Hauke Mehrtens [Sun, 17 Nov 2019 22:59:37 +0000 (23:59 +0100)]
wireless-regdb: Make it build with python2
This backports a patch to build it work with python2 in addition to
python3.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
d3a8a62692b06b3e5fe7077a2ce641fbf09cdc19)
Zachary Riedlshah [Wed, 5 Jun 2019 10:58:19 +0000 (22:58 +1200)]
wireless-regdb: update to 2019.06.03
Fixes build issues on a python3 host (issues with the print statement
formatting in the current build).
Includes 100-regdb-write-firmware-file-format-version-code-20.patch and
other fixes.
Closes bugs.openwrt.org/index.php?do=details&task_id=1605.
Uses the tarball as requested.
Signed-off-by: Zachary Riedlshah <git@zacharyrs.me>
(cherry picked from commit
ef3f868da0d78adf2490a762ff567cf5b636c213)
Koen Vandeputte [Wed, 6 Nov 2019 12:38:51 +0000 (13:38 +0100)]
mac80211: backport upstream fixes
This potentially fixes some issues seen on IBSS
when interfaces go out of range and then re-appear.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Tue, 19 Nov 2019 10:08:45 +0000 (11:08 +0100)]
toolchain/gcc: bump to 7.5.0
This updates the GCC to the next minor release which fixes +213 bugs.
Tested on ARMv6, ARMv7, MIPS R2, x86
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
RISCi_ATOM [Mon, 2 Dec 2019 20:41:58 +0000 (15:41 -0500)]
Bump kernel to 4.14.154
Hauke Mehrtens [Mon, 18 Nov 2019 06:05:41 +0000 (07:05 +0100)]
mac80211: Adapt to changes to skb_get_hash_perturb()
The skb_get_hash_perturb() function now takes a siphash_key_t instead of
an u32. This was changed in commit
55667441c84f ("net/flow_dissector:
switch to siphash"). Use the correct type in the fq header file
depending on the kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit
eaa047179ad30d156d0c3da7ec225acfae7a9f00)
RISCi_ATOM [Thu, 28 Nov 2019 17:22:49 +0000 (12:22 -0500)]
Move net-snmp to its proper location
RISCi_ATOM [Mon, 18 Nov 2019 17:10:11 +0000 (12:10 -0500)]
Bump kernel to 4.14.152
Adrian Schmutzler [Thu, 14 Nov 2019 16:26:44 +0000 (17:26 +0100)]
ath79: fix sysupgrade from ar71xx for WNDR3700 V2 and WNDR3800(CH)
ar71xx has just one board name "wndr3700" for WNDR3700 V1/V2,
WNDR3800 and WNDR3800CH, whereas ath79 provides separate images for
the boards. So, update SUPPORTED_DEVICES to store the correct
ar71xx board names.
Fixes: FS#2510
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
fc44a8481cbf317febaf27a550e0c9fa49be68d5)
Sungbo Eo [Mon, 11 Nov 2019 16:16:28 +0000 (01:16 +0900)]
kernel: fix typo in fb-sys-fops autoload
AutoLoad parameter must match the exact kernel module name. Fix it.
Fixes:
125f1ce9ad0c ("kernel: video: add DRM core and IMX DRM support for HDMI/LVDS")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit
6990510aca41074351f92a5abc6f4afb4b606506)
Kyle Copperfield [Thu, 31 Oct 2019 20:03:39 +0000 (20:03 +0000)]
hostapd: add IEEE 802.11k support
Enables radio resource management to be reported by hostapd to clients.
Ref: https://github.com/lede-project/source/pull/1430
Co-developed-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
[removed the DMARC crap]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
87f9292300cf56ad17f44363ced213c59a95ef44)
Hauke Mehrtens [Sat, 7 Sep 2019 14:17:14 +0000 (16:17 +0200)]
hostapd: Add mesh support for wpad full
This increases the size of the binary slightly:
old:
427722 wpad-wolfssl_2019-08-08-
ca8c2bd2-1_mipsel_24kc.ipk
431696 wpad-openssl_2019-08-08-
ca8c2bd2-1_mipsel_24kc.ipk
new:
442109 wpad-wolfssl_2019-08-08-
ca8c2bd2-1_mipsel_24kc.ipk
445997 wpad-openssl_2019-08-08-
ca8c2bd2-1_mipsel_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
49cc712b44c76e99bfb716c06700817692975e05)
Hauke Mehrtens [Sat, 4 May 2019 12:02:07 +0000 (14:02 +0200)]
hostapd: use getrandom syscall
hostapd will not use the getrandom() syscall and as a fallback use
/dev/random, the syscall is supported since Linux 3.17 and in the musl,
glibc and uclibc version used by OpenWrt.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
998686364da7d002ba9f6dbb43cc5f32294dd4ab)
Hauke Mehrtens [Sat, 4 May 2019 00:01:15 +0000 (02:01 +0200)]
hostapd: Remove unneeded patch
All the content of this function is proceeded by IEEE8021X_EAPOL no code
accesses the ssid variable outside of this ifdef.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
0d86bf518aaefa57bef577d09a18aff03eccb70c)
Hauke Mehrtens [Fri, 3 May 2019 23:58:53 +0000 (01:58 +0200)]
hostapd: use config option CONFIG_NO_LINUX_PACKET_SOCKET_WAR
Instead of patching the workaround away, just use the config option.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
9b4a27455c17c00698ce7ce24e0bcad419c6319e)
Hauke Mehrtens [Sat, 10 Aug 2019 14:49:34 +0000 (16:49 +0200)]
hostapd: Update to version 2.9 (2019-08-08)
The size of the ipkgs increase a bit (between 0.7% and 1.1%):
old 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-
63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-
63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-
63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-
63962824-1_mipsel_24kc.ipk
new 2019-08-08 (2.9):
290217 wpad-basic_2019-08-08-
ca8c2bd2-1_mipsel_24kc.ipk
258745 wpad-mini_2019-08-08-
ca8c2bd2-1_mipsel_24kc.ipk
431732 wpad-openssl_2019-08-08-
ca8c2bd2-1_mipsel_24kc.ipk
427641 wpad-wolfssl_2019-08-08-
ca8c2bd2-1_mipsel_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
167028b750028ae3dac24f5ff96bbb1ba04e8bd7)
Hauke Mehrtens [Fri, 3 May 2019 23:52:25 +0000 (01:52 +0200)]
hostapd: Update to version 2.8 (2019-04-21)
This also syncs the configuration files with the default configuration
files, but no extra options are activated or deactivated.
The mesh patches were partially merged into hostapd 2.8, the remaining
patches were extracted from patchwork and are now applied by OpenWrt.
The patches still have open questions which are not fixed by the author.
They were taken from this page:
https://patchwork.ozlabs.org/project/hostap/list/?series=62725&state=*
The changes in 007-mesh-apply-channel-attributes-before-running-Mesh.patch
where first applied to hostapd, but later reverted in hostapd commit
3e949655ccc5 because they caused memory leaks.
The size of the ipkgs increase a bit (between 1.3% and 2.3%):
old 2018-12-02 (2.7):
283337 wpad-basic_2018-12-02-
c2c6c01b-11_mipsel_24kc.ipk
252857 wpad-mini_2018-12-02-
c2c6c01b-11_mipsel_24kc.ipk
417473 wpad-openssl_2018-12-02-
c2c6c01b-11_mipsel_24kc.ipk
415105 wpad-wolfssl_2018-12-02-
c2c6c01b-11_mipsel_24kc.ipk
new 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-
63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-
63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-
63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-
63962824-1_mipsel_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit
8af79550e6c280717660f66032d89d21007b15d2)
Jo-Philipp Wich [Fri, 20 Sep 2019 11:20:21 +0000 (13:20 +0200)]
hostapd: mirror ieee80211w ap mode defaults in station mode
For AP mode, OpenWrt automatically sets ieee80211w to either 1 or 2, depending
on whether the encryption is set to sae-mixed, or sae/owe/eap suite-b.
Mirror the same defaults for client mode connections, in order to allow an
OpenWrt station to associate to an OpenWrt ap with SAE, OWE or Suite-B encryption
without the need to manually specify "option ieee80211w" on the station.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
abb4f4075e791789fdb00731035e08a8cf51555f)
Jo-Philipp Wich [Fri, 20 Sep 2019 09:40:52 +0000 (11:40 +0200)]
hostapd: fix OWE settings in client mode
This changes fixes the generation of the wpa_supplicant client configuration
in WPA3 OWE client mode. Instead of incorrectly emitting key_mgmt=NONE, use
the proper key_mgmt=OWE setting instead.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
4209b28d23b8bf28575af5e8904194f49b81532e)
Leon M. George [Wed, 11 Sep 2019 13:22:55 +0000 (15:22 +0200)]
hostapd: declare struct wpa_bss early
wps_supplicant.h assumes that 'struct wpa_bss' is forward declared if
CONFIG_WPS is not defined. With the later inclusion of
600-ubus_support, the issue manifests in warnings like these:
wps_supplicant.h:113:15: warning: 'struct wpa_bss' declared inside parameter list will not be visible outside of this definition or declaration
struct wpa_bss *bss)
^~~~~~~
This patch forward declares 'struct wpa_bss' regardless.
Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
f974f8213b94578581b35e6b3f8fb1fd5a35f753)
Leon M. George [Wed, 11 Sep 2019 12:10:18 +0000 (14:10 +0200)]
hostapd: revert signature change in patch
The original wpa_hexdump uses a 'void *' for the payload. With patch
410-limit_debug_messages, the signature changes and compiler warnings
occur at various places. One such warning is:
wpa_debug.h:106:20: note: expected 'const u8 * {aka const unsigned char *}' but argument is of type 'struct wpa_eapol_key *'
Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
a123df275846b1b83aaf3d7488a1544f7c0e09aa)
Eneas U de Queiroz [Mon, 1 Jul 2019 16:40:01 +0000 (13:40 -0300)]
hostapd: adjust removed wolfssl options
This edjusts the selection of recently removed wolfssl options which
have always been built into the library even in their abscence.
Also remove the selection of libwolfssl itself, allowing the library to
be built as a module.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
94d131332b5adbcf885a92608c40a22b79b3c708)
Russell Senior [Tue, 12 Nov 2019 23:33:48 +0000 (15:33 -0800)]
base-files: add /usr/share/libubox/jshn.sh to sysupgrade stage2
Discovered recent changes had broken sysupgrade for ar71xx mikrotik
rb-493g, traced the problem to missing /usr/share/libubox/jshn.sh after
switching to tmpfs.
Signed-off-by: Russell Senior <russell@personaltelco.net>
Michal Cieslakiewicz [Wed, 6 Nov 2019 09:44:10 +0000 (10:44 +0100)]
ath79: update uboot-envtools for Netgear WNR routers
Boards added: WNR1000v2, WNR2000v3, WNR612v2, WNDR3700.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
(cherry picked from commit
d47b68700644f37084b82845e9557b1e9954f533)
[removed WNR1000v2/WNR2000v3 since not supported in 19.07]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Mon, 11 Nov 2019 18:03:20 +0000 (19:03 +0100)]
ath79: fix SUPPORTED_DEVICES for TP-Link TL-WR1043ND v3
In ar71xx, the board name for the TL-WR1043ND v3 is equal to v2:
tl-wr1043nd-v2
Fix SUPPORTED_DEVICES for v3 in ath79 accordingly.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
b5791118ccd3039cc9ef6fd3b1c4efcad6ab154f)
南浦月 [Thu, 19 Sep 2019 09:41:01 +0000 (17:41 +0800)]
ar71xx: fix tl-wdr3320-v2 upgrade
Fix the error that tl-wdr3320-v2 can't upgrade firmware via web
interface by using magic_ver="0200" for this device.
Signed-off-by: 南浦月 <nanpuyue@gmail.com>
[commit message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
0ff2385a92c0a31769fce954b7bd571d6114dbc8)
Michal Cieslakiewicz [Wed, 6 Nov 2019 09:43:14 +0000 (10:43 +0100)]
ar71xx: update uboot-envtools for Netgear WNR routers
Boards added: WNR1000v2, WNR2000v3, WNR2200, WNR612v2, WNDR4300.
Boards changed: WNDR3700 (u-boot env size is 2 sectors not 1).
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
(cherry picked from commit
11052900494ec8216b9b39ba0b24d5e036f4d323)
Adrian Schmutzler [Sun, 10 Nov 2019 23:15:36 +0000 (00:15 +0100)]
ath79: fix identifier for Nanostation M in ath9k caldata extraction
When Nanostation M was renamed from ubnt,nano-m to ubnt,nanostation-m
in commit
f1396ac753cc ("ath79: align naming of Ubiquiti Nanostation M"),
the caldata extraction in 10-ath9k-eeprom was overlooked.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
5dc535419fe5f59839686570545fc4180e14d545)
Jo-Philipp Wich [Sun, 10 Nov 2019 20:33:47 +0000 (21:33 +0100)]
rpcd: update to latest Git HEAD
77ad0de plugin: avoid truncating numeric values
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
aa89bdcd04676b21cbe3e8a7b8df3545a86d947a)
Eneas U de Queiroz [Wed, 6 Nov 2019 21:22:52 +0000 (18:22 -0300)]
wolfssl: update to v4.2.0-stable
Many bugs were fixed--2 patches removed here.
This release of wolfSSL includes fixes for 5 security vulnerabilities,
including two CVEs with high/critical base scores:
- potential invalid read with TLS 1.3 PSK, including session tickets
- potential hang with ocspstaping2 (always enabled in openwrt)
- CVE-2019-15651: 1-byte overread when decoding certificate extensions
- CVE-2019-16748: 1-byte overread when checking certificate signatures
- DSA attack to recover DSA private keys
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
f4853f7cca816214cd6e64cffe2b73d0b8c16def)
Eneas U de Queiroz [Thu, 12 Sep 2019 20:00:00 +0000 (17:00 -0300)]
wolfssl: allow building with hw-crytpo and AES-CCM
Hardware acceleration was disabled when AES-CCM was selected as a
workaround for a build failure. This applies a couple of upstream
patches fixing this.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
ab19627ecc3923687fd339f4f23dc45572d00ce0)
Jo-Philipp Wich [Tue, 5 Nov 2019 13:38:40 +0000 (14:38 +0100)]
ustream-ssl: update to latest Git HEAD
c9b6668 ustream-ssl: skip writing pending data if .eof is true after connect
Fixes: CVE-2019-5101, CVE-2019-5102
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
6f9157e6bdea91507af84acdf53da7c0e6879bc1)
Hauke Mehrtens [Fri, 1 Nov 2019 20:16:18 +0000 (21:16 +0100)]
ustream-ssl: Update to latest git HEAD
465f8dc wolfssl: adjust to new API in v4.2.0
3b06c65 Update example certificate & key, fix typo
1c38fd8 wolfssl: enable CN validation
33308ee ustream-io-cyassl.c: fix client-mode connections
79d91aa Remove CyaSSL, WolfSSL < 3.10.4 support
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
57ff06405e09ebce705c01178143c3ce907993b2)
RISCi_ATOM [Mon, 11 Nov 2019 20:33:50 +0000 (15:33 -0500)]
WIP: Change wording of README and add FAQ
The goal is to clarify what the project is, how to
get started using it and how to contribute to the project.
Future changes will include the addition of a Getting Started
page and some cleanup work on each supported device page.
Martin Schiller [Fri, 25 Oct 2019 07:22:29 +0000 (09:22 +0200)]
kernel: fix LED netdev trigger on interface rename
This fixes the netdev LED trigger for interfaces, which are renamed
during initialization (e.g. ppp interfaces).
Fixes: FS#2193
Fixes: FS#2239
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
edbadec843a77286d4f690a3641b7bca97f4c998)
Etienne Champetier [Fri, 8 Nov 2019 14:58:01 +0000 (06:58 -0800)]
build: cleanup possibly dangling Python 3 host symlink
When switching from master branch to 19.07 or older, we need to ensure
that Python symlink in staging bin directory points to Python 2.
We can't rely completly just on SetupHostCommand as its executed only in
cases when the $(STAGING_DIR_HOST)/bin/python doesn't already exist, so
we need to remove it before running SetupHostCommand.
This is a cherry-pick of
3b68fb57c938af3948ae4c2da61501183fbef649
with python3 instead of python2
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Etienne Champetier [Thu, 31 Oct 2019 10:54:59 +0000 (03:54 -0700)]
build: fixup python SetupHostCommand to use python2
Here is a way to break your build env without this patch:
1) have python point to python3, and no python2
2) start the build, SetupHostCommand will create a symlink
./staging_dir/host/bin/python -> /usr/bin/python
3) build fails on scons because it can't find any python2
4) install python2 and restart the build
5) the build fails on wireless-regdb compile because python is python3 instead of python
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Josef Schlehofer [Sun, 29 Sep 2019 09:21:29 +0000 (11:21 +0200)]
expat: Update to version 2.2.9
Fixes CVE-2019-15903
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
b4af2c689fc8736777940b7bbf009bb1672296ec)
Josef Schlehofer [Thu, 3 Oct 2019 19:23:00 +0000 (21:23 +0200)]
tools/e2fsprogs: Update to version 1.45.4
Fixes CVE-2019-5094
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
700e7a2eb9c515ffe4f3278857e538ea37cc5e56)
Hans Dedecker [Tue, 17 Sep 2019 20:45:41 +0000 (22:45 +0200)]
curl: bump to 7.66.0
Refresh patches, for changes in version 7.66.0 see https://curl.haxx.se/changes.html#7_66_0
Fixes CVEs:
CVE-2019-5481
CVE-2019-5482
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit
71cf4a272c9cf7d6e604e6327d0c94aeceac26e7)
David Bauer [Tue, 5 Nov 2019 21:28:39 +0000 (22:28 +0100)]
mac80211 ath9k: force QCA953x clock to 25MHz
The QCA953x only supports 25 MHz refclk, however some OEMs set an
invalid bootstrap value for the REF_CLK option, which would break the
clock detection in ath9k.
Force the QCA953x refclk to 25MHz in ath9k, as this is (according to the
datasheet) the only valid frequency.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit
4c6fe32468bc60cc25a8c298498c0be3c73e7378)
Adrian Schmutzler [Tue, 6 Aug 2019 10:20:05 +0000 (12:20 +0200)]
ar71xx: improve support for TP-Link CPE510 v2
This fixes commit
bae927c551fd ("ar71xx: add support for TP-LINK CPE510
V2.0") where the support for this device wasn't optimal.
Device support for the CPE510v2 so far has been a hack to enable
flashing with CPE510v1 images. Those even have different hardware (e.g.
additional ethernet port).
With this patch, we provide proper support for this device in ar71xx.
Installation:
- Flash factory image through stock firmware WEB UI or through TFTP
- To get to TFTP recovery just hold reset button while powering on
for around 4-5 seconds and release.
- Rename factory image to recovery.bin
- Stock TFTP server IP: 192.168.0.100
- Stock device TFTP address: 192.168.0.254
Fixes:
bae927c551fd ("ar71xx: add support for TP-LINK CPE510 V2.0")
Signed-off-by: Andrew Cameron <apcameron@softhome.net>
[Rebased onto revert commit, changed comments in mach-cpe510.c,
changed commit title and description, fixed eth0 MAC address,
removed eth1 initialization]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[squashed revert, added fixes tag]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
c79b796280fa5cd64bac663f9d5e5d9a737c30d6)
[added CPE510V2 entry to tplink-safeloader.c]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Adrian Schmutzler [Tue, 5 Nov 2019 12:05:29 +0000 (13:05 +0100)]
gitignore: ignore patches in OpenWrt root directory
This will have GIT ignore patches in root directory, as created
when using "git format-patch".
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
2c5413559880c54c5eec980121febfe6c7cd287a)
Jo-Philipp Wich [Tue, 5 Nov 2019 14:07:55 +0000 (15:07 +0100)]
ustream-ssl: backport fix for CVE-2019-5101, CVE-2019-5102
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
David Bauer [Mon, 28 Oct 2019 18:10:14 +0000 (19:10 +0100)]
hostapd: enable PMKSA and OK caching for WPA3-Personal
This enables PMKSA and opportunistic key caching by default for
WPA2/WPA3-Personal, WPA3-Personal and OWE auth types.
Otherwise, Apple devices won't connect to the WPA3 network.
This should not degrade security, as there's no external authentication
provider.
Tested with OCEDO Koala and iPhone 7 (iOS 13.1).
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit
3034f8c3b85e70b1dd9b4cd5cd33e9d2cd8be3b8)
Signed-off-by: David Bauer <mail@david-bauer.net>
Yousong Zhou [Mon, 4 Nov 2019 11:09:38 +0000 (11:09 +0000)]
scripts/dl_github_archive.py: fix python3 str, bytes confusion
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit
d26738bc767f48d2dee7097cbfc6d07ffeee58fb)
Jeff Kletsky [Wed, 2 Oct 2019 19:06:18 +0000 (12:06 -0700)]
ath79: Clean up GL-AR300M DTS/DTSI inclusions
Modify GL-AR300M-Lite and GL-AR300M (NOR):
* Include qca9531_glinet_gl-ar300m.dtsi directly
rather than qca9531_glinet_gl-ar300m-nor.dts
* Remove redundant inclusion of gpio.h and input.h
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
f5c7fe2ff0deb20f76b4d65195434e35cbb4e08a)
RISCi_ATOM [Sat, 2 Nov 2019 18:08:08 +0000 (14:08 -0400)]
Add initial ath79 TPE-R1200 support
Daniel Engberg [Sat, 23 Feb 2019 22:38:04 +0000 (22:38 +0000)]
libevent2: Update to 2.1.11
Update libevent to 2.1.11
Use CMake instead GNU Autotools
Backport following commits:
https://github.com/libevent/libevent/commit/
f05ba671931e2b4e38459899f6f63f79f99869fe
..and partially
https://github.com/libevent/libevent/commit/
7201062f3ef505a77baa6ccaf1cf73812462308a
to fix compilation
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit
f351beedfd47766e5e44a04af50e3724bec54dbc)
(resolves FS#2435)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Jo-Philipp Wich [Fri, 1 Nov 2019 07:32:52 +0000 (08:32 +0100)]
rpcd: update to latest Git HEAD
d442d62 plugin: fix double free in finish callback
ee26d83 main: exec_self: make clang analyzer happy
90e40bd file: exec: properly free memory on error
9ecfada uci: free configs list memory on return
32fba36 exec: always call finish_cb to allow plugin to free up memory
ca3e2d5 plugin: do not free method name separately
02c6e1d exec: properly free memory on rpc_exec() error
cc50263 plugin: exec: properly free memory on parse error
bd0ed25 uci: reset uci_ptr flags when merging set operations
37aa919 plugin: fix leaking invoked method name for exec plugins
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
c2675bb0cef373ff59fcc2dbd77471d244bbc774)
RISCi_ATOM [Thu, 31 Oct 2019 19:57:15 +0000 (15:57 -0400)]
Bump kernel to 4.14.151
Yousong Zhou [Wed, 30 Oct 2019 12:41:34 +0000 (12:41 +0000)]
kernel: mark kmod-usb-serial-wwan as hidden
The kconfig symbol is an invisible one since its introduction. It is
not supposed to be enabled on its own.
Resolves FS#1821
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit
4bf9bec361699e1c033460964158531adf15d7ee)
Felix Fietkau [Sat, 28 Sep 2019 13:57:58 +0000 (15:57 +0200)]
mac80211: add an improved moving average algorithm to minstrel
Improves rate control responsiveness and performance
Signed-off-by: Felix Fietkau <nbd@nbd.name>
[reworked to apply on 4.19.79 mac80211 + renumbered + refreshed]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
RISCi_ATOM [Fri, 25 Oct 2019 16:57:57 +0000 (12:57 -0400)]
Bump Wireguard to 0.0.
20191012
RISCi_ATOM [Wed, 23 Oct 2019 16:50:08 +0000 (12:50 -0400)]
Bump kernel to 4.14.150
Eneas U de Queiroz [Tue, 1 Oct 2019 13:50:34 +0000 (10:50 -0300)]
openssl: Add engine configuration to openssl.cnf
This adds engine configuration sections to openssl.cnf, with a commented
list of engines. To enable an engine, all you have to do is uncomment
the engine line.
It also adds some useful comments to the devcrypto engine configuration
section. Other engines currently don't have configuration commands.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
cebf024c4d9fd761e55383a582f7e29ac7cc921c)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
DENG Qingfang [Sat, 12 Oct 2019 16:29:13 +0000 (00:29 +0800)]
tcpdump: update to 4.9.3
Fixed CVEs:
CVE-2017-16808
CVE-2018-10103
CVE-2018-10105
CVE-2018-14461
CVE-2018-14462
CVE-2018-14463
CVE-2018-14464
CVE-2018-14465
CVE-2018-14466
CVE-2018-14467
CVE-2018-14468
CVE-2018-14469
CVE-2018-14470
CVE-2018-14879
CVE-2018-14880
CVE-2018-14881
CVE-2018-14882
CVE-2018-16227
CVE-2018-16228
CVE-2018-16229
CVE-2018-16230
CVE-2018-16300
CVE-2018-16301
CVE-2018-16451
CVE-2018-16452
CVE-2019-15166
CVE-2019-15167
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit
394273c066b8f4317b77f3ede216cfcdd45250c1)
DENG Qingfang [Sat, 12 Oct 2019 16:28:32 +0000 (00:28 +0800)]
libpcap: update to 1.9.1
Fixed CVEs:
CVE-2018-16301
CVE-2019-15161
CVE-2019-15162
CVE-2019-15163
CVE-2019-15164
CVE-2019-15165
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit
44f11353de044834a442d3192b66579b99305720)
Sungbo Eo [Tue, 8 Oct 2019 14:25:03 +0000 (23:25 +0900)]
kernel: fix typos in video KernelPackage description
Fixes:
4b3d17b709a5 ("kernel: add kmod-fb-sys-ram")
Fixes:
b774acb47912 ("package/modules: add missing gspca video drivers for 2.6.32 (patch from #6595)")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit
9f73fad359663fef4decc7440796ec7d3b2b70f7)
Rosen Penev [Mon, 7 Oct 2019 22:59:52 +0000 (15:59 -0700)]
uClibc++: Fix three bugs
The first allows usage of several functions in the std namespace, which
broke compilation of gddrescue specifically with uClibc-ng and uClibc++.
The second allows usage of long long with normal C++11, which is part of
the standard. Before, std=gnu++11 needed to be passsed to work around it.
As a result of the second patch, the pedantic patch can safely be removed.
Both patches are upstream backports.
Added -std=c++11 to CFLAGS to guarentee proper inclusion of long long.
Added another patch that fixes a typo with the long long support. Sent to
upstream.
Fixed up license information according to SPDX.
Small cleanups for consistency.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
6ab386c9bc23420816fbcefc84b62cf5438b2c66)
Eneas U de Queiroz [Mon, 7 Oct 2019 21:02:38 +0000 (18:02 -0300)]
hostapd: adjust to removal of WOLFSSL_HAS_AES_GCM
WolfSSL is always built with AES-GCM support now.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
ee5a3f6d605602bbff57cde337235088cf9c3ffa)
Ali MJ Al-Nasrawy [Wed, 25 Sep 2019 14:47:12 +0000 (17:47 +0300)]
trelay: fix deadlock on remove
Upon writing to "remove" file, debugfs_remove_recursive() blocks while
holding rtnl_lock. This is because debugfs' file_ops callbacks are
executed in debugfs_use_file_*() context which prevents file removal.
Fix this by only flagging the device for removal and then do the cleanup
in file_ops.release callback which is executed out of that context.
Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
(cherry picked from commit
c2635b871d1dd03a6608a9255222672decd49e09)
Ali MJ Al-Nasrawy [Wed, 25 Sep 2019 14:47:11 +0000 (17:47 +0300)]
trelay: handle netdevice events correctly
Since v3.11, netdevice notification data are of type
"struct netdev_notifier_info". Handle it as such!
This should fix a critical bug in which devices are unable get released
because trelay does not release resources in response to UNREGISTER
event spamming the log with something like:
unregister_netdevice: waiting for eth0.1 to become free. Usage count = 1
Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
(cherry picked from commit
77cfc0739d30c1282f7de24d2ec086d244e34bb7)
leo chung [Wed, 16 Oct 2019 04:22:55 +0000 (12:22 +0800)]
bzip2: add linker option LDFLAGS
if gcc not linker whith this LDFLAGS, "file libbz2.so.1.0.8" will
recognize as pie executable ELF file ( which should be shared object).
this because the file command version before 5.36 not recognize
correctly.
Signed-off-by: leo chung <gewalalb@gmail.com>
(cherry picked from commit
56ab58fb6ce29329963619d5a4fffa9d5828176e)
Ilya Gordeev [Sat, 12 Oct 2019 18:10:09 +0000 (23:10 +0500)]
tplink-safeloader: fix compilation warnings
Signed-off-by: Ilya Gordeev <Mirraz@users.noreply.github.com>
(cherry picked from commit
5daf09435311922cad32b66b75d13b9367db62f7)
Hauke Mehrtens [Sat, 12 Oct 2019 08:57:51 +0000 (10:57 +0200)]
mac80211: Update to version 4.19.79
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Paul Spooren [Sun, 13 Oct 2019 19:53:40 +0000 (09:53 -1000)]
build: add buildinfo as single Makefile target
The prepare target was added some 11 years ago to build tools and
toolchain and was recently extended to create buildinfo files for
reproducibility, meaning {feeds,version,config}.buildinfo.
As the buildbot workflow is more complex than the single prepare (kmod
feed insertion), prepare is only used to create those buildinfo files.
Running prepare however runs `target/compile` as well, taking time even
everything is already compiled.
Splitting this allows the buildbot to run only the `buildinfo` target
while others can still use the convenience feature `prepare`.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit
6caf437652d858e5795ee16bdaf9f0436d2488f9)
Jo-Philipp Wich [Sat, 21 Sep 2019 13:03:48 +0000 (15:03 +0200)]
rpcd: update to latest Git HEAD
95f0973 file: increase minimum read buffer size to 4096 bytes
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
2a603cfcfccc4b20b10b7992bc07be0945345ed9)
Jo-Philipp Wich [Tue, 10 Sep 2019 13:25:12 +0000 (15:25 +0200)]
rpcd: update to latest Git HEAD
e2a7bc4 iwinfo: add WPA3 support
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
d6a405280f0156a2dad7d9cfa96695d53ed87dab)
Jo-Philipp Wich [Sun, 8 Sep 2019 16:48:15 +0000 (18:48 +0200)]
rpcd: update to latest Git HEAD
69eeb1b file: refactor message parsing and permission checking
f65527a iwinfo: expose all rate info fields in assoclist reply
7fec636 sys: fix symbol redeclaration
27c24c7 rpcd: sys: actually move timespec declaration
345363b file: add remove operation
604db20 rpcd: Switch to nanosleep
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
2f9f8769e334d2e8d0bac4edadbcf6bcdd229519)
Jo-Philipp Wich [Thu, 17 Oct 2019 14:59:11 +0000 (16:59 +0200)]
fwtool: do not omit final 16 byte when image does not contain signature
The fwutil command will interpret the final 16 byte of a given firmware
image files as "struct fwimage_trailer".
In case these bytes do look like a valid trailer, we must ensure that we
print them out along with the remainder of the image to not accidentally
truncate non-trailer-images by 16 bytes when they're piped through fwtool,
e.g. as part of an image verification command sequence.
Some command sequences pipe images through fwtool in order to strip any
possible metadata, certificate or signature trailers and do not expect
bare images without any of that metadata to get truncated as other non-
fwtool specific metadata is expected at the end of the file, e.g. an
information block with an md5sum in case of the combined image format.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
889b841048c5eb7f975135cab363f1fdd9b6cfa1)
Jo-Philipp Wich [Wed, 16 Oct 2019 14:48:40 +0000 (16:48 +0200)]
iwinfo: update to latest Git HEAD
07315b6 nl80211: handle hidden SSIDs in wpa_supplicant scan results
3ac846e lua: fix string description of mixed WPA3 modes
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
bc61458b73c04f900c358be8b7ed37c84298472a)
RISCi_ATOM [Tue, 15 Oct 2019 17:35:05 +0000 (13:35 -0400)]
Bump v1.5.0 to RC3
RISCi_ATOM [Tue, 15 Oct 2019 17:03:05 +0000 (13:03 -0400)]
Bump kernel to 4.14.149 w/ Patch refresh
Koen Vandeputte [Mon, 14 Oct 2019 15:37:28 +0000 (17:37 +0200)]
gdb: bump to 8.3.1
GDB 8.3.1 brings the following fixes and enhancements over GDB 8.3:
PR c++/20020 (GDB segfault on printing objects)
PR gdb/24454 (nat/x86-linux-dregs.c failed assertion)
PR breakpoints/24541 (Incorrect evaluation of systemtap probes due to register being signed and probe expression assuming unsigned)
PR symtab/24545 (Symbol loading performance regression with cc1)
PR gdb/24592 (amd64->i386 linux syscall restart problem)
PR gdb/25009 (terminate called after throwing an instance of 'srchilite::ParserException')
PR gdb/25010 (Calls to error () can cause SIGTTOU to send gdb to the background)
PR breakpoints/25011 (Breakpoints on file reloads broken for PIE binaries)
This corrective release also brings the following testsuite fixes and
enhancements:
PR testsuite/25005 (gdb-caching-proc.exp takes a lot of time on skip_opencl_tests)
PR testsuite/25016 (Test-case failures for -pie)
GDB 8.3 includes the following changes and enhancements:
* Support for new native configurations (also available as a target configuration):
- RISC-V GNU/Linux (riscv*-*-linux*)
- RISC-V FreeBSD (riscv*-*-freebsd*)
* Support for new target configurations:
- CSKY ELF (csky*-*-elf)
- CSKY GNU/Linux (csky*-*-linux)
- NXP S12Z ELF (s12z-*-elf)
- OpenRISC GNU/Linux (or1k*-*-linux*)
* Native Windows debugging is only supported on Windows XP or later.
* The Python API in GDB now requires Python 2.6 or later.
* GDB now supports terminal styling for the CLI and TUI.
Source highlighting is also supported by building GDB with GNU
Highlight.
* Experimental support for compilation and injection of C++ source
code into the inferior (requires GCC 7.1 or higher, built with
libcp1.so).
* GDB and GDBserver now support IPv6 connections.
* Target description support on RISC-V targets.
* Various enhancements to several commands:
- "frame", "select-frame" and "info frame" commands
- "info functions", "info types", "info variables"
- "info thread"
- "info proc"
- System call alias catchpoint support on FreeBSD
- "target remote" support for Unix Domain sockets.
* Support for displaying all files opened by a process
* DWARF index cache: GDB can now automatically save indices of DWARF
symbols on disk to speed up further loading of the same binaries.
* Various GDB/MI enhancements.
* GDBserver on PowerPC GNU/Linux now supports access to the PPR,
DSCR, TAR, EBB/PMU, and HTM registers.
* Ada task switching support when debugging programs built with
the Ravenscar profile added to aarch64-elf.
* GDB in batch mode now exits with status 1 if the last executed
command failed.
* Support for building GDB with GCC's Undefined Behavior Sanitizer.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Mon, 14 Oct 2019 14:09:08 +0000 (16:09 +0200)]
toolchain/gdb: bump to 8.3.1
GDB 8.3.1 brings the following fixes and enhancements over GDB 8.3:
PR c++/20020 (GDB segfault on printing objects)
PR gdb/24454 (nat/x86-linux-dregs.c failed assertion)
PR breakpoints/24541 (Incorrect evaluation of systemtap probes due to register being signed and probe expression assuming unsigned)
PR symtab/24545 (Symbol loading performance regression with cc1)
PR gdb/24592 (amd64->i386 linux syscall restart problem)
PR gdb/25009 (terminate called after throwing an instance of 'srchilite::ParserException')
PR gdb/25010 (Calls to error () can cause SIGTTOU to send gdb to the background)
PR breakpoints/25011 (Breakpoints on file reloads broken for PIE binaries)
This corrective release also brings the following testsuite fixes and
enhancements:
PR testsuite/25005 (gdb-caching-proc.exp takes a lot of time on skip_opencl_tests)
PR testsuite/25016 (Test-case failures for -pie)
GDB 8.3 includes the following changes and enhancements:
* Support for new native configurations (also available as a target configuration):
- RISC-V GNU/Linux (riscv*-*-linux*)
- RISC-V FreeBSD (riscv*-*-freebsd*)
* Support for new target configurations:
- CSKY ELF (csky*-*-elf)
- CSKY GNU/Linux (csky*-*-linux)
- NXP S12Z ELF (s12z-*-elf)
- OpenRISC GNU/Linux (or1k*-*-linux*)
* Native Windows debugging is only supported on Windows XP or later.
* The Python API in GDB now requires Python 2.6 or later.
* GDB now supports terminal styling for the CLI and TUI.
Source highlighting is also supported by building GDB with GNU
Highlight.
* Experimental support for compilation and injection of C++ source
code into the inferior (requires GCC 7.1 or higher, built with
libcp1.so).
* GDB and GDBserver now support IPv6 connections.
* Target description support on RISC-V targets.
* Various enhancements to several commands:
- "frame", "select-frame" and "info frame" commands
- "info functions", "info types", "info variables"
- "info thread"
- "info proc"
- System call alias catchpoint support on FreeBSD
- "target remote" support for Unix Domain sockets.
* Support for displaying all files opened by a process
* DWARF index cache: GDB can now automatically save indices of DWARF
symbols on disk to speed up further loading of the same binaries.
* Various GDB/MI enhancements.
* GDBserver on PowerPC GNU/Linux now supports access to the PPR,
DSCR, TAR, EBB/PMU, and HTM registers.
* Ada task switching support when debugging programs built with
the Ravenscar profile added to aarch64-elf.
* GDB in batch mode now exits with status 1 if the last executed
command failed.
* Support for building GDB with GCC's Undefined Behavior Sanitizer.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit
942f020bf4d0f49e4c5586a59ddf21c00e9d8bbe)
Koen Vandeputte [Mon, 14 Oct 2019 12:51:23 +0000 (14:51 +0200)]
toolchain/musl: bump to version 1.1.24
1.1.24 release notes
new features:
- GLOB_TILDE extension to glob
- non-stub catgets localization API, using netbsd binary catalog format
- posix_spawn file actions for [f]chdir (extension, pending future standard)
- secure_getenv function (extension)
- copy_file_range syscall wrapper (Linux extension)
- header-level support for new linux features in 5.2
performance:
- new fast path for lrint (generic C version) on 32-bit archs
major internal changes:
- functions involving time are overhauled to be time64-ready in 32-bit archs
- x32 uses the new time64 code paths to replace nasty hacks in syscall glue
compatibility & conformance:
- support for powerpc[64] unaligned relocation types
- powerpc[64] and sh sys/user.h no longer clash with kernel asm/ptrace.h
- select no longer modifies timeout on failure (or at all)
- mips64 stat results are no longer limited to 32-bit time range
- optreset (BSD extension) now has a public declaration
- support for clang inconsistencies in wchar_t type vs some 32-bit archs
- mips r6 syscall asm no longer has invalid lo/hi register clobbers
- vestigial asm declarations of __tls_get_new are removed (broke some tooling)
- riscv64 mcontext_t mismatch glibc's member naming is corrected
bugs fixed:
- glob failed to match broken symlinks consistently
- invalid use of interposed calloc to allocate initial TLS
- various dlsym symbol resolution logic errors
- semctl with SEM_STAT_ANY didn't work
- pthread_create with explicit scheduling was subject to priority inversion
- pthread_create failure path had data race for thread count
- timer_create with SIGEV_THREAD notification had data race getting timer id
- wide printf family failed to support l modifier for float formats
arch-specific bugs fixed:
- x87 floating point stack imbalance in math asm (i386-only CVE-2019-14697)
- x32 clock_adjtime, getrusage, wait3, wait4 produced junk (struct mismatches)
- lseek broken on x32 and mipsn32 with large file offsets
- riscv64 atomics weren't compiler barriers
- riscv64 atomics had broken asm constraints (missing earlyclobber flag)
- arm clone() was broken when compiled as thumb if start function returned
- mipsr6 setjmp/longjmp did not preserve fpu register state correctly
Refreshed all patches.
Removed upstreamed.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Jo-Philipp Wich [Tue, 15 Oct 2019 13:51:11 +0000 (15:51 +0200)]
iwinfo: update to latest Git HEAD
a29b7d4 nl80211: align path to phy mapping logic with mac80211.sh
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
57b834281b586839b5e2cb00d7907de50c68ebcc)
RISCi_ATOM [Tue, 15 Oct 2019 16:47:22 +0000 (12:47 -0400)]
Fix LINUX_KERNEL_HASH-4.14.148 in include/kernel-version.mk
RISCi_ATOM [Tue, 15 Oct 2019 16:45:38 +0000 (12:45 -0400)]
Bump kernel to 4.14.148 + patch refresh and patches from upstream :
c4b514b2003687c4d8fb532423afe095e40b6f9c
Jo-Philipp Wich [Fri, 20 Sep 2019 11:32:49 +0000 (13:32 +0200)]
iwinfo: update to latest Git HEAD
Contains following updates squashed from 3 bump commits in master:
02112f9 cli: fix reporting of mixed WPA2/WPA3 versions
7faeaea nl80211: properly detect WEP encryption in wpa_supp scan results
629b5ff nl80211: do not confuse open connections with WEP ones
3d47ddd nl80211: rework hostapd and wpa_supplicant wpa suite parsing
313e827 nl80211: keep awaiting wpa_supplicant scan results on busy response
a766751 nl80211: fix parsing of mixed wpa encryption in wpa_supp scan results
f096bfd utils: support parsing SAE and OWE key management suites from IEs
2a95086 nl80211: recognize SAE encrypted mesh
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Felix Fietkau [Thu, 10 Oct 2019 11:42:56 +0000 (13:42 +0200)]
build: adjust gcc/g++ version checks for newer apple compilers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit
46a129194de0f9e2f71b6526634569e1ec802504)
leo chung [Fri, 20 Sep 2019 05:33:58 +0000 (13:33 +0800)]
build: fix xconfig target
`make xconfig` fails with following linking error of qconf binary:
g++ -lQt5Widgets -lQt5Gui -lQt5Core -o qconf qconf.o zconf.tab.o
/usr/bin/ld: qconf.o: in function ConfigList::metaObject() const': qconf.cc:(.text+0x3eb): undefined reference to QObjectData::dynamicMetaObject() const'
/usr/bin/ld: qconf.o: in function `ConfigList::qt_metacast(char const*)': link error.
which is caused by the wrong order of the linked objects/libraries so
this patch reorders the linker's arguments which makes the qconf compile
again.
Signed-off-by: leo chung <gewalalb@gmail.com>
[commit subject and message tweaks, whitespace fix]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
b2c55d50f8aeb21ef4cd3948034a158f7dd743c2)
Petr Štetiar [Fri, 20 Sep 2019 12:54:56 +0000 (14:54 +0200)]
build: fix host menu config targets using ncurses
On a recent Gentoo Linux installation, invoking `make menuconfig`, `make
kernel_menuconfig` or `make kernel_nconfig` in the build system fails,
whereas for example `make menuconfig` in the kernel tree alone works as
expected.
This is happening because STAGING_PREFIX is not defined when kernel's
{menu,n}config target calls pkg-config from the toolchain/host and thus
pkg-config returns an empty value, and the fallback values in the kernel
config script are applied but those are off and the linking fails.
Solution is to use system's pkg-config for all ncurses based menu config
targets in order to provide proper compiler/linker flags.
Ref: FS#2423
Cc: Thomas Albers <thomas.gameiro@gmail.com>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
965f341aa9fdb6e07d509d02a6ca188af050292a)
Oldřich Jedlička [Wed, 25 Sep 2019 19:45:42 +0000 (21:45 +0200)]
kernel: Fix off-by-one error in FIT mtd partition search.
This fixes off-by-one error introduced in commit
dc76900021b8
("kernel: Correctly search for the FIT image in mtd partition.")
Function `mtd_read` starts reading at `offset` and
needs `hdr_len` number of bytes to be available. Suppose
the easiest case when `offset` is `0` and `hdr_len` equals
to `mtd->size` - the `for` loop will not be entered even
when enough bytes are available to be read.
Same happens for any non-zero `offset`, when `hdr_len` is
just enough bytes to be read until `mtd->size` is reached.
Imagine that for example `mtd->size=5`, `offset=4` and
`hdr_len=1`. Then `offset+hdr_len=5` and the check has to
be `offset+hdr_len <= mtd->size`, i.e. `5 <= 5`. The
check for `offset + hdr_len` value needs to be inclusive,
therefore use `<=`.
Fixes:
dc76900021b8 ("kernel: Correctly search for the FIT image in mtd partition.")
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
[adjusted commit ref, fixes tag]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
e0ce80d42ace6feba509da16795ab0eb81cf5bf4)
Fredrik Olofsson [Wed, 4 Sep 2019 08:41:22 +0000 (10:41 +0200)]
kernel: Correctly search for the FIT image in mtd partition.
Previously all iterations of the loop checked offset=0 in the partition.
Signed-off-by: Fredrik Olofsson <fredrik.olofsson@anyfinetworks.com>
(cherry picked from commit
dc76900021b880820adf981bb7b1cf5ff3ffe1fd)
Johann Neuhauser [Mon, 16 Sep 2019 09:42:49 +0000 (11:42 +0200)]
build: make device tree arg really optional in mkits.sh
If no device tree is given there is no node generated, but
the configuration does still include the name of the missing node.
This will result in a successful build fit image, but bootm does
throw a error message if we want to boot the bad configuration.
Signed-off-by: Johann Neuhauser <jneuhauser@dh-electronics.com>
(cherry picked from commit
205e0939f0a141a1524d94eaf84407ddcb6a1a09)
Koen Vandeputte [Fri, 4 Oct 2019 11:48:12 +0000 (13:48 +0200)]
kernel: add missing symbol when enabling PTP support
Discovered by enabling PTP_1588_CLOCK:
net/sched/Kconfig:44: warning: menuconfig statement without prompt
*
* Restart config...
*
*
* PTP clock support
*
PTP clock support (PTP_1588_CLOCK) [Y/n/?] y
Driver for the National Semiconductor DP83640 PHYTER (DP83640_PHY) [N/m/y/?] (NEW)
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Fri, 4 Oct 2019 09:27:35 +0000 (11:27 +0200)]
treewide: remove 4.19 leftovers
19.07 branch focuses on kernel 4.14
so remove all remaining 4.19 configs
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
RISCi_ATOM [Tue, 1 Oct 2019 20:54:53 +0000 (16:54 -0400)]
Bump Wireguard to 0.0.
20190913
RISCi_ATOM [Mon, 30 Sep 2019 12:01:20 +0000 (08:01 -0400)]
Bump libreCMC version to v1.5.0-rc2
Adrian Schmutzler [Thu, 5 Sep 2019 11:29:37 +0000 (13:29 +0200)]
base-files: use get_mac_binary() in mtd_get_mac_binary_ubi()
The actual retrieval of the MAC address in mtd_get_mac_binary_ubi()
is the same as in get_mac_binary(). Thus, use the latter function
in the former to reduce duplicate code.
This will also allow to benefit from the enhanced path check there
and bring mtd_get_mac_binary_ubi() more in line with the similar
mtd_get_mac_binary().
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
45600124fcbd14ece6e289cb59b318ea44c598fe)
Tomasz Maciej Nowak [Fri, 23 Aug 2019 13:50:48 +0000 (15:50 +0200)]
ar71xx: sysupgrade: accept ath79 combined-image
There is md5 sum of whole image embedded in combined-image header which
is checked on sysupgrade. The check will fail for ath79 images which
may have embedded metadata. This is because metadata are appended after
the combined image is created. To allow smooth transition from ar71xx to
ath79, strip metadata before calculating md5 sum for whole image.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(cherry picked from commit
8b4109c2b4d60495d046157d1baca9b1cdbf8dc8)
Tomasz Maciej Nowak [Fri, 23 Aug 2019 13:50:46 +0000 (15:50 +0200)]
ath79: dts: fix ja76pf2 spi frequency
The frequency was filled acording the information from datasheet for
particular chip (Winbond 25Q128BVFG). Unfortunately this led to
coruption and introduced bad blocks on the chip. Reducing the frequency
to commonly used in ath79, made the board more stable and no new bad
blocks were spoted.
Fixes:
b3a0c97 ("ath79: add support for jjPlus JA76PF2")
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(cherry picked from commit
c1db564cbc7cad88606f3caedf81d07b0a60931f)
Jeff Kletsky [Sat, 28 Sep 2019 17:39:58 +0000 (10:39 -0700)]
ath79: Restore GL.iNet GL-AR300M-Lite first-boot connectivity
The relationship between GMAC0 and GMAC1 and the kernel devices
eth0 and eth1 was reversed for many ath79 devices by commit
8dde11d521
ath79: dts: drop "simple-mfd" for gmacs in SoC dtsi
The GL-AR300M-Lite is a single-port device, with the "LAN" port of the
GL-AR300M board unpopulated and its sole port now referenced as eth1,
as a result of commit
8dde11d521. The device was unreachable on
first boot or fresh config.
By changing ð1 (GMAC1) to an MFD, GMAC0 is able to associate with
the phy and is known by the kernel as "eth0".
Thanks to Chuanhong Guo for the suggestion of "simple-mfd"
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
(cherry picked from commit
b90ea19860853dd538e704e3e4402686c316e43c)
Jeff Kletsky [Sat, 28 Sep 2019 17:39:57 +0000 (10:39 -0700)]
ath79: Correct glinet, gl-ar300m-lite in 02_network
Previously, the board name for the GL-AR300M-Lite was incorrect
in 02_network, resulting in an unintended, fall-through condition
when initializing the network configuration.
While builds prior to commit
8dde11d521 (merged June 5, 2019)
ath79: dts: drop "simple-mfd" for gmacs in SoC dtsi
functioned properly, the error was noted in resolving first-boot
connectivity issues related to the single-phy nature of the device
and the "swap" of eth0 and eth1 related to that commit.
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
(cherry picked from commit
549ea4dc1878d95ee2b752b8840d75a64a67b679)
Felix Fietkau [Wed, 25 Sep 2019 14:45:05 +0000 (16:45 +0200)]
kernel: port upstream nft_flow_offload changes to xt_FLOWOFFLOAD and fix routing issues
Replace an old cleanup patch that never made it upstream with the proper
upstream fix. This patch was incompatible with the recent changes that
affected the way that the flow tuple dst entry was used.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commits
442ecce76169d and
c8933ce533656)
HsiuWen Yen [Thu, 20 Jun 2019 16:44:42 +0000 (00:44 +0800)]
netfilter: fix crash in flow offload by adding netns support
Commit
fcb41decf6c6 ("config: enable some useful features on
!SMALL_FLASH devices") enabled netns, which in turn lead to the crash in
the flow offload target.
When the flow offloading framework intends to delete a flow from the
hardware table, it is necessary to retrieve the namespace from
nf_flowtable->ft_net. However, no one ever wrote the namespace into
nf_flowtable->ft_net in advance. So the framework will mistakenly use a
NULL namespace to execute dev_get_by_index_rcu(net, ifindex), leading to
the kernel panic.
Ref: FS#2321
Fixes:
fcb41decf6c6 ("config: enable some useful features on !SMALL_FLASH devices")
Tested-by: Simon Tretter <simon@mediaarchitectu.re>
Signed-off-by: HsiuWen Yen <y.hsiuwen@gmail.com>
[merged patch into offload patch, fix for 4.19, SOB fix, commit subj/msg touches]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry-picked from commit
d344591e72e5ca96a2bf70a2df38961553185ce8)
Etienne Champetier [Wed, 4 Sep 2019 17:15:51 +0000 (10:15 -0700)]
kernel: add disable_eap_hack sysfs attribute
We are not sure if 640-bridge-only-accept-EAP-locally.patch is still needed
as a first step, add disable_eap_hack sysfs config to allow to disable it
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit
7d542dc8047d276517b296132926e722004065e0)
Eneas U de Queiroz [Tue, 17 Sep 2019 13:52:11 +0000 (10:52 -0300)]
openssl: bump to 1.1.1d
This version fixes 3 low-severity vulnerabilities:
- CVE-2019-1547: ECDSA remote timing attack
- CVE-2019-1549: Fork Protection
- CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
CMS_decrypt_set1_pkey
Patches were refreshed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
d868d0a5d7e1d76bb1a8980346d222fae55fa18b)