RISCi_ATOM [Sat, 18 Apr 2020 20:38:06 +0000 (16:38 -0400)]
kernel: bump 4.14 to 4.14.176
Upstreamed:
- 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch
Fixes:
- CVE-2020-8647
- CVE-2020-8648 (potentially)
- CVE-2020-8649
Upstream ref. :
0232f57e1af6580542c0ed1ce1d76c7cd4084613
Josef Schlehofer [Sat, 22 Feb 2020 22:03:36 +0000 (23:03 +0100)]
mbedtls: update to version 2.16.5
Changelog:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released
Security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
36af1967f5fcfc889594a8af0f92f873f445d249)
Eneas U de Queiroz [Tue, 31 Mar 2020 20:51:45 +0000 (17:51 -0300)]
openssl: bump to 1.1.1f
There were two changes between 1.1.1e and 1.1.1f:
- a change in BN prime generation to avoid possible fingerprinting of
newly generated RSA modules
- the patch reversing EOF detection we had already applied.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
af5ccfbac74b859801cf174460fb8dbf9ed9e181)
RISCi_ATOM [Fri, 3 Apr 2020 11:06:17 +0000 (07:06 -0400)]
Fix README.md links
RISCi_ATOM [Fri, 3 Apr 2020 11:04:13 +0000 (07:04 -0400)]
Fix image links in docs/*
RISCi_ATOM [Tue, 31 Mar 2020 20:17:57 +0000 (16:17 -0400)]
Bump tor to 0.4.2.7
Fixes CVE-2020-10592 and init scripts.
RISCi_ATOM [Tue, 31 Mar 2020 05:29:23 +0000 (01:29 -0400)]
Bump libreCMC version to v1.5.1
RISCi_ATOM [Tue, 31 Mar 2020 03:46:47 +0000 (23:46 -0400)]
Bump Wireguard to 1.0.
20200330 / *-tools 1.0.
20200319
Hauke Mehrtens [Fri, 20 Mar 2020 18:07:31 +0000 (19:07 +0100)]
libpcap: Update shared-lib patch from Debian to fix linking problems
This updates the shared-lib patch to the recent version from debian
found here:
https://salsa.debian.org/rfrancoise/libpcap/-/blob/debian/1.9.1-2/debian/patches/shared-lib.diff
This patch makes it include missing/strlcpy.o to the shared library
which is needed for OpenWrt glibc builds, otherwise there is an
undefined symbol and tcpdump and other builds are failing.
Fixes:
44f11353de04 ("libpcap: update to 1.9.1")
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Jan Kardell [Fri, 20 Mar 2020 13:32:23 +0000 (14:32 +0100)]
readline: needs host depend on ncurses to build
We must ensure that host ncurses is build before host readline.
Signed-off-by: Jan Kardell <jan.kardell@telliq.com>
(cherry picked from commit
ecef29b29463e7549779e90739e61f8729ccaf09)
Robert Marko [Thu, 19 Mar 2020 11:22:07 +0000 (12:22 +0100)]
tools: squashfskit4: fix build with GCC10
In order to build squashfskit with GCC10, this backport from upstream is needed.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
[increase PKG_RELEASE]
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(cherry picked from commit
be4ed1db18e68cc57f03788b4529afbbf629411c)
Alexander Couzens [Sun, 22 Mar 2020 01:03:19 +0000 (02:03 +0100)]
squashfskit4/Makefile: introduce PKG_RELEASE=1
When adding patches, the PKG_RELEASE should be increased.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(cherry picked from commit
1f4020a293476d5e34461a655cb9f6540cefeea2)
Kevin Darbyshire-Bryant [Tue, 24 Mar 2020 11:05:27 +0000 (11:05 +0000)]
build: prereq: tidy gcc version checks
There is a restriction in the number of parameters(10) that may be passed to
the SetupHostCommand macro so continually adding explicit gcc'n' version
checks ends up breaking the compiler check for the later versions and
oddballs like Darwin as was done in
835d1c68a0 which added gcc10.
Drop all the explicitly specified gcc version checks. If a suitable gcc
compiler is not found, it may be specified at the dependency checking
stage after which that version will be symlinked into the build staging
host directory.
eg. 'CC=gccfoo CXX=g++foo make prereq'
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
1fb3c003d68d3feaf797e8b64edccc9fa622d250)
Robert Marko [Wed, 18 Mar 2020 18:39:43 +0000 (19:39 +0100)]
build: add GCC 10 version detection
Lets add GCC 10 detection to the build system as distributions like Fedora 32 have started shipping with it.
Some tools like mtd-utils need work to compile under GCC10, but that will be next step.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit
835d1c68a0f036c8b0d837a48b5a05fdfb2e8218)
RISCi_ATOM [Mon, 30 Mar 2020 04:36:50 +0000 (00:36 -0400)]
vpnc-script: enable reconnect
Based upon upstream package feed commit :
80ab3fdc49f965782dcf667e727a7111942a9560
Hauke Mehrtens [Sat, 21 Mar 2020 19:24:00 +0000 (20:24 +0100)]
mac80211: Update to version 4.19.112
The removed patches are all integrated in the upstream version now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Petr Štetiar [Sat, 28 Mar 2020 12:42:05 +0000 (13:42 +0100)]
procd: turn error into debug message for missing ujail binary
Since commit
557f11b3a20f ("instance: provide error feedback if ujail
binary is missing") worrying log spam of the form "unable to find
/sbin/jail ..." may be encountered.
This corresponds with the changes done in the upstream commit
bcb86554f1b4 ("instance: add 'requirejail' attribute").
Ref: https://forum.openwrt.org/t/openwrt-19-07-2-service-release/57066
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Jordan Sokolic [Thu, 19 Mar 2020 12:23:22 +0000 (14:23 +0200)]
dnsmasq: add 'scriptarp' option
Add option 'scriptarp' to uci dnsmasq config to enable --script-arp functions.
The default setting is false, meaning any scripts in `/etc/hotplug.d/neigh` intended
to be triggered by `/usr/lib/dnsmasq/dhcp-script.sh` will fail to execute.
Also enable --script-arp if has_handlers returns true.
Signed-off-by: Jordan Sokolic <oofnik@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
Eneas U de Queiroz [Fri, 27 Mar 2020 02:20:08 +0000 (23:20 -0300)]
openssl: revert EOF detection change in 1.1.1
This adds patches to avoid possible application breakage caused by a
change in behavior introduced in 1.1.1e. It affects at least nginx,
which logs error messages such as:
nginx[16652]: [crit] 16675#0: *358 SSL_read() failed (SSL: error:
4095126:SSL routines:ssl3_read_n:unexpected eof while reading) while
keepalive, client: xxxx, server: [::]:443
Openssl commits
db943f4 (Detect EOF while reading in libssl), and
22623e0 (Teach more BIOs how to handle BIO_CTRL_EOF) changed the
behavior when encountering an EOF in SSL_read(). Previous behavior was
to return SSL_ERROR_SYSCALL, but errno would still be 0. The commits
being reverted changed it to SSL_ERRO_SSL, and add an error to the
stack, which is correct. Unfortunately this affects a number of
applications that counted on the old behavior, including nginx.
The reversion was discussed in openssl/openssl#11378, and implemented as
PR openssl/openssl#11400.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
2e8a4db9b6b942e3180afda0dc0fd8ac506527f1)
Eneas U de Queiroz [Thu, 19 Mar 2020 19:12:15 +0000 (16:12 -0300)]
openssl: update to 1.1.1e
This version includes bug and security fixes, including medium-severity
CVE-2019-1551, affecting RSA1024, RSA1536, DSA1024 & DH512 on x86_64.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
dcef8d6093cd54aa990a5ae0099a16e88a18dfbd)
Jason A. Donenfeld [Sat, 21 Mar 2020 02:12:53 +0000 (20:12 -0600)]
wireguard: bump to 0.0.
20200318
WireGuard had a brief professional security audit. The auditors didn't find
any vulnerabilities, but they did suggest one defense-in-depth suggestion to
protect against potential API misuse down the road, mentioned below. This
compat snapshot corresponds with the patches I just pushed to Dave for
5.6-rc7.
* curve25519-x86_64: avoid use of r12
This buys us 100 extra cycles, which isn't much, but it winds up being even
faster on PaX kernels, which use r12 as a RAP register.
* wireguard: queueing: account for skb->protocol==0
This is the defense-in-depth change. We deal with skb->protocol==0 just fine,
but the advice to deal explicitly with it seems like a good idea.
* receive: remove dead code from default packet type case
A default case of a particular switch statement should never be hit, so
instead of printing a pretty debug message there, we full-on WARN(), so that
we get bug reports.
* noise: error out precomputed DH during handshake rather than config
All peer keys will now be addable, even if they're low order. However, no
handshake messages will be produced successfully. This is a more consistent
behavior with other low order keys, where the handshake just won't complete if
they're being used anywhere.
* send: use normaler alignment formula from upstream
We're trying to keep a minimal delta with upstream for the compat backport.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Rafał Miłecki [Wed, 11 Mar 2020 07:39:29 +0000 (08:39 +0100)]
kernel: backport out-of-memory fix for non-Ethernet devices
Doing up & down on non-Ethernet devices (e.g. monitor mode interface)
was consuming memory.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
ec8e8e2ef0826d82b4dfbd567a073b31dc27b764)
RISCi_ATOM [Mon, 16 Mar 2020 20:56:24 +0000 (16:56 -0400)]
Bump kernel to 4.14.174
Jo-Philipp Wich [Sat, 8 Feb 2020 10:34:41 +0000 (11:34 +0100)]
hostapd: remove erroneous $(space) redefinition
The $(space) definition in the hostapd Makefile ceased to work with
GNU Make 4.3 and later, leading to syntax errors in the generated
Kconfig files.
Drop the superfluous redefinition and reuse the working $(space)
declaration from rules.mk to fix this issue.
Fixes: GH#2713
Ref: https://github.com/openwrt/openwrt/pull/2713#issuecomment-
583722469
Reported-by: Karel Kočí <cynerd@email.cz>
Suggested-by: Jonas Gorski <jonas.gorski@gmail.com>
Tested-by: Shaleen Jain <shaleen@jain.sh>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
766e778226f5d4c6ec49ce22b101a5dbd4306644)
Adrian Schmutzler [Thu, 30 Jan 2020 13:59:25 +0000 (14:59 +0100)]
ath79: add gpio4 pinmux on TL-WR841N/ND v8, WR842N v2, MR3420 v2
This adds a pinmux to the shared DTSI for TP-Link TL-WR841N/ND v8,
TL-WR842N v2 and TL-MR3420 v2. It is supposed to be the equivalent
of:
/* config gpio4 as normal gpio function */
ath79_gpio_output_select(TL_MR3420V2_GPIO_USB_POWER,AR934X_GPIO_OUT_GPIO);
This allows to enable USB power on these devices.
While at it, move the jtag_disable_pins to &gpio node and remove the
redundant status=okay there.
Tested on TP-Link TL-WR842N v2.
Fixes: FS#2753
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Armin Fuerst <armin@fuerst.priv.at>
[backport: change individual DTS files, no mr3420-v2 present]
(backported from commit
18c95c9d6ebea5cef1254ee917bff8aba993666d)
Johann Neuhauser [Thu, 19 Dec 2019 12:07:17 +0000 (13:07 +0100)]
ath79: phy-ar7200-usb: adapt old behavior of arch/mips/ath79/dev-usb.c
[ Upstream commit
6cca6fffa06b1996f9bcc280f766e8ba4fa97d45 ]
Do not put usb-phy into reset if clearing the usb-phy reset or
setting the suspend_override has failed.
Reorder (de)asserts like in arch/mips/ath79/dev-usb.c.
Add an optional reset_control "usb-phy-analog", which is needed for
ar934x SoCs like in the old mach-driver arch/mips/ath79/dev-usb.c.
Tested-By: Lech Perczak <lech.perczak@gmail.com> [TL-WDR4300]
Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
[added reference to upstream commit, Tested-by]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Johann Neuhauser [Thu, 19 Dec 2019 12:11:26 +0000 (13:11 +0100)]
ath79: ar934x: use reset for usb-phy-analog
This was already available on ar71xx, but is missing on ath79.
This solves the slow usb speed on TP-Link WDR3600/WDR4300 and similar,
as reported in Flyspray [0], OpenWRT Forum [1] and GitHub PR [2].
[0] https://bugs.openwrt.org/index.php?do=details&task_id=2567
[1] https://forum.openwrt.org/t/usb-wdr4300-low-speed-on-external-storage/46794
[2] https://github.com/openwrt/openwrt/pull/964
Tested-By: Lech Perczak <lech.perczak@gmail.com> [TL-WDR4300]
Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
(cherry picked from commit
bda6b6144dbe3e12d128b500821799ef472de4cb)
Jo-Philipp Wich [Wed, 12 Feb 2020 17:00:42 +0000 (18:00 +0100)]
uhttpd: update to latest Git HEAD
2ee323c file: poke ustream after starting deferred program
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
04069fde19e86af7728111814afadf780bf08018)
RISCi_ATOM [Thu, 27 Feb 2020 21:28:18 +0000 (16:28 -0500)]
Bump kernel to 4.14.171 and refresh patches
Petr Štetiar [Thu, 20 Feb 2020 08:03:54 +0000 (09:03 +0100)]
ppp: backport security fixes
8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP
8d7970b8f3db pppd: Fix bounds check in EAP code
858976b1fc31 radius: Prevent buffer overflow in rc_mksid()
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
215598fd03899c19a9cd26266221269dd5ec8cee)
RISCi_ATOM [Sat, 15 Feb 2020 13:54:24 +0000 (08:54 -0500)]
Bump Wireguard to 0.0.
20200215
RISCi_ATOM [Fri, 14 Feb 2020 15:57:30 +0000 (10:57 -0500)]
Bump wireguard to 0.0.
20200214
Jason A. Donenfeld [Wed, 5 Feb 2020 13:46:46 +0000 (14:46 +0100)]
wireguard: bump to 0.0.
20200205
* compat: support building for RHEL-8.2
* compat: remove RHEL-7.6 workaround
Bleeding edge RHEL users should be content now (which includes the actual
RedHat employees I've been talking to about getting this into the RHEL kernel
itself). Also, we remove old hacks for versions we no longer support anyway.
* allowedips: remove previously added list item when OOM fail
* noise: reject peers with low order public keys
With this now being upstream, we benefit from increased fuzzing coverage of
the code, uncovering these two bugs.
* netns: ensure non-addition of peers with failed precomputation
* netns: tie socket waiting to target pid
An added test to our test suite for the above and a small fix for high-load CI
scenarios.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Jason A. Donenfeld [Tue, 28 Jan 2020 15:55:16 +0000 (16:55 +0100)]
wireguard: bump to 0.0.
20200128
This fixes a few small oversights for the 5.5 compat layer.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
RISCi_ATOM [Wed, 5 Feb 2020 13:57:33 +0000 (08:57 -0500)]
wireguard: bump to 0.0.
20200121
* Makefile: strip prefixed v from version.h
This fixes a mistake in dmesg output and when parsing the sysfs entry in the
filesystem.
* device: skb_list_walk_safe moved upstream
This is a 5.6 change, which we won't support here, but it does make the code
cleaner, so we make this change to keep things in sync.
* curve25519: x86_64: replace with formally verified implementation
This comes from INRIA's HACL*/Vale. It implements the same algorithm and
implementation strategy as the code it replaces, only this code has been
formally verified, sans the base point multiplication, which uses code
similar to prior, only it uses the formally verified field arithmetic
alongside reproducable ladder generation steps. This doesn't have a
pure-bmi2 version, which means haswell no longer benefits, but the
increased (doubled) code complexity is not worth it for a single
generation of chips that's already old.
Performance-wise, this is around 1% slower on older microarchitectures,
and slightly faster on newer microarchitectures, mainly 10nm ones or
backports of 10nm to 14nm. This implementation is "everest" below:
Xeon E5-2680 v4 (Broadwell)
armfazh: 133340 cycles per call
everest: 133436 cycles per call
Xeon Gold 5120 (Sky Lake Server)
armfazh: 112636 cycles per call
everest: 113906 cycles per call
Core i5-6300U (Sky Lake Client)
armfazh: 116810 cycles per call
everest: 117916 cycles per call
Core i7-7600U (Kaby Lake)
armfazh: 119523 cycles per call
everest: 119040 cycles per call
Core i7-8750H (Coffee Lake)
armfazh: 113914 cycles per call
everest: 113650 cycles per call
Core i9-9880H (Coffee Lake Refresh)
armfazh: 112616 cycles per call
everest: 114082 cycles per call
Core i3-8121U (Cannon Lake)
armfazh: 113202 cycles per call
everest: 111382 cycles per call
Core i7-8265U (Whiskey Lake)
armfazh: 127307 cycles per call
everest: 127697 cycles per call
Core i7-8550U (Kaby Lake Refresh)
armfazh: 127522 cycles per call
everest: 127083 cycles per call
Xeon Platinum 8275CL (Cascade Lake)
armfazh: 114380 cycles per call
everest: 114656 cycles per call
Achieving these kind of results with formally verified code is quite
remarkable, especialy considering that performance is favorable for
newer chips.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
RISCi_ATOM [Tue, 4 Feb 2020 18:07:38 +0000 (13:07 -0500)]
Update image links to reflect ar71xx -> ath79 change
RISCi_ATOM [Sat, 1 Feb 2020 02:55:09 +0000 (21:55 -0500)]
Mark v1.5.0a
RISCi_ATOM [Sat, 1 Feb 2020 02:54:42 +0000 (21:54 -0500)]
Update Tor to 0.4.2.6
RISCi_ATOM [Sat, 1 Feb 2020 02:15:47 +0000 (21:15 -0500)]
opkg: update to latest Git HEAD
80d161e opkg: Fix -Wformat-overflow warning
c09fe20 libopkg: fix skipping of leading whitespace when parsing checksums
Fixes: CVE-2020-7982
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
c69c20c6670081d1eaab000734d89de57eb64148)
RISCi_ATOM [Fri, 31 Jan 2020 14:02:07 +0000 (09:02 -0500)]
Fix default repository URL in base-files
RISCi_ATOM [Tue, 28 Jan 2020 05:35:44 +0000 (00:35 -0500)]
Fix git url in urngd
RISCi_ATOM [Tue, 28 Jan 2020 05:33:55 +0000 (00:33 -0500)]
mac80211: Update to version 4.19.98
The removed patches are all integrated in the upstream version now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Cherry-Picked from upstream :
f84981f6f8a404f6d0261b8250bc3875d6518ad0
Magnus Kroken [Sat, 25 Jan 2020 17:33:41 +0000 (18:33 +0100)]
mbedtls: update to 2.16.4
Fixes side channel vulnerabilities in mbed TLS' implementation of ECDSA.
Release announcement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released
Security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12
Fixes:
* CVE-2019-18222: Side channel attack on ECDSA
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit
6e96fd90471a49185bcfe9dcb4844d444674ecab)
Petr Štetiar [Fri, 24 Jan 2020 07:34:10 +0000 (08:34 +0100)]
procd: update to version 2020-01-24
Get only fix backports from openwr-19.07 procd branch:
31e4b2dfdbd7 state: fix reboot causing shutdown inside LXC container
557f11b3a20f instance: provide error feedback if ujail binary is missing
0a11aa405d3f instance: Fix instance_config_move_strdup() function
44dd9419812b instance: fix typo in error message
153820c76471 instance: fix pidfile and seccomp attributes double free
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Felix Fietkau [Thu, 23 Jan 2020 13:51:58 +0000 (14:51 +0100)]
hostapd: fix faulty WMM IE parameters with ETSI regulatory domains
hostapd sets minimum values for CWmin/CWmax/AIFS and maximum for TXOP.
The code for applying those values had a few bugs leading to bogus values,
which caused significant latency and packet loss.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Petr Štetiar [Mon, 20 Jan 2020 15:22:07 +0000 (16:22 +0100)]
libubox: update to version 2020-01-20
43a103ff17ee blobmsg: blobmsg_parse and blobmsg_parse_array oob read fixes
5c0faaf4f5e2 tests: prefer dynamically allocated buffers
1ffa41535369 blobmsg_json: prefer snprintf usage
132ecb563da7 blobmsg: blobmsg_vprintf: prefer vsnprintf
a2aab30fc918 jshn: prefer snprintf usage
b0886a37f39a cmake: add a possibility to set library version
a36ee96618a9 blobmsg: blobmsg_add_json_element() 64-bit values
f0da3a4283b7 blobmsg_json: fix int16 serialization
20a070f08139 tests: blobmsg/json: add more test cases
379cd33d1992 tests: include json script shunit2 based testing
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
5c73bb12c82c078d8a93cb896348b41598ed9e19)
Petr Štetiar [Sat, 18 Jan 2020 13:49:11 +0000 (14:49 +0100)]
fstools: backport fix from version 2020-01-18
Contains only the FS#2735 fix:
189b41b6b487 libblkid-tiny: fix f2fs labels by increasing label buffer
Commit adding new feature wasn't backported (needs patched kernel anyway):
f5c7c1813f52 fstools: Add support to read-only MTD partitions (eg. recovery images)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
63000bfaf7163d97ac6feb343c7587e3d339e65e)
Petr Štetiar [Tue, 21 Jan 2020 16:03:21 +0000 (17:03 +0100)]
urngd: update to version 2020-01-21
c7f7b6b65b82 Tag version 1.0.2
236b7a0aef21 Fix blocked entropy generation
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
3d8edd9bb4759f56df4482b3ed9c7fc26ed86028)
Petr Štetiar [Mon, 21 Oct 2019 08:37:51 +0000 (10:37 +0200)]
urngd: update to latest Git head
*
40f939d57c67 Tag version 1.0.1
*
9e758e6e6aec jitterentropy-rngd: update to version v1.1.0 + clang compile fix
*
193586a25adc Fix wrong types in format strings used in debug build
*
d474977bb611 Add initial GitLab CI support
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
ed67b137c748365d7a3be886a2f5309c3bc44c48)
RISCi_ATOM [Tue, 28 Jan 2020 05:00:40 +0000 (00:00 -0500)]
Bump kernel to 4.14.168 and refresh patches
RISCi_ATOM [Thu, 23 Jan 2020 18:51:10 +0000 (13:51 -0500)]
Revert to previous sqm-scripts version for luci compatiblity
RISCi_ATOM [Thu, 23 Jan 2020 07:15:15 +0000 (02:15 -0500)]
Add sqm-scripts* back to base
RISCi_ATOM [Fri, 17 Jan 2020 05:32:32 +0000 (00:32 -0500)]
Fix tpe-{r1100,r1200} u-boot environment bugs
RISCi_ATOM [Fri, 17 Jan 2020 05:29:42 +0000 (00:29 -0500)]
Add xl2tpd to base
Florian Eckert [Thu, 5 Dec 2019 10:33:38 +0000 (11:33 +0100)]
wireguard: skip peer config if public key of the peer is not defined
If a config section of a peer does not have a public key defined, the
whole interface does not start. The following log is shown
daemon.notice netifd: test (21071): Line unrecognized: `PublicKey='
daemon.notice netifd: test (21071): Configuration parsing erro
The command 'wg show' does only show the interface name.
With this change we skip the peer for this interface and emit a log
message. So the other peers get configured.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Eneas U de Queiroz [Wed, 15 Jan 2020 18:28:05 +0000 (15:28 -0300)]
cryptodev-linux: remove DEFAULT redefinition
The 'DEFAULT:=m if ALL' line prevents the phase1 buildbots from building
the package, and users from downloading it, since they use 'ALL_KMODS=y'
but 'ALL' is not set.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
9b25f833eb840527d07c47930de2c769115844f3)
Felix Fietkau [Mon, 13 Jan 2020 18:43:40 +0000 (19:43 +0100)]
mac80211: fix a page refcounting issue leading to leaks/crashes in rx A-MSDU decap
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit
9501469e1146c6d76b7dde6391479314897ba4d8)
Felix Fietkau [Mon, 13 Jan 2020 18:43:20 +0000 (19:43 +0100)]
mac80211: fix sta TID stats leak on a few nl80211 calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit
d5b3024139089e38f57bd1827273d7fba8497635)
Petr Štetiar [Thu, 19 Dec 2019 12:25:03 +0000 (13:25 +0100)]
ucert: update to version 2019-12-19
14a279411cff fix certificate blob parsing vulnerability by using blob_parse_untrusted
19a7225ac018 fix leaking memory in cert_dump_blob
9dba44ddd4f5 fix possibly garbage value returned in cert_process_revoker
4462ff9dedfa add cram based unit tests
5fe64b5606aa cmake: split usign bits into static library
5d7626a2b6d8 cmake: reindent the file
e284ed941972 cmake: enable hardening compiler flags and fix the reported issues
7e5390666347 add initial GitLab CI support
fa0bf4ef45b1 cmake: add proper include and library dependencies
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
2544cb1ba377149a8663c7ac4a625d5399993e33)
Matthias Schiffer [Tue, 7 Jan 2020 19:53:31 +0000 (20:53 +0100)]
ethtool: fix PKG_CONFIG_DEPENDS
Add missing CONFIG_ prefix.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
41c19dd542973dbc1336ecceaa32777506933cdf)
Hauke Mehrtens [Mon, 6 Jan 2020 15:21:25 +0000 (16:21 +0100)]
dnsmasq: Fix potential dnsmasq crash with TCP
This is a backport from the dnsmasq master which should fix a bug which
could cause a crash in dnsmasq.
I saw the following crashes in my log:
[522413.117215] do_page_fault(): sending SIGSEGV to dnsmasq for invalid read access from
2a001450
[522413.124464] epc =
004197f1 in dnsmasq[400000+23000]
[522413.129459] ra =
004197ef in dnsmasq[400000+23000]
This is happening in blockdata_write() when block->next is
dereferenced, but I am not sure if this is related to this problem or if
this is a different problem. I am unable to reproduce this problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
414d0541381d432e69190f394dfe2a6e8122d6bb)
Maxim Storchak [Wed, 25 Dec 2019 15:46:27 +0000 (17:46 +0200)]
ca-certificates: provide ca-certs by both ca-certificates and ca-bundle
- both packages provide ca-certs
- make ca-bundle the default provider
This should allow easy transition between these two forms of CA certificates storage
Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
(cherry picked from commit
dd299805ad18472a8245b4524a25e4381e166057)
Jo-Philipp Wich [Sun, 5 Jan 2020 17:40:22 +0000 (18:40 +0100)]
fstools: update to latest Git HEAD
823faa0 block: re-discover mtd devices on extroot mount retry
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
22a178e89282c7bd5bb181fc5c2c5cb6ff2403c8)
Petr Štetiar [Wed, 1 Jan 2020 11:43:45 +0000 (12:43 +0100)]
procd: update to version 2020-01-04
Contains following changes:
a5af33ce9a16 instance: strdup string attributes
d2e8bf6ef7cf system: watchdog_set: fix misleading indentation
9814807bd71c system: sysupgrade: fix possibly misleading error
c7a2db3c1eb6 system: sysupgrade: rework firmware validation
ea45c4a0f07c system: fix failing image validation due to EINTR
4fde95506243 cmake: fix lookup of external libraries
5ed190aae1b3 jail: remove accidentally added lines
52c5c1980ba3 jail: set user and group inside jail
3aa051b44177 system: sysupgrade: close input side of pipe before reading
f47622e89c4d instance: Warn about unexpected number of parameters
564ecdfd9cc4 instance: ujail: Fix allocated size for no_new_privs parameter
7fb2e1dfa221 procd: simplify code in procd_inittab_run
4a127c3c60af procd: replace exit(-1) with exit(EXIT_FAILURE)
bc0a73eaad58 procd: add upgraded binary to .gitignore
ba4c4dbbbd65 procd: add start-console support
3e39fe539490 procd: shift arguments for askfirst only once
5d6282906baf procd: skip respawn in case device disappeared
d27949f12fd7 procd: guard fork_worker calls
258aa04328a2 procd: Add cached and available to memory table
8e9fb51fa66e procd: Switch to nanosleep
c844ace9729a system: Fix possible integer overflows
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Sat, 28 Dec 2019 07:00:47 +0000 (08:00 +0100)]
ubus: update to version 2019-12-27
Contains following changes:
041c9d1c052b ubusd/libubus-io: fix socket descriptor passing
8f2292478c57 ci: enable unit testing
a1523d76b016 fix blob parsing vulnerability by using blob_parse_untrusted
c60583743ccf ubus_monitor: workaround possibly false positive uses of memory after it is freed
dac6c7c575ac ubusd_monitor: fix possible null pointer dereference
060dfbb26da3 ubus_common: remove duplicate ARRAY_SIZE and add missing include
c5f2053dfcfd workaround possibly false positive uses of memory after it is freed
72be8e93f07d lua: ubus_lua_do_subscribe: fix copy&paste error
a995b1e68129 lua: workaround false positive dereference of null pointer
08f17c87a000 add fuzzer and cram based unit tests
c413be9b376c refactor ubusd.c into reusable ubusd_library
afd47189e864 examples: remove dead increments
b2e544238672 add initial GitLab CI support
058f4e9526ed libubus: fix incompatible pointer types assigment
d2e026a33df8 iron out all extra compiler warnings
5d7ca8309d0a ubusd/libubus-io: fix variable sized struct position warning
d61282db5640 ubusd: fix comparison of integers of different signs
90fb16234c22 cmake: enable extra compiler checks
2e051f628996 ubus: Support static builds
588baa3cd784 ubusd: retry sending messages on EINTR
76ea27a62774 libubus: attempt to receive data before calling poll
4daab27d004f libubus: do not abort recv_retry before completing a message
and bumps ABI_VERSION to
20191227.
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Sat, 28 Dec 2019 20:22:04 +0000 (21:22 +0100)]
libubox: update to version 2019-12-28
Contains following changes:
cd75136b1342 blobmsg: fix wrong payload len passed from blobmsg_check_array
eb7eb6393d47 blobmsg: fix array out of bounds GCC 10 warning
86f6a5b8d1f1 blobmsg: reuse blobmsg_namelen in blobmsg_data
586ce031eaa0 tests: fuzz: fuzz _len variants of checking methods
b0e21553ae8c blobmsg: add _len variants for all attribute checking methods
cd3059796a57 Replace use of blobmsg_check_attr by blobmsg_check_attr_len
143303149c8b Ensure blob_attr length check does not perform out of bounds reads
f2b2ee441adb blobmsg: fix heap buffer overflow in blobmsg_parse
4dfd24ed88c4 blobmsg: make blobmsg_len and blobmsg_data_len return unsigned value
2df6d35e3299 tests: add test cases for blobmsg parsing
8a34788b46c4 test: fuzz: add blobmsg_check_attr crashes
478597b9f9ae blob: fix OOB access in blob_check_type
325418a7a3c0 tests: use blob_parse_untrusted variant
0b24e24b93e1 blob: introduce blob_parse_untrusted
6d27336e4a8b blob: refactor attr parsing into separate function
833d25797b16 test: fuzz: add blob_parse crashes
09ee90f8d6ed tests: add test cases for blob parsing
436d6363a10b tests: add libFuzzer based tests
bf680707acfd tests: add unit tests covered with Clang sanitizers
f804578847de cmake: add more hardening compiler flags
46f8268b4b5b blobmsg/ulog: fix format string compiler warnings
eb216a952407 cmake: use extra compiler warnings only on gcc6+
07413cce72e1 tests: jshn: add more test cases
26586dae43a8 jshn: fix missing usage for -p and -o arguments
8e832a771d3a jshn: fix off by one in jshn_parse_file
cb698e35409b jshn: jshn_parse: fix leaks of memory pointed to by 'obj'
c42f11cc7c0f jshn: main: fix leak of memory pointed to by 'vars'
93848ec96dc5 jshn: refactor main into smaller pieces
9b6ede0e5312 avl: guard against theoretical null pointer dereference
c008294a8323 blobmsg_json: fix possible uninitialized struct member
0003ea9c45cc base64: fix possible null pointer dereference
8baeeea1f52d add assert.h component
b0a5cd8a28bf add cram based unit tests
1fefb7c4d7f9 add initial GitLab CI support
c955464d7a9b enable extra compiler checks
6228df9de91d iron out all extra compiler warnings
and bumps ABI_VERSION to
20191228.
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
RISCi_ATOM [Thu, 16 Jan 2020 17:11:25 +0000 (12:11 -0500)]
Upgrade Tor to 0.4.2.5
RISCi_ATOM [Wed, 15 Jan 2020 18:55:39 +0000 (13:55 -0500)]
kernel: bump to 4.14.165 and refresh patches
Jason A. Donenfeld [Wed, 8 Jan 2020 22:37:41 +0000 (17:37 -0500)]
wireguard-tools: bump to 1.0.
20200102
* systemd: update documentation URL
* global: bump copyright
Usual house keeping.
* Makefile: DEBUG_TOOLS -> DEBUG and document
* Makefile: port static analysis check
* dns-hatchet: adjust path for new repo layout
* Makefile: rework automatic version.h mangling
These are some important-ish cleanups for downstream package maintainers that
should make packaging this a lot smoother.
* man: add documentation about removing explicit listen-port
Documentation improvement.
* wg-quick: linux: quote ifname for nft
This should fix issues with weirdly named ifnames and odd versions of nft(8).
* fuzz: find bugs in the config syntax parser
* fuzz: find bugs when parsing uapi input
These are two fuzzers that have been laying around without a repo for a while.
Perhaps somebody with enough compute power will find bugs with them.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Jason A. Donenfeld [Wed, 8 Jan 2020 22:37:40 +0000 (17:37 -0500)]
wireguard: bump to 0.0.
20200105
* socket: mark skbs as not on list when receiving via gro
Certain drivers will pass gro skbs to udp, at which point the udp driver
simply iterates through them and passes them off to encap_rcv, which is
where we pick up. At the moment, we're not attempting to coalesce these
into bundles, but we also don't want to wind up having cascaded lists of
skbs treated separately. The right behavior here, then, is to just mark
each incoming one as not on a list. This can be seen in practice, for
example, with Qualcomm's rmnet_perf driver. This lead to crashes on
OnePlus devices and possibly other Qualcomm 4.14 devices. But I fear
that it could lead to issues on other drivers on weird OpenWRT routers.
This commit is upstream in net-next as:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=
736775d06bac60d7a353e405398b48b2bd8b1e54
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Jason A. Donenfeld [Fri, 27 Dec 2019 14:41:12 +0000 (15:41 +0100)]
wireguard: bump to
20191226
As announced on the mailing list, WireGuard will be in Linux 5.6. As a
result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is
moving to its own wireguard-tools repo. Meanwhile, the out-of-tree
kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux-
compat repo. Yesterday, releases were cut out of these repos, so this
commit bumps packages to match. Since wg(8) and the compat kernel module
are versioned and released separately, we create a wireguard-tools
Makefile to contain the source for the new tools repo. Later, when
OpenWRT moves permanently to Linux 5.6, we'll drop the original module
package, leaving only the tools. So this commit shuffles the build
definition around a bit but is basically the same idea as before.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Kevin Darbyshire-Bryant [Tue, 24 Dec 2019 20:43:20 +0000 (20:43 +0000)]
wireguard: bump to
20191219
edad0d6 version: bump snapshot
0e38a3c compat: ipv6_dst_lookup_flow was backported to 5.3 and 5.4
2e52c41 wg-quick: linux: use already configured addresses instead of in-memory
3721521 tools: adjust wg.8 syntax for consistency in COMMANDS section
21a1498 wg-quick: linux: try both iptables(8) and nft(8) on teardown
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Kevin Darbyshire-Bryant [Tue, 17 Dec 2019 14:10:13 +0000 (14:10 +0000)]
wireguard: bump to 0.0.
20191212
1ec6ece version: bump snapshot
e13de91 main: remove unused include <linux/version.h>
72eb17c wg-quick: linux: support older nft(8)
1d8e978 global: fix up spelling
e02713e wg-quick: linux: add support for nft and prefer it
b4e3a83 compat: support building for RHEL-8.1 instead of RHEL-8.0
f29e3ac socket: convert to ipv6_dst_lookup_flow for 5.5
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Jason A. Donenfeld [Thu, 5 Dec 2019 10:59:41 +0000 (11:59 +0100)]
wireguard: bump to 0.0.
20191205
* wg-quick: linux: suppress error when finding unused table
This fixes a spurious warning messages seen with recent versions of iproute2
and kernels.
* wg-quick: linux: ensure postdown hooks execute
* wg-quick: linux: have remove_iptables return true
* wg-quick: linux: iptables-* -w is not widely supported
Adding in iptables had some hiccups. For the record, I'm very unhappy about
having to put any firewalling code into wg-quick(8). We'll of course need to
support nftables too at some point if this continues. I'm investigating with
upstream the possibility of adding a sysctl to patch the issue that iptables
is handling now, so hopefully at somepoint down the line we'll be able to shed
this dependency once again.
* send: use kfree_skb_list
* device: prepare skb_list_walk_safe for upstreaming
* send: avoid touching skb->{next,prev} directly
Suggestions from LKML.
* ipc: make sure userspace communication frees wgdevice
Free things properly on error paths.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Petr Štetiar [Tue, 31 Dec 2019 09:34:29 +0000 (10:34 +0100)]
base-files: sysupgrade: exit if the firmware download failed
Sysupgrade process shouldn't continue if the firmware image couldn't be
downloaded.
Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020940.html
Reported-by: Petr Novák <petrn@me.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
cf3da66d2ce11a30ae2993b56276ade10c9bddb9)
Eneas U de Queiroz [Thu, 26 Dec 2019 18:11:31 +0000 (15:11 -0300)]
wolfssl: bump to 4.3.0-stable
This update fixes many bugs, and six security vulnerabilities, including
CVE-2019-18840.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
d5ede68f8b67f8fa2b4102b90e5dd3722172299a)
RISCi_ATOM [Fri, 3 Jan 2020 22:23:10 +0000 (17:23 -0500)]
Fix default ntp servers to upstream until we set up our own
RISCi_ATOM [Fri, 27 Dec 2019 20:20:56 +0000 (15:20 -0500)]
Bump kernel to 4.14.160 ; refresh patches
RISCi_ATOM [Thu, 26 Dec 2019 03:56:19 +0000 (22:56 -0500)]
Fix default name when creating new wireless networks
Jo-Philipp Wich [Sun, 22 Dec 2019 20:30:02 +0000 (21:30 +0100)]
fstools: update to latest git HEAD
b4e25d5 libblkid-tiny: fix symbol collision with full libblkid
Fixes: FS#2691, FS#2692
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
5f4244150f99d7bf72a96ec4d9c1055386e66b53)
Rafał Miłecki [Fri, 20 Dec 2019 07:19:02 +0000 (08:19 +0100)]
fstools: update to latest git HEAD
111a43f libblkid-tiny: vfat: Change parsing label in special cases
f43a1aa libblkid-tiny: vfat: Fix reading labels which starts with byte 0x05
157924d libblkid-tiny: add blkid_probe_set_id_label() stub
0c5761f libblkid-tiny: use separated buffer for each block device read
b82c5c1 libblkid-tiny: add functions for allocating & freeing probe struct
12851d6 blockd: don't flush devices list on "hotplug" call
5ea47fe blockd: fix vlist memory corruption
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
4ebc9dc9c4faf8d9abc4197a74b892a66d9c1bcb)
Yousong Zhou [Sun, 3 Nov 2019 02:18:33 +0000 (02:18 +0000)]
fstools: bump to version 2019-11-03
2f2a09a block: mount_device: err log only when mp deviates from spec
da4edc1 block: mount_device: skip extroot earlier
32c3126 block: mount_action: handle mount/umount deps
fb0700f block: support hierarchical mount/umount
1212b5b block: umount: skip / unless -a is given
eda8b3f block: use fsck.fat instead of dosfsck
d05276d libblkid-tiny: ntfs: fix use-after-free
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit
e4af39d56395738d86daa4babb379ab605b4d277)
Hauke Mehrtens [Fri, 20 Sep 2019 23:02:11 +0000 (01:02 +0200)]
fstools: update to latest Git HEAD
4327ed4 mkdev: Avoid out of bounds read
9b3eb63 libblkid-tiny: use blkid_probe_set_utf8label for label set
c9d0462 libblkid-tiny: adds blkid_probe_set_utf8label support
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
541a3210707d1fc4b439ac61dc06816dcec2ab10)
Yousong Zhou [Sun, 3 Nov 2019 02:16:56 +0000 (02:16 +0000)]
libubox: bump to version 2019-10-29
It contains a single change to vlist.h header file: "vlist: add more
macros for loop iteration". This is needed for newer version of fstools
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit
51e76247762d265d4a4aac33456876b83b0cca25)
Roman Yeryomin [Mon, 21 Oct 2019 21:10:04 +0000 (00:10 +0300)]
libubox: update to latest git HEAD
eb30a03 libubox, jshn: add option to write output to a file
Signed-off-by: Roman Yeryomin <roman@advem.lv>
(cherry picked from commit
c0e7ec91a0927002942631bbc995b90f5f7dd7ed)
Sungbo Eo [Fri, 6 Dec 2019 13:49:16 +0000 (22:49 +0900)]
kernel: remove LINUX_4_9 dependency of kmod-dax
This patch resolves recursive dependency warning on a feed package:
$ make defconfig
Collecting package info: done
tmp/.config-package.in:104721:error: recursive dependency detected!
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:104721:symbol PACKAGE_nfs-kernel-server depends on NFS_KERNEL_SERVER_V4
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
feeds/packages/net/nfs-kernel-server/Config.in:4:symbol NFS_KERNEL_SERVER_V4 depends on PACKAGE_nfs-kernel-server
#
# configuration written to .config
#
19.07 branch uses kernel 4.14 only, so CONFIG_LINUX_4_9 symbol is not
needed anyway.
Ref: https://github.com/openwrt/packages/issues/10490
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Sungbo Eo [Fri, 6 Dec 2019 14:25:48 +0000 (23:25 +0900)]
kernel: fix *-gpio-custom module unloading
Unloading and reloading the modules fails, as platform_device_put() does not
release resources fully.
root@OpenWrt:/# insmod i2c-gpio-custom bus0=0,18,0,5
[ 196.860620] Custom GPIO-based I2C driver version 0.1.1
[ 196.871162] ------------[ cut here ]------------
[ 196.880517] WARNING: CPU: 0 PID: 1365 at fs/sysfs/dir.c:31 0x80112158
[ 196.893431] sysfs: cannot create duplicate filename '/devices/platform/i2c-gpio.0'
...
[ 197.513200] kobject_add_internal failed for i2c-gpio.0 with -EEXIST, don't try to register things with the same name in the same directory.
This patch fixes it by replacing platform_device_put() to
platform_device_unregister().
Fixes:
da7740853715 ("i2c-gpio-custom: minor bugfix")
Fixes:
3bc81edc70e8 ("package: fix w1-gpio-custom package (closes #6770)")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit
a22b7a60d98836343c4f7b9ec0fcae68d9131522)
Rosen Penev [Sun, 17 Nov 2019 21:42:04 +0000 (13:42 -0800)]
cmake: Install host packages to lib instead of lib64
Several CMake packages such as log4cplus and protobuf(-c) install to
lib64 instead of lib on some hosts. This completely breaks rpath linking.
Override it globally to avoid fixing each package individually.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit
383abffb1179a142b4c8f86559baad5b24d391c3)
Bjørn Mork [Tue, 19 Nov 2019 13:37:24 +0000 (14:37 +0100)]
adb: fix for SuperSpeed devices
The USB descriptor parsing in adb fails to detect SuperSpeed devices
because of the SuperSpeed Endpoint Companion Descriptor. This
cherry-picks the upstream fix for the problem.
Unfortunately there never were a release with this fix before the
conversion to C++, so upgrading to a newer version isn't an option.
This makes adb work with SuperSpeed devices like the Sierra Wireless
EM7565. Tested and verified.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
(cherry picked from commit
d034a1f4577108a465e8347d11a51dc0e5a29298)
Jeffery To [Mon, 18 Nov 2019 22:04:59 +0000 (06:04 +0800)]
toolchain/gcc: Backport patch to fix unconditional MULTIARCH_DIRNAME
This backports the patch for GCC PR target/89587 (gcc's rs6000
configuration unconditionally sets MULTIARCH_DIRNAME, even when
multiarch is disabled).
This currently affects apm821xx and may cause issues when
cross-compiling packages, e.g. Python 3[1].
This includes patches for GCC 8 (with the changelog diff removed);
this change is already included in GCC 9.2 and 7.5.
[1]: https://github.com/openwrt/packages/issues/10552
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
[Removed patch for GCC 7.4.0, GCC 7.5.0 already contains this]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
c102f702e7dc976c2ad2c04c0ce4462373e62365)
Yorkie Liu [Tue, 19 Nov 2019 05:41:10 +0000 (13:41 +0800)]
toolchain/gcc: correct the check expr for newer clang
This fixes gcc build error within clang 11.0, it tweaks the version
string from LLVM to clang.
Signed-off-by: Yorkie Liu <yorkiefixer@gmail.com>
(cherry picked from commit
65a561fd0919eafff2363ae8324db64be2a57f77)
Jo-Philipp Wich [Sun, 22 Dec 2019 21:50:00 +0000 (22:50 +0100)]
uhttpd: update to latest Git HEAD
5f9ae57 client: fix invalid data access through invalid content-length values
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
f34f9a414dd32311bda950776eb77e63c0c772cb)
RISCi_ATOM [Mon, 23 Dec 2019 17:14:53 +0000 (12:14 -0500)]
Bump version to v1.5.0; add package feed
Sungbo Eo [Sun, 15 Dec 2019 09:10:18 +0000 (18:10 +0900)]
ar71xx: fix MAC address setup for TL-WDR4300 board
The current ethernet MAC address setup of TL-WDR4300 board is different
from the setup of stock firmware:
OpenWrt: lan = label_mac -2, wan = label_mac -2
stock: lan = label_mac, wan = label_mac +1
This patch applies to all devices using TL-WDR4300 board:
TL-WDR3600 v1
TL-WDR4300 v1
TL-WDR4300 v1 (IL)
TL-WDR4310 v1
Mercury MW4530R v1
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit
9b02d32e34df2bb8821ec6f08f525bee22d0d1ba)
Sungbo Eo [Sun, 15 Dec 2019 09:11:45 +0000 (18:11 +0900)]
ath79: fix MAC address setup for TP-Link TL-WDR3600/TL-WDR4300
The current ethernet MAC address setup of TL-WDR4300 board is different
from the setup of stock firmware:
OpenWrt: lan = label_mac -2, wan = label_mac -2
stock: lan = label_mac, wan = label_mac +1
The full address assignment is as follows:
LAN label
WAN label + 1
5G label
2G label - 1
This patch changes all devices using TL-WDR4300 board:
TL-WDR3600 v1 (checked on device)
TL-WDR4300 v1 (checked on device)
TL-WDR4300 v1 (IL)
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[rephrase/extend commit title/message, backport]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
a4260eaab7744c8e3f1f7a62a61aab5e3b562342)
Daniel Golle [Mon, 9 Dec 2019 19:15:36 +0000 (20:15 +0100)]
sunxi: remove CONFIG_LEGACY_PTY from kernel config
Having legacy PTYs enabled causes problems with procd-hotplug.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
2105354968ed9698709d220ec446b6d9c27da3a5)
Daniel Golle [Mon, 9 Dec 2019 19:09:13 +0000 (20:09 +0100)]
uml: remove CONFIG_LEGACY_PTY from kernel config
Having legacy PTYs enabled causes problems with procd-hotplug.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
dcf48fda054c4bbc52f6106250a7e06ab8f5cbdd)
Hans Dedecker [Mon, 16 Dec 2019 20:14:11 +0000 (21:14 +0100)]
odhcpd: optimize syslog priority values
e53fec8 treewide: optimize syslog priority values
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Wed, 11 Dec 2019 21:27:26 +0000 (22:27 +0100)]
glibc: update to latest 2.27 commit (BZ #2503, BZ #2504)
bef0b1cb31 libio: Disable vtable validation for pre-2.1 interposed handles [BZ #25203]
4d5cfeb510 rtld: Check __libc_enable_secure before honoring LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204]
92f04eedb5 mips: Force RWX stack for hard-float builds that can run on pre-4.8 kernels
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Alin Nastac [Thu, 21 Nov 2019 13:06:18 +0000 (14:06 +0100)]
glibc: backport fix for regexec buffer read overrun
Problem found by AddressSanitizer[1]:
Latest `grep` (git commit
1019e6e) compiled with asan may cause a
heap-buffer-overflow when `-i` is specified.
./grep -i '\(\(\)*.\)*\(\)\(\)\1' /bin/chvt
=================================================================
==16206==ERROR: AddressSanitizer: heap-buffer-overflow on address
1. https://debbugs.gnu.org/34140
Ref: https://sourceware.org/bugzilla/show_bug.cgi?id=24114
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
[commit title and description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>