librecmc/librecmc.git
5 years agoUpgrade e2fsprogs
RISCi_ATOM [Sat, 29 Jun 2019 17:57:56 +0000 (13:57 -0400)]
Upgrade e2fsprogs

5 years agoupdate Samba to 3.6.25, based upon 18.06
RISCi_ATOM [Sat, 29 Jun 2019 17:57:33 +0000 (13:57 -0400)]
update Samba to 3.6.25, based upon 18.06

5 years agoBump linux-libre kernel to 4.4.184
RISCi_ATOM [Sat, 29 Jun 2019 17:39:45 +0000 (13:39 -0400)]
Bump linux-libre kernel to 4.4.184

5 years agoUpdate nfs support and add libtirpc to base
RISCi_ATOM [Sat, 29 Jun 2019 17:22:25 +0000 (13:22 -0400)]
Update nfs support and add libtirpc to base

5 years agoBump mbedtls to 2.16.1
RISCi_ATOM [Mon, 24 Jun 2019 20:19:48 +0000 (16:19 -0400)]
Bump mbedtls to 2.16.1

5 years agoBump ustream-ssl to 2019-06-24
RISCi_ATOM [Mon, 24 Jun 2019 20:19:09 +0000 (16:19 -0400)]
Bump ustream-ssl to 2019-06-24

5 years agoBump ustream-ssl to 2018-07-30
RISCi_ATOM [Mon, 24 Jun 2019 00:24:37 +0000 (20:24 -0400)]
Bump ustream-ssl to 2018-07-30

5 years agoBump kernel to 4.4.183 v1.4
RISCi_ATOM [Sun, 23 Jun 2019 19:11:49 +0000 (15:11 -0400)]
Bump kernel to 4.4.183

5 years agoBump libreCMC version to v1.4.8
RISCi_ATOM [Sat, 22 Jun 2019 03:29:46 +0000 (23:29 -0400)]
Bump libreCMC version to v1.4.8

5 years agoBump openssl to 1.0.2s
RISCi_ATOM [Sat, 22 Jun 2019 03:17:19 +0000 (23:17 -0400)]
Bump openssl to 1.0.2s

5 years agoBump kernel to 4.4.182 : fixes CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
RISCi_ATOM [Sat, 22 Jun 2019 03:13:13 +0000 (23:13 -0400)]
Bump kernel to 4.4.182 : fixes CVE-2019-11477, CVE-2019-11478, CVE-2019-11479

5 years agoBump linux-libre kernel to 4.4.181
RISCi_ATOM [Thu, 13 Jun 2019 01:29:07 +0000 (21:29 -0400)]
Bump linux-libre kernel to 4.4.181

5 years agoMerge branch 'v1.4' into LTS
RISCi_ATOM [Mon, 10 Jun 2019 23:11:04 +0000 (19:11 -0400)]
Merge branch 'v1.4' into LTS

5 years agoBump Wireguard to 0.0.20190601
RISCi_ATOM [Mon, 10 Jun 2019 23:10:37 +0000 (19:10 -0400)]
Bump Wireguard to 0.0.20190601

5 years agoBump kernel to 4.4.180
RISCi_ATOM [Sat, 18 May 2019 01:59:52 +0000 (21:59 -0400)]
Bump kernel to 4.4.180

5 years agoAdd gcc-7.x support and bump gcc to 5.5.0.
RISCi_ATOM [Sun, 28 Apr 2019 16:23:56 +0000 (12:23 -0400)]
Add gcc-7.x support and bump gcc to 5.5.0.

5 years agoBump Wireguard to 0.0.20190406
RISCi_ATOM [Mon, 29 Apr 2019 17:37:45 +0000 (13:37 -0400)]
Bump Wireguard to 0.0.20190406

5 years agoBump wolfssl to 3.15.7-stable
RISCi_ATOM [Sun, 28 Apr 2019 18:26:06 +0000 (14:26 -0400)]
Bump wolfssl to 3.15.7-stable

5 years agoBump linux-libre kernel to 4.4.179
RISCi_ATOM [Sun, 28 Apr 2019 17:46:46 +0000 (13:46 -0400)]
Bump linux-libre kernel to 4.4.179

5 years agoBump OpenSSL to 1.0.2r
RISCi_ATOM [Mon, 22 Apr 2019 18:02:41 +0000 (18:02 +0000)]
Bump OpenSSL to 1.0.2r

5 years agoLinux-libre 4.4.178 patch refresh
RISCi_ATOM [Mon, 22 Apr 2019 16:30:30 +0000 (16:30 +0000)]
Linux-libre 4.4.178 patch refresh

5 years agoBump Linux-libre kernel to 4.4.178
RISCi_ATOM [Fri, 19 Apr 2019 17:37:00 +0000 (13:37 -0400)]
Bump Linux-libre kernel to 4.4.178

This commit bumps the linux-libre kernel to v4.4.178 and does contain
some changes that may break some things. Some of these changes include:

* generic/902-debloat_proc.patch was removed since it is now in the
upstream kernel and is no longer needed.

* Reworked generic/272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch
since parts of this patch are now in the upstream kernel.

* fix up mac80211 : more fixes are needed... This was in response to
vanilla kernel upstream commit : *-stable : 8e50b8b07f462ab4b91bc1491b1c91bd75e4ad40

5 years agoAdd TPE-R1200 wiki page.
RISCi_ATOM [Sat, 6 Apr 2019 18:04:38 +0000 (14:04 -0400)]
Add TPE-R1200 wiki page.

5 years agoFix up TPE-R1100 target v1.4.7
RISCi_ATOM [Sun, 31 Mar 2019 20:52:50 +0000 (16:52 -0400)]
Fix up TPE-R1100 target

5 years agoBump libreCMC version to v1.4.7
RISCi_ATOM [Fri, 29 Mar 2019 14:30:08 +0000 (10:30 -0400)]
Bump libreCMC version to v1.4.7

5 years agoAdd tpe-r1200 to uboot-envtools
RISCi_ATOM [Thu, 28 Mar 2019 23:46:24 +0000 (19:46 -0400)]
Add tpe-r1200 to uboot-envtools

5 years agoAdd initial support for the TPE-R1200 Mini Wireless Router
NYNEX [Thu, 28 Mar 2019 16:52:47 +0000 (12:52 -0400)]
Add initial support for the TPE-R1200 Mini Wireless Router

5 years agoBump OpenVPN to 2.4.7 and Wireguard to 0.0.20190227
NYNEX [Thu, 21 Mar 2019 00:36:30 +0000 (20:36 -0400)]
Bump OpenVPN to 2.4.7 and Wireguard to 0.0.20190227

5 years agoAdded TL-WR1043Nv5 to the list of tested routers and added a statement to the supported
RISCi_ATOM [Tue, 5 Mar 2019 17:59:51 +0000 (12:59 -0500)]
Added TL-WR1043Nv5 to the list of tested routers and added a statement to the supported
hardware list that clarifies different initial install requirements.

5 years agoMerge branch 'v1.4' of carlosgonz/libreCMC into v1.4
RISCI_ATOM [Tue, 5 Mar 2019 17:29:40 +0000 (12:29 -0500)]
Merge branch 'v1.4' of carlosgonz/libreCMC into v1.4

5 years agoActualizar 'docs/Supported_Hardware.md' 83/head
carlosgonz [Fri, 22 Feb 2019 21:40:51 +0000 (16:40 -0500)]
Actualizar 'docs/Supported_Hardware.md'

Added as supported

5 years agoFix ccsdisk default source repository for libreCMC.
RISCi_ATOM [Thu, 21 Feb 2019 14:19:02 +0000 (09:19 -0500)]
Fix ccsdisk default source repository for libreCMC.

5 years agoFix CVE-2019-8912 : net: crypto set sk to NULL when af_alg_release. : 9060cb719e61b6...
RISCi_ATOM [Wed, 20 Feb 2019 23:48:27 +0000 (18:48 -0500)]
Fix CVE-2019-8912 :  net: crypto set sk to NULL when af_alg_release. : 9060cb719e61b685ec0102574e10337fa5f445ea

5 years agoTmp. update to TL-WR1043ND.md
RISCi_ATOM [Wed, 20 Feb 2019 21:51:42 +0000 (16:51 -0500)]
Tmp. update to TL-WR1043ND.md

5 years agoFix TL-WR1043Nv5 image gen. for factory/tftp flash.
RISCi_ATOM [Wed, 20 Feb 2019 19:46:15 +0000 (14:46 -0500)]
Fix TL-WR1043Nv5 image gen. for factory/tftp flash.

5 years agoChange docs/ccs.md
RISCi_ATOM [Mon, 11 Feb 2019 16:59:39 +0000 (11:59 -0500)]
Change docs/ccs.md

5 years agoFix and add more info to ccs.md
RISCi_ATOM [Mon, 11 Feb 2019 12:34:46 +0000 (07:34 -0500)]
Fix and add more info to ccs.md

5 years agoAdd more info about CCS disk repository options.
RISCi_ATOM [Sun, 10 Feb 2019 22:27:08 +0000 (17:27 -0500)]
Add more info about CCS disk repository options.

5 years agoRough backport of ccsdisk support
RISCi_ATOM [Sun, 10 Feb 2019 19:00:10 +0000 (14:00 -0500)]
Rough backport of ccsdisk support

5 years agoFix issue #78 with patch from upstream commit d40a358136fdc19e6af13921867ed93444c08827 v1.4.6
RISCi_ATOM [Wed, 2 Jan 2019 13:27:27 +0000 (08:27 -0500)]
Fix issue #78 with patch from upstream commit d40a358136fdc19e6af13921867ed93444c08827

The rx ring buffer can stall on small packets on QCA953x and
QCA956x. Disabling the inline checksum engine fixes the stall.
The wr, rr functions cannot be used since this hidden register
is outside of the normal ag71xx register block.

5 years agoBump uhttpd version
RISCi_ATOM [Tue, 1 Jan 2019 01:52:53 +0000 (20:52 -0500)]
Bump uhttpd version

5 years agoBump kernel to 4.4.167 (from upstream 17.01 branch)
RISCi_ATOM [Mon, 31 Dec 2018 22:21:35 +0000 (17:21 -0500)]
Bump kernel to 4.4.167 (from upstream 17.01 branch)

5 years agoUpdate bump tinc version
RISCi_ATOM [Mon, 31 Dec 2018 15:33:02 +0000 (10:33 -0500)]
Update bump tinc version

5 years agoBump wireguard to 0.0.20181218
RISCi_ATOM [Sun, 30 Dec 2018 19:20:37 +0000 (14:20 -0500)]
Bump wireguard to 0.0.20181218

5 years agoRemove luci upnp support
RISCi_ATOM [Sun, 30 Dec 2018 13:39:26 +0000 (08:39 -0500)]
Remove luci upnp support

5 years agoBump wolfssl to 3.15.3
RISCi_ATOM [Sun, 30 Dec 2018 13:38:45 +0000 (08:38 -0500)]
Bump wolfssl to 3.15.3

5 years agoBump openssl to 1.0.2q
RISCi_ATOM [Sun, 30 Dec 2018 13:38:16 +0000 (08:38 -0500)]
Bump openssl to 1.0.2q

5 years agoBump mbedtls to 2.14.1
RISCi_ATOM [Sun, 30 Dec 2018 13:35:14 +0000 (08:35 -0500)]
Bump mbedtls to 2.14.1

5 years agoBump version to v1.4.6
RISCi_ATOM [Sun, 30 Dec 2018 13:33:58 +0000 (08:33 -0500)]
Bump version to v1.4.6

5 years agoopenvpn: update to 2.4.6
Jo-Philipp Wich [Wed, 28 Nov 2018 20:23:03 +0000 (21:23 +0100)]
openvpn: update to 2.4.6

Update the OpenVPN package to version 2.4.6, refresh patches and drop
menuconfig options which are not supported upstream anymore.

Also fix the x509-alt-username configure flag - it is not supported
by mbedtls and was syntactically wrong in the Makefile - and the
port-share option which has been present in menuconfig but not been
used in the Makefile.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agowireguard: bump to 0.0.20181119
Jason A. Donenfeld [Mon, 19 Nov 2018 17:30:17 +0000 (18:30 +0100)]
wireguard: bump to 0.0.20181119

* chacha20,poly1305: fix up for win64
* poly1305: only export neon symbols when in use
* poly1305: cleanup leftover debugging changes
* crypto: resolve target prefix on buggy kernels
* chacha20,poly1305: don't do compiler testing in generator and remove xor helper
* crypto: better path resolution and more specific generated .S
* poly1305: make frame pointers for auxiliary calls
* chacha20,poly1305: do not use xlate

This should fix up the various build errors, warnings, and insertion errors
introduced by the previous snapshot, where we added some significant
refactoring. In short, we're trying to port to using Andy Polyakov's original
perlasm files, and this means quite a lot of work to re-do that had stableized
in our old .S.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
5 years agowireguard: bump to 0.0.20181115
Jason A. Donenfeld [Thu, 15 Nov 2018 20:14:49 +0000 (12:14 -0800)]
wireguard: bump to 0.0.20181115

* Zinc no longer ships generated assembly code. Rather, we now
  bundle in the original perlasm generator for it. The primary purpose
  of this snapshot is to get testing of this.
* Clarify the peer removal logic and make lifetimes more precise.
* Use READ_ONCE for is_valid and is_dead.
* No need to use atomic when the recounter is mutex protected.
* Fix up macros and annotations in allowedips.
* Increment drop counter when staged packets are dropped.
* Use static constants instead of enums for 64-bit values in selftest.
* Mark large constants as ULL in poly1305-donna64.
* Fix sparse warnings in allowedips debugging code.
* Do not use wg_peer_get_maybe_zero in timer callbacks, since we now can
  carefully control the lifetime of these functions and ensure they never
  execute after dropping the last reference.
* Cleanup hashing in ratelimiter.
* Do not guard timer removals, since del_timer is always okay.
* We now check for PM_AUTOSLEEP, which makes the clear*on-suspend decision a
  bit more general.
* Set csum_level to ~0, since the poly1305 authenticator certainly means
  that no data was modified in transit.
* Use CHECKSUM_PARTIAL check for skb_checksum_help instead of
  skb_checksum_setup check.
* wg.8: specify that wg(8) shows runtime info too
* wg.8: AllowedIPs isn't actually required
* keygen-html: add missing glue macro
* wg-quick: android: do not choke on empty allowed-ips

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
5 years agowireguard: bump to 0.0.20181018
Jason A. Donenfeld [Thu, 18 Oct 2018 01:48:34 +0000 (03:48 +0200)]
wireguard: bump to 0.0.20181018

ba2ab5d version: bump snapshot
5f59c76 tools: wg-quick: wait for interface to disappear on freebsd
ac7e7a3 tools: don't fail if a netlink interface dump is inconsistent
8432585 main: get rid of unloaded debug message
139e57c tools: compile on gnu99
d65817c tools: use libc's endianness macro if no compiler macro
f985de2 global: give if statements brackets and other cleanups
b3a5d8a main: change module description
296d505 device: use textual error labels always
8bde328 allowedips: swap endianness early on
a650d49 timers: avoid using control statements in macro
db4dd93 allowedips: remove control statement from macro by rewriting
780a597 global: more nits
06b1236 global: rename struct wireguard_ to struct wg_
205dd46 netlink: do not stuff index into nla type
2c6b57b qemu: kill after 20 minutes
6f2953d compat: look in Kbuild and Makefile since they differ based on arch
a93d7e4 create-patch: blacklist instead of whitelist
8d53657 global: prefix functions used in callbacks with wg_
123f85c compat: don't output for grep errors

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
5 years agowireguard: bump to 0.0.20181007
Kevin Darbyshire-Bryant [Tue, 9 Oct 2018 08:03:59 +0000 (09:03 +0100)]
wireguard: bump to 0.0.20181007

64750c1 version: bump snapshot
f11a2b8 global: style nits
4b34b6a crypto: clean up remaining .h->.c
06d9fc8 allowedips: document additional nobs
c32b5f9 makefile: do more generic wildcard so as to avoid rename issues
20f48d8 crypto: use BIT(i) & bitmap instead of (bitmap >> i) & 1
b6e09f6 crypto: disable broken implementations in selftests
fd50f77 compat: clang cannot handle __builtin_constant_p
bddaca7 compat: make asm/simd.h conditional on its existence
b4ba33e compat: account for ancient ARM assembler

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agoAdd sha256sums/signatures link to supported / popular router pages
RISCi_ATOM [Thu, 18 Oct 2018 16:17:57 +0000 (12:17 -0400)]
Add sha256sums/signatures link to supported / popular router pages

6 years agoFix formatting in image list?
RISCi_ATOM [Thu, 18 Oct 2018 16:04:01 +0000 (12:04 -0400)]
Fix formatting in image list?

6 years agoAdd link to current libreCMC images on popular / supported router pages
RISCi_ATOM [Thu, 18 Oct 2018 16:00:37 +0000 (12:00 -0400)]
Add link to current libreCMC images on popular / supported router pages

6 years agoChange wording to make it clear that Main images work on targets with 8M of flash
RISCi_ATOM [Thu, 18 Oct 2018 01:36:48 +0000 (21:36 -0400)]
Change wording to make it clear that Main images work on targets with 8M of flash

6 years agoAdd missing word
RISCi_ATOM [Thu, 18 Oct 2018 01:32:07 +0000 (21:32 -0400)]
Add missing word

6 years agoremove a word.
RISCi_ATOM [Thu, 18 Oct 2018 01:28:04 +0000 (21:28 -0400)]
remove a word.

6 years agoMerge branch 'v1.4' of https://gogs.librecmc.org/librecmc/librecmc into v1.4
RISCi_ATOM [Thu, 18 Oct 2018 01:19:04 +0000 (21:19 -0400)]
Merge branch 'v1.4' of https://gogs.librecmc.org/librecmc/librecmc into v1.4

6 years agoAdd image flavor description
RISCi_ATOM [Thu, 18 Oct 2018 01:18:50 +0000 (21:18 -0400)]
Add image flavor description

6 years agoFix issue link
RISCI_ATOM [Thu, 18 Oct 2018 01:11:56 +0000 (21:11 -0400)]
Fix issue link

6 years agoBump Wireguard to 0.0.20181006 v1.4.5
RISCi_ATOM [Tue, 9 Oct 2018 05:36:27 +0000 (01:36 -0400)]
Bump Wireguard to 0.0.20181006

6 years agoUpdate status of TL-WR1043N v5, still has not been tested!
RISCi_ATOM [Wed, 3 Oct 2018 19:57:18 +0000 (15:57 -0400)]
Update status of TL-WR1043N v5, still has not been tested!

6 years agoFix TL-WR1043N v5 image generation
RISCi_ATOM [Wed, 3 Oct 2018 01:59:51 +0000 (21:59 -0400)]
Fix TL-WR1043N v5 image generation

6 years agoBump bzip2 and curl
RISCi_ATOM [Mon, 1 Oct 2018 19:52:08 +0000 (15:52 -0400)]
Bump bzip2 and curl

6 years agoBump mbedtls to 2.12.0
RISCi_ATOM [Mon, 1 Oct 2018 19:32:47 +0000 (15:32 -0400)]
Bump mbedtls to 2.12.0

6 years agoBump firewall version
RISCi_ATOM [Mon, 1 Oct 2018 18:20:47 +0000 (14:20 -0400)]
Bump firewall version

6 years agobump tor to 0.3.4.8
RISCi_ATOM [Mon, 1 Oct 2018 15:40:58 +0000 (11:40 -0400)]
bump tor to 0.3.4.8

6 years agoBump wireguard to 0.0.20180925
RISCi_ATOM [Mon, 1 Oct 2018 14:47:20 +0000 (10:47 -0400)]
Bump wireguard to 0.0.20180925

6 years agoBump kernel to 4.4.159
RISCi_ATOM [Mon, 1 Oct 2018 13:58:55 +0000 (09:58 -0400)]
Bump kernel to 4.4.159
 - Removed ar71xx/203-MIPS-ath79-fix-restart.patch : upstreamed
 - Removed generic/051-000{1,2,5}-ovl-*.patch : Upstreamed, excluding is_merge rename

6 years agoPull in updated {bison,m4,e2fsprogs,findutils} to fix build issues with newer glibc.
RISCi_ATOM [Sun, 30 Sep 2018 19:56:11 +0000 (15:56 -0400)]
Pull in updated {bison,m4,e2fsprogs,findutils} to fix build issues with newer glibc.

6 years agoTP-Link TL-WR1043N v5 appears to be identical to the TL-WR1043ND v4,
RISCi_ATOM [Sun, 30 Sep 2018 19:52:14 +0000 (15:52 -0400)]
TP-Link TL-WR1043N v5 appears to be identical to the TL-WR1043ND v4,
except that the USB port has been removed and there is no longer a
removable antenna option.

The software is more in line with the Archer series in that it uses a
nested bootloader scheme.

Specifications:

 - QCA9563 at 775 MHz
 - 64 MB RAM
 - 16 MB flash
 - 3 (non-detachable) Antennas / 450 Mbit
 - 1x/4x WAN/LAN Gbps Ethernet (QCA8337)
 - reset and Wi-Fi buttons

Based upon upstream commit : 673793d753717dc49e5a6f9b1bba52658cae63fc

Note: This commit has not been tested on actual hardware!!!

6 years agoFix redundant TARGET_CFLAGS in hnsd Makefile
RISCi_ATOM [Thu, 6 Sep 2018 08:50:06 +0000 (04:50 -0400)]
Fix redundant TARGET_CFLAGS in hnsd Makefile

6 years agoMove libexpat, unbound into core and introduce hnsd
RISCi_ATOM [Thu, 6 Sep 2018 08:34:11 +0000 (04:34 -0400)]
Move libexpat, unbound into core and introduce hnsd

hnsd is the Handshake SPV name resolver daemon for the Handshake
network. see https://handshake.org and https://github.com/handshake-org/hnsd

Currently, hnsd needs some more work.

6 years agoMerge branch 'v1.4' of https://gogs.librecmc.org/librecmc/librecmc into v1.4
RISCi_ATOM [Thu, 6 Sep 2018 08:30:39 +0000 (04:30 -0400)]
Merge branch 'v1.4' of https://gogs.librecmc.org/librecmc/librecmc into v1.4

6 years agoupdate x86 kernel config to reflect last kernel bump
RISCi_ATOM [Thu, 6 Sep 2018 08:30:21 +0000 (04:30 -0400)]
update x86 kernel config to reflect last kernel bump

6 years agowireguard: bump to 0.0.20180904
RISCi_ATOM [Wed, 5 Sep 2018 08:29:03 +0000 (04:29 -0400)]
wireguard: bump to 0.0.20180904

* Kconfig: use new-style help marker
* global: run through clang-format
* uapi: reformat
* global: satisfy check_patch.pl errors
* global: prefer sizeof(*pointer) when possible
* global: always find OOM unlikely

Tons of style cleanups.

* crypto: use unaligned helpers

We now avoid unaligned accesses for generic users of the crypto API.

* crypto: import zinc

More style cleanups and a rearrangement of the crypto routines to fit how this
is going to work upstream. This required some fairly big changes to our build
system, so there may be some build errors we'll have to address in subsequent
snapshots.

* compat: rng_is_initialized made it into 4.19

We therefore don't need it in the compat layer anymore.

* curve25519-hacl64: use formally verified C for comparisons

The previous code had been proved in Z3, but this new code from upstream
KreMLin is directly generated from the F*, which is preferable. The
assembly generated is identical.

* curve25519-x86_64: let the compiler decide when/how to load constants

Small performance boost.

* curve25519-arm: reformat
* curve25519-arm: cleanups from lkml
* curve25519-arm: add spaces after commas
* curve25519-arm: use ordinary prolog and epilogue
* curve25519-arm: do not waste 32 bytes of stack
* curve25519-arm: prefix immediates with #

This incorporates ASM nits from upstream review.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Pulled from upstream commit : 4ccbe7de6cb20766fd309bc3824c7591e33b0b96

6 years agoMerge branch 'v1.4' of https://gogs.librecmc.org/librecmc/librecmc into v1.4
RISCi_ATOM [Tue, 4 Sep 2018 18:22:53 +0000 (14:22 -0400)]
Merge branch 'v1.4' of https://gogs.librecmc.org/librecmc/librecmc into v1.4

6 years agoUpdate dropbear
RISCi_ATOM [Tue, 4 Sep 2018 13:20:06 +0000 (09:20 -0400)]
Update dropbear

6 years agoUpdate dropbear
NYNEX [Tue, 4 Sep 2018 13:20:06 +0000 (09:20 -0400)]
Update dropbear

6 years agoBump kernel to 4.4.153 and fix generic/051-0005-ovl-proper-cleanup-of-workdir.patch
RISCi_ATOM [Thu, 30 Aug 2018 13:03:03 +0000 (09:03 -0400)]
Bump kernel to 4.4.153 and fix generic/051-0005-ovl-proper-cleanup-of-workdir.patch

6 years agoMerge branch 'v1.5' into v1.4
RISCi_ATOM [Sun, 26 Aug 2018 23:51:30 +0000 (19:51 -0400)]
Merge branch 'v1.5' into v1.4

6 years agoBump libreCMC version #
RISCi_ATOM [Thu, 23 Aug 2018 10:43:13 +0000 (06:43 -0400)]
Bump libreCMC version #

6 years agoThis commit adds support for the GL-AR750 (2.4G radio only)
RISCi_ATOM [Thu, 23 Aug 2018 09:32:40 +0000 (05:32 -0400)]
This commit adds support for the GL-AR750 (2.4G radio only)

While this router does have an 802.11ac chipset (QCA9887) which
requires non-free firmware (loadable firmware blobs), the main raido in the SoC
can still be used and does not require non-free firmware / blobs since it
is an ath9k chipset...

As it stands, it is not possible to use the 802.11ac radio due to lack of
drivers, the firmware loading mech. has been removed (linux-libre kernel)
and libreCMC does not include or pull needed firmware. The libreCMC project is
not endorsing the usage of the non-free chpset and the barriers are sufficient
that no one can use libreCMC with the non-free components.

TLDR; It is not possible to use the non-free chipset with libreCMC but the device
can still be used as a wireless router without non-free blobs.

Specification:

- 650/597/216 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 3x 10/100 Mbps Ethernet
- 2T2R 2.4 GHz (QCA9531)
- 1T1R 5 GHz (QCA9887)
- 1x USB 2.0 (power controlled by GPIO)
- 1x microSD (GL857L)
- 3x LED (all driven by GPIO)
- 1x button (reset)
- 1x 2-pos switch
- header for optional PoE module
- 1x micro USB for main power input
- UART + I2C header on PCB

Based upon upstream commit : 2e5252d346e2ec832a203af778b5c1d949f0ae5f

6 years agoBump hostapd package revision
RISCi_ATOM [Mon, 20 Aug 2018 18:31:49 +0000 (14:31 -0400)]
Bump hostapd package revision

6 years agowpa_supplicant: fix CVE-2018-14526
RISCi_ATOM [Mon, 20 Aug 2018 16:32:33 +0000 (12:32 -0400)]
wpa_supplicant: fix CVE-2018-14526

Unauthenticated EAPOL-Key decryption in wpa_supplicant

Published: August 8, 2018
Identifiers:
- CVE-2018-14526
Latest version available from: https://w1.fi/security/2018-1/

Vulnerability

A vulnerability was found in how wpa_supplicant processes EAPOL-Key
frames. It is possible for an attacker to modify the frame in a way that
makes wpa_supplicant decrypt the Key Data field without requiring a
valid MIC value in the frame, i.e., without the frame being
authenticated. This has a potential issue in the case where WPA2/RSN
style of EAPOL-Key construction is used with TKIP negotiated as the
pairwise cipher. It should be noted that WPA2 is not supposed to be used
with TKIP as the pairwise cipher. Instead, CCMP is expected to be used
and with that pairwise cipher, this vulnerability is not applicable in
practice.

When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data
field is encrypted using RC4. This vulnerability allows unauthenticated
EAPOL-Key frames to be processed and due to the RC4 design, this makes
it possible for an attacker to modify the plaintext version of the Key
Data field with bitwise XOR operations without knowing the contents.
This can be used to cause a denial of service attack by modifying
GTK/IGTK on the station (without the attacker learning any of the keys)
which would prevent the station from accepting received group-addressed
frames. Furthermore, this might be abused by making wpa_supplicant act
as a decryption oracle to try to recover some of the Key Data payload
(GTK/IGTK) to get knowledge of the group encryption keys.

Full recovery of the group encryption keys requires multiple attempts
(128 connection attempts per octet) and each attempt results in
disconnection due to a failure to complete the 4-way handshake. These
failures can result in the AP/network getting disabled temporarily or
even permanently (requiring user action to re-enable) which may make it
impractical to perform the attack to recover the keys before the AP has
already changes the group keys. By default, wpa_supplicant is enforcing
at minimum a ten second wait time between each failed connection
attempt, i.e., over 20 minutes waiting to recover each octet while
hostapd AP implementation uses 10 minute default for GTK rekeying when
using TKIP. With such timing behavior, practical attack would need large
number of impacted stations to be trying to connect to the same AP to be
able to recover sufficient information from the GTK to be able to
determine the key before it gets changed.

Vulnerable versions/configurations

All wpa_supplicant versions.

Acknowledgments

Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU
Leuven for discovering and reporting this issue.

Possible mitigation steps

- Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This
can be done also on the AP side.

- Merge the following commits to wpa_supplicant and rebuild:

WPA: Ignore unauthenticated encrypted EAPOL-Key data

This patch is available from https://w1.fi/security/2018-1/

- Update to wpa_supplicant v2.7 or newer, once available

Pulled from upstream commit : b3983323a1f25c936ddfcc129c454b282e90eeed

6 years agoupdate cjdns
RISCi_ATOM [Mon, 20 Aug 2018 03:33:50 +0000 (23:33 -0400)]
update cjdns

6 years agoBump kernel to 4.4.150
RISCi_ATOM [Sun, 19 Aug 2018 20:31:13 +0000 (16:31 -0400)]
Bump kernel to 4.4.150

6 years ago openssl: update to version 1.0.2p
RISCi_ATOM [Thu, 16 Aug 2018 05:27:14 +0000 (01:27 -0400)]
openssl: update to version 1.0.2p

    This fixes the following security problems:
     * CVE-2018-0732: Client DoS due to large DH parameter
     * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation

Cherry pick'ed from upstream commit : e11df1eac62f23263e90c54d87bc69a7021e72b7

6 years agoBump kernel to 4.4.146
RISCi_ATOM [Tue, 7 Aug 2018 16:51:30 +0000 (12:51 -0400)]
Bump kernel to 4.4.146

6 years agowireguard: bump to 0.0.20180802
RISCi_ATOM [Mon, 6 Aug 2018 17:17:42 +0000 (13:17 -0400)]
wireguard: bump to 0.0.20180802

Changelog taken from the version announcement
>
> == Changes ==
>
>   * chacha20poly1305: selftest: split up test vector constants
>
>   The test vectors are encoded as long strings -- really long strings -- and
>   apparently RFC821 doesn't like lines longer than 998.
>   https://cr.yp.to/smtp/message.html
>
>   * queueing: keep reference to peer after setting atomic state bit
>
>   This fixes a regression introduced when preparing the LKML submission.
>
>   * allowedips: prevent double read in kref
>   * allowedips: avoid window of disappeared peer
>   * hashtables: document immediate zeroing semantics
>   * peer: ensure resources are freed when creation fails
>   * queueing: document double-adding and reference conditions
>   * queueing: ensure strictly ordered loads and stores
>   * cookie: returned keypair might disappear if rcu lock not held
>   * noise: free peer references on failure
>   * peer: ensure destruction doesn't race
>
>   Various fixes, as well as lots of code comment documentation, for a
>   small variety of the less obvious aspects of object lifecycles,
>   focused on correctness.
>
>   * allowedips: free root inside of RCU callback
>   * allowedips: use different macro names so as to avoid confusion
>
>   These incorporate two suggestions from LKML.
>
> This snapshot contains commits from: Jason A. Donenfeld and Jann Horn.

Taken from upstream commit : 68e2ebe64a0f27eb25c0e56ef1125ce1318e2279

6 years agoBump kernel up to 4.4.145 and fix usb.ids hash
RISCi_ATOM [Wed, 1 Aug 2018 19:39:41 +0000 (15:39 -0400)]
Bump kernel up to 4.4.145 and fix usb.ids hash

6 years agoRevert kernel (vanilla) commit b699d0035836f6712917a41e7ae58d84359b8ff9 : see vanilla...
RISCi_ATOM [Wed, 25 Jul 2018 19:26:20 +0000 (15:26 -0400)]
Revert kernel (vanilla) commit b699d0035836f6712917a41e7ae58d84359b8ff9 : see vanilla kernel commit f4eb17e1efe538d4da7d574bedb00a8dafcc26b7

6 years agoUpdate odhcpd to fix verbose logging bug v1.4.4
RISCi_ATOM [Sun, 1 Jul 2018 03:51:10 +0000 (23:51 -0400)]
Update odhcpd to fix verbose logging bug

6 years agoUpdate OpenVPN, ustream-ssl, add wolfssl and remove cyassl
RISCi_ATOM [Fri, 29 Jun 2018 18:49:08 +0000 (14:49 -0400)]
Update OpenVPN, ustream-ssl, add wolfssl and remove cyassl

6 years agoUpdate rpcd
RISCi_ATOM [Thu, 28 Jun 2018 21:03:41 +0000 (17:03 -0400)]
Update rpcd

6 years agoBump kernel to 4.4.138
RISCi_ATOM [Thu, 28 Jun 2018 20:04:31 +0000 (16:04 -0400)]
Bump kernel to 4.4.138

6 years agoUpdate tor and add tinc to core
RISCi_ATOM [Thu, 28 Jun 2018 18:06:04 +0000 (14:06 -0400)]
Update tor and add tinc to core