| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Also add a missing symbol for x86 which got used now in this bump.
- ISCSI_IBFT
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
musl libc through 1.1.23 has an x87 floating-point stack adjustment
imbalance, related to the math/i386/ directory. In some cases, use of
this library could introduce out-of-bounds writes that are not present
in an application's source code.
This problem only affects x86 and no other architectures.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit c262daf308e0f0bd93bb5c5ee6238773935079ee)
|
| |
|
|
| |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This happens only the second time a library is loaded by dlopen().
After lib1 is loaded, dlsym(lib1,"undef1") correctly resolves the undef
symbol from lib1 dependencies. After the second library is loaded,
dlsym(lib2,"undef1") was returning the address of "undef1" in lib2
instead of searching lib2 dependencies.
Backporting upstream fix which now uses the same logic for relocation
time and dlsym.
Fixes openwrt/packages#9297
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2018-16870: medium-severity, new variant of the Bleichenbacher
attack to perform downgrade attacks against TLS, which may lead to
leakage of sensible data. Backported from 3.15.7.
CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes
when performing ECDSA signing operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack. Backported from 4.1.0.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
| |
Fixes compilation under uClibc-ng.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit e49b6bb61828b8b903db0ef48113b4065a215c63)
|
| |
|
|
|
|
|
|
|
| |
The 8 year old file does not have any ARC definitions.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[updated content of the patch with version sent to upstream]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 395bef4bbacc0dd1cca72907529539194504be27)
|
| |
|
|
|
|
|
|
|
| |
Missing header for va_list.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
(cherry picked from commit 2f977974714468e1a0ee20e4cce233da63d06dd0)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed style
diff payload with shell metacharacters. The ed editor does not need to be
present on the vulnerable system. This is different from CVE-2018-1000156.
https://nvd.nist.gov/vuln/detail/CVE-2019-13638
Signed-off-by: Russell Senior <russell@personaltelco.net>
(cherry picked from commit bcfd1d76852974170780dbe368e6194dbb0e123e)
|
| |
|
|
|
|
|
|
|
|
| |
In GNU patch through 2.7.6, the following of symlinks is mishandled in
certain cases other than input files. This affects inp.c and util.c.
https://nvd.nist.gov/vuln/detail/CVE-2019-13636
Signed-off-by: Russell Senior <russell@personaltelco.net>
(cherry picked from commit 995bcc532943639f3df36dbcaa361f9167f9f4d5)
|
| |
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value
of CONFIG_SIGNED_PACKAGES and thus is enabled by default.
This option is needed to support building target opkg with enabled
signature verification while having the signed package lists disabled.
Our buildbots currently disable package signing globally in the
buildroot and SDK to avoid the need to ship private signing keys to
the build workers and to prevent the triggering of random key generation
on the worker nodes since package signing happens off-line on the master
nodes.
As unintended side-effect, updated opkg packages will get built with
disabled signature verification, hence the need for a new override option.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f565f276e2c06ac8f3176e0b16d6f2d40cd653d4)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since usign miscalculates SHA-512 digests for input sizes of exactly
64 + N * 128 + 110 or 64 + N * 128 + 111 bytes, we need to apply some
white space padding to avoid triggering the hashing edge case.
While usign itself has been fixed already, there is still many firmwares
in the wild which use broken usign versions to verify current package
indexes so we'll need to carry this workaround in the forseeable future.
Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Ref: https://git.openwrt.org/5a52b379902471cef495687547c7b568142f66d2
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit e1f588e446c7ceb696b644b37aeab9b3476e2a57)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This update fixes usign signature verification on files with certain
file sizes triggering a bug in the shipped SHA-512 implementation.
5a52b37 sha512: fix bad hardcoded constant in sha512_final()
3e6648b README: replace unicode character
716c3f2 README: add reference to OpenBSD signify
86d3668 README: provide reference for ed25519 algorithm
939ec35 usign: main.c: describe necessary arguments for -G
Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 991dd5a89340367920315a3fd0390a7423e6b34a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Altered patches:
- 306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch
Remove upstreamed:
- 505-arm64-dts-marvell-Fix-A37xx-UART0-register-size
Fixes:
- CVE-2019-13648
- CVE-2019-10207
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Altered patches:
- 021-bridge-multicast-to-unicast.patch
Remove upstreamed:
- 001-um-Allow-building-and-running-on-older-hosts.patch
- 003-um-Fix-check-for-_xstate-for-older-hosts.patch
Fixes:
- CVE-2019-10207
- CVE-2019-13648
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In commit 6c937df749c7 ("ar71xx: wpj531: fix GPIOs for LED") wrong GPIO
13 for SIG1/RSS1 LED was commited, the correct GPIO number for this LED
is 12.
It's listed in "Hardware Guide - wpj531 7A06 (02/07/2019)" as GPIO12/RSS1
on the LED header and same GPIO 12 is used in the vendor's SDK as well.
Fixes: 6c937df749c7 ("ar71xx: wpj531: fix GPIOs for LED")
Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit subject/message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit c070662980047838004b83f7af59e7015d3c7922)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The Aerohive HiveAP 121 has the wrong PLL value set for Gigabit speeds,
leading to packet-loss. 10M and 100M work fine.
This commit sets the Gigabit Ethernet PLL value to the correct value,
fixing packet loss.
Confirmed with iperf and floodping.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit cb49e46a8a4526d86270ced3ba3aa90225ca82d7)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Fixes:
- CVE-2019-3846
- CVE-2019-3900
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Fixes:
- CVE-2019-3846
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
- add uart rom script address in header of sdma firmware to support
the uart driver of latest kernel working well while old firmware
assume ram script used for uart driver as NXP internal legacy
kernel.
- add multi-fifo SAI/PDM scripts.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 819b6345a206ad182dd3c2d786a3d7f04e33f751)
|
| |
|
|
|
| |
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit fa8d5ad21bd7f12c2d9c3580226d0c708255e55d)
|
| |
|
|
|
|
| |
This provides a complete console messages dump.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| |
|
|
|
|
| |
Use commits from wireless-drivers-next.git.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Don't use cpu_to_be32 outside of a function.
In file included from /omcproxy-2017-02-14-1fe6f48f/src/omcproxy.h:51:0,
from omcproxy-2017-02-14-1fe6f48f/src/mrib.c:39:
omcproxy-2017-02-14-1fe6f48f/src/mrib.c:57:34: error: braced-group within expression allowed only inside a function
static uint32_t ipv4_rtr_alert = cpu_to_be32(0x94040000);
^
cc1: warning: unrecognized command line option '-Wno-gnu'
Ref: https://downloads.openwrt.org/releases/faillogs-18.06/arm_cortex-a9_vfpv3/base/omcproxy/compile.txt
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
[more verbose commit message]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit cb4d00d1841ef6269114f2bd3880800dbdfba3b1)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use `stat -L` instead of `ls -l` to follow symbolic links when obtaining
the file size of .ipk archives.
Without this change, the size of the symlink, not the size of the target
file is encoded in the package index file.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit ece5cab743f9df6c9655d6117e92fda110292173)
Fixes: e6af9c017b0c ("opkg: bump to version 2019-06-14")
[ rmilecki: this has to be backported due to the recent opkg update and
cb6640381808 ("libopkg: check for file size mismatches") to fix false
"opkg_install_pkg: Package size mismatch" errors ]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| |
|
|
|
|
|
|
|
| |
This fixes:
1) Crash during USB disconnect
2) Crash in brcmf_txfinalize() on rmmod with packets queued
3) Some errors in exit path
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| |
|
|
|
|
|
|
| |
Now that busybox is a known alternatives provider by opkg, we remove the
ALTERNATIVES spec and add a note to make the implicit situation clear
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry-picked from 62be427067ee3883b68bcfb08dfc0c43dce22fa3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog
dcbc142 alternatives: remove duplicate 'const' specifier
21b7bd7 alternatives: special-case busybox as alternatives provider
d4ba162 libopkg: only perform size check when information is available
cb66403 libopkg: check for file size mismatches
Opkg starting from this version special-cases busybox as alternatives
provider. There should be no need to add entries to ALTERNATIVES of
busybox package
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Logic was inverted when changing from string check to file check.
Fix it.
Fixes: 8592602d0a88 ("base-files: Really check path in get_mac_binary")
Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 6ed3349308b24a6bac753643970a1f9f56ff6070)
|
| |
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
| |
Currently, path argument is only checked for being not empty.
This changes behavior to actually check whether path exists.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There was an issue with the backport compat layer in yesterday's snapshot,
causing issues on certain (mostly Atom) Intel chips on kernels older than
4.2, due to the use of xgetbv without checking cpu flags for xsave support.
This manifested itself simply at module load time. Indeed it's somewhat tricky
to support 33 different kernel versions (3.10+), plus weird distro
frankenkernels.
If OpenWRT doesn't support < 4.2, you probably don't need to apply this.
But it also can't hurt, and probably best to stay updated.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit 593b487538079f2a22300f3f22ffb21b20da36a0)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The mt7620 doesn't have a pinmux group named spi_cs1. The cs1 is part
of the "spi refclk" group. The function "spi refclk" enables the second
chip select.
On reset, the pins of the "spi refclk" group are used as reference
clock and GPIO.
Signed-off-by: Mathias Kresin <dev@kresin.me>
(cherry picked from commit 3601c3de23f15e2735adc4becdca14c803b6b1a5)
|
| |
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
| |
1965c7139374 uqmi: add explicit check for message type when expecting a response
01944dd7089b uqmi_add_command: fixed command argument assignment
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 47986dc6ea1d643cd348501da09cd2e3ee2f9ee1)
|
| |
|
|
|
|
|
|
|
|
| |
Fix an issue where subinterfaces were not added to the same
firewall zone as their parent.
Fixes: FS#2122
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 64bb88841fbc2d9a9dfee12775a18e5dc89ac16e)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Apparently this modem replies differently to attempted --get-pin-status
which makes the script fail if a pincode is set. Fix this.
Manufacturer: Sierra Wireless, Incorporated
Model: MC7455
Revision: SWI9X30C_02.24.05.06 r7040 CARMD-EV-FRMWR2 2017/05/19 06:23:09
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 0b373bf4d6a1a7a53e06946972ebb812b4cc2f0f)
|
| |
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Remove upstreamed:
- 010-revert-staging-vc04_services-prevent-integer-overflow-in-create_pagelist.patch
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Restarting service causes file-systems to be unmounted without being
mounted back. When this service was obsoleted it should have been
implemented in a way that all actions are ignored. Up to this commit
default handler was called when restart was requested. This default
handler just simply calls stop and start. That means that stop called
unmount but start just printed that this service is obsoleted.
This instead implements restart that just prints same message like start
does. It just calls start in reality. This makes restart unavailable for
call.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit 3ead9e7b743b1fbd3b07f5a72a16999abbec9347)
|
