aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* tools/patch: apply upstream patch for CVE-2019-13636Russell Senior2019-08-142-1/+109
| | | | | | | | | | In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c. https://nvd.nist.gov/vuln/detail/CVE-2019-13636 Signed-off-by: Russell Senior <russell@personaltelco.net> (cherry picked from commit 995bcc532943639f3df36dbcaa361f9167f9f4d5)
* kernel: bump 4.14 to 4.14.137Koen Vandeputte2019-08-096-9/+9
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.188Koen Vandeputte2019-08-098-15/+15
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* config: introduce separate CONFIG_SIGNATURE_CHECK optionJo-Philipp Wich2019-08-072-2/+6
| | | | | | | | | | | | | | | | | | | | Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value of CONFIG_SIGNED_PACKAGES and thus is enabled by default. This option is needed to support building target opkg with enabled signature verification while having the signed package lists disabled. Our buildbots currently disable package signing globally in the buildroot and SDK to avoid the need to ship private signing keys to the build workers and to prevent the triggering of random key generation on the worker nodes since package signing happens off-line on the master nodes. As unintended side-effect, updated opkg packages will get built with disabled signature verification, hence the need for a new override option. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit f565f276e2c06ac8f3176e0b16d6f2d40cd653d4)
* packages: apply usign padding workarounds to package indexes if neededJo-Philipp Wich2019-08-071-2/+6
| | | | | | | | | | | | | | | Since usign miscalculates SHA-512 digests for input sizes of exactly 64 + N * 128 + 110 or 64 + N * 128 + 111 bytes, we need to apply some white space padding to avoid triggering the hashing edge case. While usign itself has been fixed already, there is still many firmwares in the wild which use broken usign versions to verify current package indexes so we'll need to carry this workaround in the forseeable future. Ref: https://forum.openwrt.org/t/signature-check-failed/41945 Ref: https://git.openwrt.org/5a52b379902471cef495687547c7b568142f66d2 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit e1f588e446c7ceb696b644b37aeab9b3476e2a57)
* usign: update to latest Git HEADJo-Philipp Wich2019-08-061-3/+3
| | | | | | | | | | | | | | | This update fixes usign signature verification on files with certain file sizes triggering a bug in the shipped SHA-512 implementation. 5a52b37 sha512: fix bad hardcoded constant in sha512_final() 3e6648b README: replace unicode character 716c3f2 README: add reference to OpenBSD signify 86d3668 README: provide reference for ed25519 algorithm 939ec35 usign: main.c: describe necessary arguments for -G Ref: https://forum.openwrt.org/t/signature-check-failed/41945 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 991dd5a89340367920315a3fd0390a7423e6b34a)
* kernel: bump 4.14 to 4.14.136Koen Vandeputte2019-08-0621-75/+36
| | | | | | | | | | | | | | | | | | | Refreshed all patches. Altered patches: - 306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch Remove upstreamed: - 505-arm64-dts-marvell-Fix-A37xx-UART0-register-size Fixes: - CVE-2019-13648 - CVE-2019-10207 Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.187Koen Vandeputte2019-08-0619-272/+127
| | | | | | | | | | | | | | | | | | | | Refreshed all patches. Altered patches: - 021-bridge-multicast-to-unicast.patch Remove upstreamed: - 001-um-Allow-building-and-running-on-older-hosts.patch - 003-um-Fix-check-for-_xstate-for-older-hosts.patch Fixes: - CVE-2019-10207 - CVE-2019-13648 Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ar71xx: wpj531: fix SIG1/RSS1 LED GPIOLeon M. George2019-08-041-1/+1
| | | | | | | | | | | | | | | In commit 6c937df749c7 ("ar71xx: wpj531: fix GPIOs for LED") wrong GPIO 13 for SIG1/RSS1 LED was commited, the correct GPIO number for this LED is 12. It's listed in "Hardware Guide - wpj531 7A06 (02/07/2019)" as GPIO12/RSS1 on the LED header and same GPIO 12 is used in the vendor's SDK as well. Fixes: 6c937df749c7 ("ar71xx: wpj531: fix GPIOs for LED") Signed-off-by: Leon M. George <leon@georgemail.eu> [commit subject/message facelift] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit c070662980047838004b83f7af59e7015d3c7922)
* ar71xx: fix HiveAP 121 PLL for 1000MDavid Bauer2019-08-011-1/+1
| | | | | | | | | | | | | The Aerohive HiveAP 121 has the wrong PLL value set for Gigabit speeds, leading to packet-loss. 10M and 100M work fine. This commit sets the Gigabit Ethernet PLL value to the correct value, fixing packet loss. Confirmed with iperf and floodping. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit cb49e46a8a4526d86270ced3ba3aa90225ca82d7)
* kernel: bump 4.14 to 4.14.134Koen Vandeputte2019-07-313-8/+8
| | | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-3846 - CVE-2019-3900 Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.186Koen Vandeputte2019-07-3119-41/+41
| | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-3846 Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* imx6: bump SDMA firmware to 3.5Koen Vandeputte2019-07-311-0/+0
| | | | | | | | | | | - add uart rom script address in header of sdma firmware to support the uart driver of latest kernel working well while old firmware assume ram script used for uart driver as NXP internal legacy kernel. - add multi-fifo SAI/PDM scripts. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit 819b6345a206ad182dd3c2d786a3d7f04e33f751)
* imx6: bump sdma firmware to 3.4Koen Vandeputte2019-07-311-0/+0
| | | | | Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit fa8d5ad21bd7f12c2d9c3580226d0c708255e55d)
* mac80211: brcm: improve brcmfmac debugging of firmware crashesRafał Miłecki2019-07-282-1/+39
| | | | | | This provides a complete console messages dump. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcm: update brcmfmac 5.4 patchesRafał Miłecki2019-07-288-18/+26
| | | | | | Use commits from wireless-drivers-next.git. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* omcproxy: fix compilation on little-endian CPUsEneas U de Queiroz2019-07-232-1/+36
| | | | | | | | | | | | | | | | | Don't use cpu_to_be32 outside of a function. In file included from /omcproxy-2017-02-14-1fe6f48f/src/omcproxy.h:51:0, from omcproxy-2017-02-14-1fe6f48f/src/mrib.c:39: omcproxy-2017-02-14-1fe6f48f/src/mrib.c:57:34: error: braced-group within expression allowed only inside a function static uint32_t ipv4_rtr_alert = cpu_to_be32(0x94040000); ^ cc1: warning: unrecognized command line option '-Wno-gnu' Ref: https://downloads.openwrt.org/releases/faillogs-18.06/arm_cortex-a9_vfpv3/base/omcproxy/compile.txt Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> [more verbose commit message] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit cb4d00d1841ef6269114f2bd3880800dbdfba3b1)
* scripts: ipkg-make-index.sh: dereference symbolic linksJo-Philipp Wich2019-07-221-1/+1
| | | | | | | | | | | | | | | | Use `stat -L` instead of `ls -l` to follow symbolic links when obtaining the file size of .ipk archives. Without this change, the size of the symlink, not the size of the target file is encoded in the package index file. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit ece5cab743f9df6c9655d6117e92fda110292173) Fixes: e6af9c017b0c ("opkg: bump to version 2019-06-14") [ rmilecki: this has to be backported due to the recent opkg update and cb6640381808 ("libopkg: check for file size mismatches") to fix false "opkg_install_pkg: Package size mismatch" errors ] Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport fixes from kernel 5.4Rafał Miłecki2019-07-2211-2/+519
| | | | | | | | | This fixes: 1) Crash during USB disconnect 2) Crash in brcmf_txfinalize() on rmmod with packets queued 3) Some errors in exit path Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* busybox: strip off ALTERNATIVES specYousong Zhou2019-07-121-14/+2
| | | | | | | | Now that busybox is a known alternatives provider by opkg, we remove the ALTERNATIVES spec and add a note to make the implicit situation clear Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (cherry-picked from 62be427067ee3883b68bcfb08dfc0c43dce22fa3)
* opkg: bump to version 2019-06-14Yousong Zhou2019-07-121-3/+3
| | | | | | | | | | | | | | | Changelog dcbc142 alternatives: remove duplicate 'const' specifier 21b7bd7 alternatives: special-case busybox as alternatives provider d4ba162 libopkg: only perform size check when information is available cb66403 libopkg: check for file size mismatches Opkg starting from this version special-cases busybox as alternatives provider. There should be no need to add entries to ALTERNATIVES of busybox package Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* base-files: Fix path check in get_mac_binaryAdrian Schmutzler2019-07-091-1/+1
| | | | | | | | | | Logic was inverted when changing from string check to file check. Fix it. Fixes: 8592602d0a88 ("base-files: Really check path in get_mac_binary") Reported-by: Matthias Schiffer <mschiffer@universe-factory.net> Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 6ed3349308b24a6bac753643970a1f9f56ff6070)
* kernel: bump 4.14 to 4.14.132Koen Vandeputte2019-07-095-9/+9
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* base-files: Really check path in get_mac_binaryAdrian Schmutzler2019-07-051-1/+1
| | | | | | | | Currently, path argument is only checked for being not empty. This changes behavior to actually check whether path exists. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* wireguard: bump to 0.0.20190601Jason A. Donenfeld2019-07-011-2/+2
| | | | | | | | | | | | | | | There was an issue with the backport compat layer in yesterday's snapshot, causing issues on certain (mostly Atom) Intel chips on kernels older than 4.2, due to the use of xgetbv without checking cpu flags for xsave support. This manifested itself simply at module load time. Indeed it's somewhat tricky to support 33 different kernel versions (3.10+), plus weird distro frankenkernels. If OpenWRT doesn't support < 4.2, you probably don't need to apply this. But it also can't hurt, and probably best to stay updated. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (cherry picked from commit 593b487538079f2a22300f3f22ffb21b20da36a0)
* ramips: fix mt7620 pinmux for second SPIMathias Kresin2019-07-012-4/+4
| | | | | | | | | | | | The mt7620 doesn't have a pinmux group named spi_cs1. The cs1 is part of the "spi refclk" group. The function "spi refclk" enables the second chip select. On reset, the pins of the "spi refclk" group are used as reference clock and GPIO. Signed-off-by: Mathias Kresin <dev@kresin.me> (cherry picked from commit 3601c3de23f15e2735adc4becdca14c803b6b1a5)
* OpenWrt v18.06.4: revert to branch defaultsJo-Philipp Wich2019-06-305-11/+9
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* OpenWrt v18.06.4: adjust config defaultsv18.06.4Jo-Philipp Wich2019-06-305-9/+11
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uqmi: bump to latest git HEADKoen Vandeputte2019-06-271-4/+4
| | | | | | | | 1965c7139374 uqmi: add explicit check for message type when expecting a response 01944dd7089b uqmi_add_command: fixed command argument assignment Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit 47986dc6ea1d643cd348501da09cd2e3ee2f9ee1)
* uqmi: inherit firewall zone membership to virtual sub interfacesJo-Philipp Wich2019-06-272-0/+20
| | | | | | | | | | Fix an issue where subinterfaces were not added to the same firewall zone as their parent. Fixes: FS#2122 Signed-off-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit 64bb88841fbc2d9a9dfee12775a18e5dc89ac16e)
* uqmi: fix PIN_STATUS_FAILED error with MC7455 WCDMA/LTE modemDaniel Golle2019-06-272-2/+2
| | | | | | | | | | | | Apparently this modem replies differently to attempted --get-pin-status which makes the script fail if a pincode is set. Fix this. Manufacturer: Sierra Wireless, Incorporated Model: MC7455 Revision: SWI9X30C_02.24.05.06 r7040 CARMD-EV-FRMWR2 2017/05/19 06:23:09 Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 0b373bf4d6a1a7a53e06946972ebb812b4cc2f0f)
* kernel: bump 4.14 to 4.14.131Koen Vandeputte2019-06-271-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.184Koen Vandeputte2019-06-271-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.130Koen Vandeputte2019-06-258-12/+12
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.129Koen Vandeputte2019-06-244-7/+7
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.183Koen Vandeputte2019-06-2410-61/+16
| | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 010-revert-staging-vc04_services-prevent-integer-overflow-in-create_pagelist.patch Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* OpenWrt v18.06.3: revert to branch defaultsJo-Philipp Wich2019-06-215-11/+9
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* OpenWrt v18.06.3: adjust config defaultsv18.06.3Jo-Philipp Wich2019-06-215-9/+11
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* fstools: block-mount: fix restart of fstab serviceKarel Kočí2019-06-212-1/+5
| | | | | | | | | | | | | | | | Restarting service causes file-systems to be unmounted without being mounted back. When this service was obsoleted it should have been implemented in a way that all actions are ignored. Up to this commit default handler was called when restart was requested. This default handler just simply calls stop and start. That means that stop called unmount but start just printed that this service is obsoleted. This instead implements restart that just prints same message like start does. It just calls start in reality. This makes restart unavailable for call. Signed-off-by: Karel Kočí <karel.koci@nic.cz> (cherry picked from commit 3ead9e7b743b1fbd3b07f5a72a16999abbec9347)
* fstools: update to the latest master branchPetr Štetiar2019-06-211-3/+3
| | | | | | | | ff1ded6 libfstools: Fix overflow of F2FS_MINSIZE constant bc2c876 libfstools: Print error in case of loop blkdev failure Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 1e55171a1213472e180e9320d8b1d08621d2b8d5)
* fstools: media change detection (eg:sdcard) using kernel pollingMatthias Badaire2019-06-212-1/+10
| | | | | | | | | | | | | | | | | | | | | Linux kernel has a polling mechanism that can be activated by changing the parameter /sys/module/block/parameters/events_dfl_poll_msecs which is deactivated by default or the /sys/block/[device]/events_poll_msecs for one device. This patch set the events_poll_msecs when a disk is inserted. Once the media disk change event is sent by the kernel then we force a re-read of the devices using /sbin/block info. With this patch, insertion and ejection of sd card will automatically generate partition devices in /dev. Signed-off-by: Matthias Badaire <mbadaire@gmail.com> [rewrap commit message, fix bashisms, fix non-matching condition, bump pkg release] Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit cf8483cb4ffc99bf3f512bb134860ccc8c099abe)
* hostapd: fix multiple security problemsHauke Mehrtens2019-06-2119-1/+2352
| | | | | | | | | | | | | | | | This fixes the following security problems: * CVE-2019-9494: cache attack against SAE * CVE-2019-9495: cache attack against EAP-pwd * CVE-2019-9496: SAE confirm missing state validation in hostapd/AP * CVE-2019-9497: EAP-pwd server not checking for reflection attack) * CVE-2019-9498: EAP-pwd server missing commit validation for scalar/element * CVE-2019-9499: EAP-pwd peer missing commit validation for scalar/element * CVE-2019-11555: EAP-pwd message reassembly issue with unexpected fragment Most of these problems are not relevant for normal users, SAE is only used in ieee80211s mesh mode and EAP-pwd is normally not activated. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* brcm2708: Revert "staging: vc04_services: prevent integer overflow in ↵Matthias Schiffer2019-06-203-3/+48
| | | | | | | | | | | create_pagelist()" The bump to 4.9.181 broke build for bcm2708 and bcm2709. Revert the offending patch. The same revert is also queued for the next upstream 4.9.y release. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* gemini: 4.14: Fix up DNS-313 compatible stringLinus Walleij2019-06-201-1/+1
| | | | | | | | | It's a simple typo in the DNS file, which was pretty serious. No scripts were working properly. Fix it up. Signed-off-by: Linus Walleij <linus.walleij@linaro.org> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [integrate into openwrt target]
* base-files: fix uci led oneshot/timer triggerRobinson Wu2019-06-201-0/+1
| | | | | | | | | | | | | | | This patch adds a missing type property which prevented the creation of oneshot and timer led triggers when they are specified in the /etc/board.d/01_leds files. i.e.: ucidef_set_led_timer "system" "system" "zhuotk:green:system" "1000" "1000" Fixes: b06a286a4861 ("base-files: cleanup led functions in uci-defaults.sh") Signed-off-by: Robinson Wu <wurobinson@qq.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [also fix oneshot as well]
* kernel: bump 4.14 to 4.14.128Koen Vandeputte2019-06-206-11/+11
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.127Koen Vandeputte2019-06-183-5/+5
| | | | | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-11479 - CVE-2019-11478 - CVE-2019-11477 Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.182Koen Vandeputte2019-06-188-14/+14
| | | | | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-11479 - CVE-2019-11478 - CVE-2019-11477 Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* Revert "ipq806x: fix EA8500 switch control"Petr Štetiar2019-06-181-18/+4
| | | | | | | | | | | | | | | There is a problem with the EA8500, the switch will not work after soft reboot, the only way to get it working again is to power cycle it manually. There are probably several issues in the play, it's quite hard to fix it without having access to the actual device, so I don't see any other option now, then revert the offending commit. Ref: PR#2047 Fixes: FS#2168 ("Switch no longer work after restart on Linksys EA8500") Reported-by: Adam <424778940z@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: bump 4.14 to 4.14.126Koen Vandeputte2019-06-182-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>