4.9.181 broke build for bcm2708 and bcm2709. Revert the
offending patch.

The same revert is also queued for the next upstream 4.9.y release.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
5 years agogemini: 4.14: Fix up DNS-313 compatible string
Linus Walleij [Thu, 20 Jun 2019 11:19:06 +0000 (13:19 +0200)]
gemini: 4.14: Fix up DNS-313 compatible string

It's a simple typo in the DNS file, which was pretty serious.
No scripts were working properly. Fix it up.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[integrate into openwrt target]

5 years agobase-files: fix uci led oneshot/timer trigger
Robinson Wu [Tue, 4 Jun 2019 03:13:39 +0000 (11:13 +0800)]
base-files: fix uci led oneshot/timer trigger

This patch adds a missing type property which prevented
the creation of oneshot and timer led triggers when they
are specified in the /etc/board.d/01_leds files.

i.e.:

ucidef_set_led_timer "system" "system" "zhuotk:green:system" "1000" "1000"

Fixes: b06a286a4861 ("base-files: cleanup led functions in uci-defaults.sh")
Signed-off-by: Robinson Wu <wurobinson@qq.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[also fix oneshot as well]

5 years agokernel: bump 4.14 to 4.14.128
Koen Vandeputte [Wed, 19 Jun 2019 13:42:13 +0000 (15:42 +0200)]
kernel: bump 4.14 to 4.14.128

Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.14 to 4.14.127
Koen Vandeputte [Tue, 18 Jun 2019 10:29:16 +0000 (12:29 +0200)]
kernel: bump 4.14 to 4.14.127

Refreshed all patches.

Fixes:

- CVE-2019-11479
- CVE-2019-11478
- CVE-2019-11477

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.182
Koen Vandeputte [Tue, 18 Jun 2019 09:59:13 +0000 (11:59 +0200)]
kernel: bump 4.9 to 4.9.182

Refreshed all patches.

Fixes:

- CVE-2019-11479
- CVE-2019-11478
- CVE-2019-11477

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoRevert "ipq806x: fix EA8500 switch control"
Petr Štetiar [Tue, 18 Jun 2019 13:34:44 +0000 (15:34 +0200)]
Revert "ipq806x: fix EA8500 switch control"

There is a problem with the EA8500, the switch will not work after soft
reboot, the only way to get it working again is to power cycle it
manually.

There are probably several issues in the play, it's quite hard to fix it
without having access to the actual device, so I don't see any other
option now, then revert the offending commit.

Ref: PR#2047
Fixes: FS#2168 ("Switch no longer work after restart on Linksys EA8500")
Reported-by: Adam <424778940z@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
5 years agokernel: bump 4.14 to 4.14.126
Koen Vandeputte [Mon, 17 Jun 2019 10:37:18 +0000 (12:37 +0200)]
kernel: bump 4.14 to 4.14.126

Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agomvebu: fixes commit f63a1caf22cb
George Amanakis [Thu, 13 Jun 2019 04:03:38 +0000 (00:03 -0400)]
mvebu: fixes commit f63a1caf22cb

err_free_stats has been deprecated. Replace with err_netdev.

Compile-tested on: mvebu
Runtime-tested on: mvebu

Fixes: f63a1caf22cb ("kernel: bump 4.14 to 4.14.125")
Signed-off-by: George Amanakis <gamanakis@gmail.com>
[altered hashes]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: backport 4.18 patch adding DMI_PRODUCT_SKU
Rafał Miłecki [Mon, 17 Jun 2019 04:53:07 +0000 (06:53 +0200)]
kernel: backport 4.18 patch adding DMI_PRODUCT_SKU

It's needed for applying some hardware quirks. This fixes:
drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c:60:20: error: 'DMI_PRODUCT_SKU' undeclared here (not in a function); did you mean 'DMI_PRODUCT_UUID'?
    DMI_EXACT_MATCH(DMI_PRODUCT_SKU, "T8"),

Fixes: 2cd234d96bd7 ("mac80211: brcm: backport remaining brcmfmac 5.2 patches")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4d11c4c3784196ed3e5b5a1f81fa415d99ef32b0)

5 years agomac80211: brcmfmac: backport important fixes from kernel 5.2
Rafał Miłecki [Sun, 16 Jun 2019 19:44:51 +0000 (21:44 +0200)]
mac80211: brcmfmac: backport important fixes from kernel 5.2

1) Crash/Oops fixes
2) One-line patch for BCM43456 support
3) Fix communication with some specific FullMAC firmwares
4) Potential fix for "Invalid packet id" errors
5) Important helper for reporting FullMAC firmware crashes

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
5 years agokernel: mt29f_spinand: fix memory leak during page program
Mantas Pucka [Tue, 11 Jun 2019 14:08:48 +0000 (17:08 +0300)]
kernel: mt29f_spinand: fix memory leak during page program

Memory is allocated with devm_kzalloc() on every page program
and leaks until device is closed (which never happens).

Convert to kzalloc() and handle error paths manually.

Signed-off-by: Mantas Pucka <mantas@8devices.com>
5 years agouboot-fritz4040: update PKG_MIRROR_HASH
Christian Lamparter [Sat, 15 Jun 2019 16:51:54 +0000 (18:51 +0200)]
uboot-fritz4040: update PKG_MIRROR_HASH

the file on http://sources.openwrt.org/ has a different
PKG_MIRROR_HASH value.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
5 years agokernel: bump 4.14 to 4.14.125
Koen Vandeputte [Tue, 11 Jun 2019 13:49:53 +0000 (15:49 +0200)]
kernel: bump 4.14 to 4.14.125

Refreshed all patches.

Altered patches:
- 403-net-mvneta-convert-to-phylink.patch
- 410-sfp-hack-allow-marvell-10G-phy-support-to-use-SFP.patch

Compile-tested on: cns3xxx, imx6, mvebu
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.181
Koen Vandeputte [Tue, 11 Jun 2019 12:06:37 +0000 (14:06 +0200)]
kernel: bump 4.9 to 4.9.181

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: re-add bridge allow reception on disabled port
Chen Minqiang [Fri, 10 May 2019 11:13:07 +0000 (19:13 +0800)]
kernel: re-add bridge allow reception on disabled port

The "bridge allow reception on disabled port" implementation
was broken after these commits:

b765f4be407c ("kernel: bump 4.14 to 4.14.114")
456f486b53a7 ("kernel: bump 4.9 to 4.9.171")

This leads to issues when for example WDS is used, tied to a bridge:

[ 96.503771] wlan1: send auth to d4:5f:25:eb:09:82 (try 1/3)
[ 96.517956] wlan1: authenticated
[ 96.526209] wlan1: associate with d4:5f:25:eb:09:82 (try 1/3)
[ 97.086156] wlan1: associate with d4:5f:25:eb:09:82 (try 2/3)
[ 97.200919] wlan1: RX AssocResp from d4:5f:25:eb:09:82 (capab=0x11 status=0 aid=1)
[ 97.208706] wlan1: associated
[ 101.312913] wlan1: deauthenticated from d4:5f:25:eb:09:82 (Reason: 2=PREV_AUTH_NOT_VALID)

It seems upstream introduced a new patch, [1]
so we have to reimplement these patches properly:

target/linux/generic/pending-4.9/150-bridge_allow_receiption_on_disabled_port.patch
target/linux/generic/pending-4.14/150-bridge_allow_receiption_on_disabled_port.patch

[1] https://lkml.org/lkml/2019/4/24/1228

Fixes: b765f4be407c ("kernel: bump 4.14 to 4.14.114")
Fixes: 456f486b53a7 ("kernel: bump 4.9 to 4.9.171")
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
[updated commit message and title]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agorpcd: fix init script reload action
Jo-Philipp Wich [Thu, 6 Jun 2019 09:27:11 +0000 (11:27 +0200)]
rpcd: fix init script reload action

Drop the legacy start() and stop() procedures and define a proper
reload signal action instead.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f664d560df8e59f8d368273990462bba85a09668)

5 years agokernel: bump 4.14 to 4.14.123
Koen Vandeputte [Mon, 3 Jun 2019 11:41:17 +0000 (13:41 +0200)]
kernel: bump 4.14 to 4.14.123

Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.180
Koen Vandeputte [Mon, 3 Jun 2019 11:08:50 +0000 (13:08 +0200)]
kernel: bump 4.9 to 4.9.180

Refreshed all patches.

Compile-tested: ar71xx
Runtime-tested: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.14 to 4.14.122
Koen Vandeputte [Tue, 28 May 2019 10:09:41 +0000 (12:09 +0200)]
kernel: bump 4.14 to 4.14.122

Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.179
Koen Vandeputte [Tue, 28 May 2019 09:34:33 +0000 (11:34 +0200)]
kernel: bump 4.9 to 4.9.179

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoapm821xx: backport accepted linux-crypto patches
Christian Lamparter [Fri, 31 May 2019 17:30:00 +0000 (19:30 +0200)]
apm821xx: backport accepted linux-crypto patches

Rather than wait until the patches hit vanilla and
get backported via the stable kernel, this patch
patches the crypto4xx driver with the latest fixes
from the upstream linux-crypto tree.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
5 years agoopenssl: update to 1.0.2s
Eneas U de Queiroz [Sat, 1 Jun 2019 13:25:37 +0000 (15:25 +0200)]
openssl: update to 1.0.2s

Highlights of this version:
- Change default RSA, DSA and DH size to 2048 bit
- Reject invalid EC point coordinates
  This avoids CVE-2019-9498 and CVE-2019-9499 in hostapd

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
5 years agokernel: Fix arc kernel 4.14 build
Hauke Mehrtens [Sat, 18 May 2019 08:59:04 +0000 (10:59 +0200)]
kernel: Fix arc kernel 4.14 build

This fixes a patch for the ARC architecture.

This was found by the build bot.

Fixes: 810ee3b84a2b ("kernel: bump 4.14 to 4.14.104")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
5 years agocurl: Fix multiple security problems
Hauke Mehrtens [Fri, 17 May 2019 20:40:26 +0000 (22:40 +0200)]
curl: Fix multiple security problems

This fixes the following security problems:
* CVE-2018-14618: NTLM password overflow via integer overflow
* CVE-2018-16839: SASL password overflow via integer overflow
* CVE-2018-16840: use-after-free in handle close
* CVE-2018-16842: warning message out-of-buffer read
* CVE-2019-3823:  SMTP end-of-response out-of-bounds read
* CVE-2019-3822:  NTLMv2 type-3 header stack buffer overflow
* CVE-2018-16890: NTLM type-2 out-of-bounds buffer read

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
5 years agombedtls: update to version 2.16.1
Hauke Mehrtens [Fri, 17 May 2019 20:20:09 +0000 (22:20 +0200)]
mbedtls: update to version 2.16.1

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
5 years agokernel: bump 4.14 to 4.14.121
Koen Vandeputte [Fri, 24 May 2019 11:46:07 +0000 (13:46 +0200)]
kernel: bump 4.14 to 4.14.121

Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.178
Koen Vandeputte [Fri, 24 May 2019 07:59:45 +0000 (09:59 +0200)]
kernel: bump 4.9 to 4.9.178

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agouci: fix heap use after free (FS#2288)
Hans Dedecker [Thu, 23 May 2019 20:00:23 +0000 (22:00 +0200)]
uci: fix heap use after free (FS#2288)

f199b96 uci: fix options list of section after type change

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5 years agobrcm63xx: drop linux,part-probe usage where possible
Jonas Gorski [Sun, 29 Jul 2018 11:09:22 +0000 (13:09 +0200)]
brcm63xx: drop linux,part-probe usage where possible

It was present as 4.4 compatibility, but since we now use 4.9 or later
with the new upstream solution, we don't need it anymore.

This also fixes a serious regression introduced by ac9bcefa3b04, which
changed the precedence of linux,part-probe and the new-type partitions
node compatible string, causing caldata partitions to be overwritten.

Fixes: ac9bcefa3b04 ("kernel: use V10 of mtd patchset adding support for "compatible" string")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit 7880a6f7fee89efe9e5e4c707b59ba45f02e21cf)

5 years agobrcm63xx: drop own implementation of DT partitions in favour of upstream
Jonas Gorski [Sun, 29 Jul 2018 10:53:49 +0000 (12:53 +0200)]
brcm63xx: drop own implementation of DT partitions in favour of upstream

The binding works the same, so we can just drop the revert and the patch.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit abb28bec251a0b243dff87f87d09763792128349)

5 years agokernel: bump 4.14 to 4.14.120
Koen Vandeputte [Mon, 20 May 2019 08:32:50 +0000 (10:32 +0200)]
kernel: bump 4.14 to 4.14.120

Refreshed all patches.

Altered patches:
- 0067-generic-Mangle-bootloader-s-kernel-arguments.patch
- 006-mvebu-Mangle-bootloader-s-kernel-arguments.patch
- 996-generic-Mangle-bootloader-s-kernel-arguments.patch

Compile-tested on: cns3xxx, imx6, mvebu
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.177
Koen Vandeputte [Fri, 17 May 2019 12:34:09 +0000 (14:34 +0200)]
kernel: bump 4.9 to 4.9.177

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.14 to 4.14.119
Koen Vandeputte [Wed, 15 May 2019 11:32:44 +0000 (13:32 +0200)]
kernel: bump 4.14 to 4.14.119

Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.176
Koen Vandeputte [Wed, 15 May 2019 10:33:28 +0000 (12:33 +0200)]
kernel: bump 4.9 to 4.9.176

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoar71xx: Fix network setup for TP-Link Archer C25 v1
Adrian Schmutzler [Thu, 9 May 2019 15:02:36 +0000 (17:02 +0200)]
ar71xx: Fix network setup for TP-Link Archer C25 v1

Network for the Archer C25 v1 is set up without switch for no
obvious reason. The LED setup is even done switch-based.

This patch changes network setup so a switch is created.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>