aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* brcm47xx: cosmetic fix in model detectionPaul Wassi2018-08-131-1/+1
| | | | | | | | In "brcm47xx: rework model detection" the file 01_detect was moved to 01_network, therefore also update the warning message in case everything fails. Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* ath25: Do not build images for ubnt2 and ubnt5Hauke Mehrtens2018-08-121-2/+2
| | | | | | | | The flash size of the ubnt2 and ubnt5 is limited and the images with LuCI are getting too big for these boards. Do not build images for these boards to make the complete build of this target not fail anymore. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* at91: do not build image for at91-q5xr5Hauke Mehrtens2018-08-121-1/+1
| | | | | | | | The kernel image of the at91-q5xr5 is getting too bing now and this is breaking the build. Remove the image for the at91-q5xr5 from the build to at least build images for the other devices. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uci: bump to source date 2018-08-11Yousong Zhou2018-08-111-3/+3
| | | | | | | Fixes segfault when parsing malformed delta lines Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (cherry picked from commit 3493c1cf41ecaa2f87394059a26578f723109a15)
* mwlwifi: update to version 10.3.8.0-20180615Kabuli Chana2018-08-111-4/+13
| | | | | | | | fix mcs rate for HT support 88W8997 protect rxringdone Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
* tools: findutils: fix compilation with glibc 2.28Luis Araneda2018-08-101-0/+104
| | | | | | | Add a temporary workaround to compile with glibc 2.28 as some constants were removed and others made private Signed-off-by: Luis Araneda <luaraneda@gmail.com>
* tools: m4: fix compilation with glibc 2.28Luis Araneda2018-08-101-0/+118
| | | | | | | Add a temporary workaround to compile with glibc 2.28 as some constants were removed and others made private Signed-off-by: Luis Araneda <luaraneda@gmail.com>
* kernel: bump 4.14 to 4.14.62Koen Vandeputte2018-08-103-10/+5
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx, imx6, x86_64 Runtime-tested on: cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.119Koen Vandeputte2018-08-105-109/+18
| | | | | | | | | | | | Refreshed all patches. Delete upstreamed patch: - 100-tcp-add-tcp_ooo_try_coalesce-helper.patch Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* wpa_supplicant: fix CVE-2018-14526John Crispin2018-08-101-0/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unauthenticated EAPOL-Key decryption in wpa_supplicant Published: August 8, 2018 Identifiers: - CVE-2018-14526 Latest version available from: https://w1.fi/security/2018-1/ Vulnerability A vulnerability was found in how wpa_supplicant processes EAPOL-Key frames. It is possible for an attacker to modify the frame in a way that makes wpa_supplicant decrypt the Key Data field without requiring a valid MIC value in the frame, i.e., without the frame being authenticated. This has a potential issue in the case where WPA2/RSN style of EAPOL-Key construction is used with TKIP negotiated as the pairwise cipher. It should be noted that WPA2 is not supposed to be used with TKIP as the pairwise cipher. Instead, CCMP is expected to be used and with that pairwise cipher, this vulnerability is not applicable in practice. When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data field is encrypted using RC4. This vulnerability allows unauthenticated EAPOL-Key frames to be processed and due to the RC4 design, this makes it possible for an attacker to modify the plaintext version of the Key Data field with bitwise XOR operations without knowing the contents. This can be used to cause a denial of service attack by modifying GTK/IGTK on the station (without the attacker learning any of the keys) which would prevent the station from accepting received group-addressed frames. Furthermore, this might be abused by making wpa_supplicant act as a decryption oracle to try to recover some of the Key Data payload (GTK/IGTK) to get knowledge of the group encryption keys. Full recovery of the group encryption keys requires multiple attempts (128 connection attempts per octet) and each attempt results in disconnection due to a failure to complete the 4-way handshake. These failures can result in the AP/network getting disabled temporarily or even permanently (requiring user action to re-enable) which may make it impractical to perform the attack to recover the keys before the AP has already changes the group keys. By default, wpa_supplicant is enforcing at minimum a ten second wait time between each failed connection attempt, i.e., over 20 minutes waiting to recover each octet while hostapd AP implementation uses 10 minute default for GTK rekeying when using TKIP. With such timing behavior, practical attack would need large number of impacted stations to be trying to connect to the same AP to be able to recover sufficient information from the GTK to be able to determine the key before it gets changed. Vulnerable versions/configurations All wpa_supplicant versions. Acknowledgments Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU Leuven for discovering and reporting this issue. Possible mitigation steps - Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This can be done also on the AP side. - Merge the following commits to wpa_supplicant and rebuild: WPA: Ignore unauthenticated encrypted EAPOL-Key data This patch is available from https://w1.fi/security/2018-1/ - Update to wpa_supplicant v2.7 or newer, once available Signed-off-by: John Crispin <john@phrozen.org> (cherry picked from commit 1961948585e008ad0095d7074784893229b00d06)
* Revert "libevent2: Don't build tests and samples"Jo-Philipp Wich2018-08-091-13/+0
| | | | | | | | This reverts commit fe90d14880ad80e5cbc0eba036f8f9f83fa77396. The cherry pick does not apply cleanly to 18.06. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: move e1000e patches to backportsStijn Tintel2018-08-094-0/+0
| | | | | | | They're already in linux.git, so they shouldn't be in pending. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 14b6c725411dfb3e44242bea3b000a1f58b52235)
* kernel: add pending e1000e fixesStijn Tintel2018-08-094-0/+331
| | | | | | | | | | | | | | | | The previous round of fixes for the 82574 chip cause an issue with emulated e1000e devices in VMware ESXi 6.5. It also contains changes that are not strictly necessary. These patches fix the issues introduced in the previous series, revert the unnecessary changes to avoid unforeseen fallout, and avoid a case where interrupts can be missed. The final two patches of this series are already in the kernel, so no need to include them here. Patchwork: https://patchwork.ozlabs.org/cover/881776/ Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit ef025e6417abd608ee398039623ac8a306bb92c5)
* firmware: intel-microcode: bump to 20180703Zoltan HERPAI2018-08-091-6/+6
| | | | | | | | | | | | | | | | | | | | | | | * New upstream microcode data file 20180703 + Updated Microcodes: sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432 sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456 sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360 sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408 sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792 sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408 sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672 sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744 sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432 sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728 + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640 + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for: Sandybridge server, Ivy Bridge server, Haswell server, Skylake server, Broadwell server, a few HEDT Core i7/i9 models that are actually gimped server dies. Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* curl: Fix CVE-2018-0500Hauke Mehrtens2018-08-082-1/+33
| | | | | | | | This backports a fix for: * CVE-2018-0500 SMTP send heap buffer overflow See here for details: https://curl.haxx.se/docs/adv_2018-70a2.html Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ustream-ssl: update to version 2018-05-22Hauke Mehrtens2018-08-081-4/+4
| | | | | | | 5322f9d mbedtls: Fix setting allowed cipher suites e8a1469 mbedtls: Add support for a session cache Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Update to 2.12.0Hauke Mehrtens2018-08-087-33/+123
| | | | | | | | | | | | | | | | | | | Multiple security fixes * CVE-2018-0497 Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel * CVE-2018-0498 Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel Disable OFB block mode and XTS block cipher mode, added in 2.11.0. Disable Chacha20 and Poly1305 cryptographic primitives, added in 2.12.0 Patch the so version back to the original one, the API changes are looking no so invasive. The size of mbedtls increased a little bit: ipkg for mips_24kc before: 163.967 Bytes ipkg for mips_24kc after: 164.753 Bytes Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Activate the session cacheHauke Mehrtens2018-08-081-9/+0
| | | | | | | | | | | | | | This make sit possible to store informations about a session and reuse it later. When used by a server it increases the time to create a new TLS session from about 1 second to less than 0.1 seconds. The size of the ipkg file increased by about 800 Bytes. ipkg for mips_24kc before: 163.140 Bytes ipkg for mips_24kc after: 163.967 Bytes Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: cleanup config patchDaniel Engberg2018-08-081-40/+32
| | | | | | | Clean up patch, use "//" consistently. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Deactivate platform abstractionHauke Mehrtens2018-08-081-0/+9
| | | | | | | | This makes mbedtls use the POSIX API directly and not use the own abstraction layer. The size of the ipkg decreased by about 100 bytes. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: remove stray 4.4 referencesJo-Philipp Wich2018-08-081-2/+0
| | | | | | | | The 4.4 version hash was accidentally reintroduced while rebasing the master commit, remove it again. Fixes ca3174e4e9 ("kernel: bump 4.9 to 4.9.118") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: backport upstream fix for CVE-2018-5390Jo-Philipp Wich2018-08-081-0/+76
| | | | | | | | | | | Backport an upstream fix for a remotely exploitable TCP denial of service flaw in Linux 4.9+. The fixes are included in Linux 4.14.59 and later but did not yet end up in version 4.9.118. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit fefe1da440eede8dfaa23975c30ae2f6fcac744d)
* kernel: bump 4.14 to 4.14.61Koen Vandeputte2018-08-082-4/+4
| | | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx, imx6, x86_64 Runtime-tested on: cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (backported from commit 7a254aeeb8a9ca7e2846af6ed508f5ec21db350d)
* kernel: bump 4.9 to 4.9.118Koen Vandeputte2018-08-084-18/+19
| | | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (backported from commit f7036a34ace38b701243e9357d7f509f8a66f0b1)
* Revert "kernel: usb: dwc2 DMA alignment fixes"John Crispin2018-08-082-176/+0
| | | | | | | | This reverts commit 1e5bd42d63e508358c703be550590d3ff72dc6e0. this has already treacled down with the latest kernel bump Signed-off-by: John Crispin <john@phrozen.org>
* brcm2708: fix w1 patchJohn Crispin2018-08-081-34/+23
| | | | | | | this is now part of generic Signed-off-by: John Crispin <john@phrozen.org> (cherry picked from commit 5f5d8128815c0624a01e48de25bd5cf1b6ab23ef)
* base-files: drop fwtool_pre_upgradeJohn Crispin2018-08-082-7/+0
| | | | | | | | this feature has never worked, the fw image name was not passed and the -t parameter was missing in the tool invocation. drop the feature. Signed-off-by: John Crispin <john@phrozen.org> (cherry picked from commit 5e1b4c57ded7898be5255aef594fa18ec206f0b2)
* libevent2: Don't build tests and samplesEneas U de Queiroz2018-08-081-0/+13
| | | | | | | | | | | | The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. This reduces build time significantly. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> (cherry picked from commit 26dbf79f4905e6b5ba5aafdc2271c3a864dd1924)
* kernel: generic: fix problem with w1-gpio-customPawel Dembicki2018-08-082-0/+86
| | | | | | | | | | | In boards with fdt is impossible to use kmod-w1-gpio-custom. w1-gpio-custom create platform structure for w1-gpio module, but if board use fdt, data is ignored in w1-gpio probe. This workaround fix the problem. Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com> (cherry picked from commit aa5838adb7be733c427e63bb6cc702f9a533292d)
* wwan: Fix teardown for sierra_net driverMasashi Honma2018-08-081-1/+1
| | | | | | | | The sierra_net driver is using proto_directip_setup for setup. So use proto_directip_teardown for teardown. Signed-off-by: Masashi Honma <masashi.honma@gmail.com> (cherry picked from commit d05967baecca33774ab95d4ffabbcb4cc9d0a1bf)
* kernel: leds-apu2 remove boardname checkLukas Mrtvy2018-08-081-12/+0
| | | | | | | | 'In different versions of coreboot are different names of apu boardname. No need to check boardname to load module.' Signed-off-by: Lukas Mrtvy <lukas.mrtvy@gmail.com> (cherry picked from commit f21bcb4db8a12cef62e5698f0f711db8dde99db8)
* dropbear: close all active clients on shutdownChristian Schoenebeck2018-08-081-0/+5
| | | | | | | | | | | | | | | | | | | | | | Override the default shutdown action (stop) and close all processes of dropbear Since commit 498fe85, the stop action only closes the process that's listening for new connections, maintaining the ones with existing clients. This poses a problem when restarting or shutting-down a device, because the connections with existing SSH clients, like OpenSSH, are not properly closed, causing them to hang. This situation can be avoided by closing all dropbear processes when shutting-down the system, which closes properly the connections with current clients. Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> [Luis: Rework commit message] Signed-off-by: Luis Araneda <luaraneda@gmail.com> (cherry picked from commit 1e177844bc814d3846312c91cd0f7a54df4f32b9)
* kernel: gpio-nct5104d remove boardname checkLukáš Mrtvý2018-08-081-5/+0
| | | | | | | | 'In different versions of coreboot are different names of apu boardname. No need to check boardname to load module.' Signed-off-by: Lukáš Mrtvý <lukas.mrtvy@gmail.com> (cherry picked from commit d3b8e6b2a77de8b3d5724534714ecdfd8fa6d50c)
* build: README punctuation pendantryKevin Darbyshire-Bryant2018-08-081-2/+2
| | | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 79b38047b9962846912195b963230653c35900a1)
* build: Update README & github helpKevin Darbyshire-Bryant2018-08-082-17/+22
| | | | | | | | | Update README to include Openwrt branding and improve wording. Point at the Openwrt wiki in .github templates. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 5781fc6b3f4fade6229390c364c7d7cca514ec76)
* basefiles: Reword sysupgrade messageKevin Darbyshire-Bryant2018-08-081-1/+1
| | | | | | | sysupgrade 'upgrade' message more verbose than needs be. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit edf338f248a270f5fd85edc04775ec5ed6d46bca)
* linux: update license tag to use correct SPDX tagFlorian Eckert2018-08-081-1/+1
| | | | | | | Use SPDX tag. Signed-off-by: Florian Eckert <fe@dev.tdt.de> (cherry picked from commit c79ef6fbe39b0626214542a0de141da092be193c)
* kernel: usb: dwc2 DMA alignment fixesAntti Seppälä2018-08-082-0/+176
| | | | | | | | | | | Add two patches submitted for upstream review that significantly improve the dwc2 driver on openwrt from kernel stability and performance perspectives. Fixes: FS#1367 Signed-off-by: Antti Seppälä <a.seppala@gmail.com> (cherry picked from commit 9f451ec698ede068e911821473cbe94f50a2977c)
* firmware: amd64-microcode: update to 20180524Zoltan HERPAI2018-08-081-2/+2
| | | | | | | | | | | | | | * New microcode update packages from AMD upstream: + New Microcodes: sig 0x00800f12, patch id 0x08001227, 2018-02-09 + Updated Microcodes: sig 0x00600f12, patch id 0x0600063e, 2018-02-07 sig 0x00600f20, patch id 0x06000852, 2018-02-06 * Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support, plus other unspecified fixes/updates. Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu> (cherry picked from commit 10e393262caeba1e9cbdcc937d20fe15ad5f448a)
* kernel: remove linux 4.4 supportKoen Vandeputte2018-08-08270-42111/+1
| | | | | | No targets are using it anymore Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: remove linux 3.18 supportKoen Vandeputte2018-08-08260-41440/+1
| | | | | | No targets are using it anymore Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* libubox: fix mirror hashJo-Philipp Wich2018-08-071-1/+1
| | | | | | | | | | | | Correct the mirror hash to reflect whats on the download server. A locally produced libubox SCM tarball was also verified to yield an identical checksum compared to the one currently on the download server. Fixes FS#1707. Fixes 5dc32620c4 ("libubox: update to latest git HEAD") Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 432eaa940fee0b8023bee122da4cb08f3216209f)
* netifd: update to latest git HEADJohn Crispin2018-08-061-3/+3
| | | | | | | | | | | | | | | | | | | | | | | a0a1e52 fix compile error 75ee790 interface-ip: fix eui64 ifaceid generation (FS#1668) ca97097 netifd: make sure the vlan ifname fits into the buffer b8c1bca iprule: remove bogus assert calls a2f952d iprule: fix broken in_dev/out_dev checks 263631a vlan: use alloca to get rid of IFNAMSIZE in vlan_dev_set_name() 291ccbb ubus: display correct prefix size for IPv6 prefix address 908a9f4 CMakeLists.txt: add -Wimplicit-fallthrough to the compiler flags b06b011 proto-shell.c: add a explicit "fall through" comment to make the compiler happy 60293a7 replace fall throughs in switch/cases where possible with simple code changes 5cf7975 iprule: rework interface based rules to handle dynamic interfaces 57f87ad Introduce new interface event "create" (IFEV_CREATE) 03785fb system-linux: fix build error on older kernels d1251e1 system-linux: adjust bridge isolate mode for upstream attribute naming e9eff34 system-linux: extend link mode speed definitions c1f6a82 system-linux: add autoneg and link-partner output Signed-off-by: John Crispin <john@phrozen.org> (cherry picked from commit 3c4eeb5d21073dea5a021012f9e65ce95f81806e) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Revert "mt7620: gsw: make IntPHY and ExtPHY share mdio addr 4 possible"Jo-Philipp Wich2018-08-061-6/+0
| | | | | | | | | | | | | | | | This reverts commit b40316c21a960d332bc9b04ee1791b8aafcf8786. That change causes ramips/mt7620 to fail with: drivers/net/ethernet/mtk/gsw_mt7620.c: In function 'mt7620_hw_init': drivers/net/ethernet/mtk/gsw_mt7620.c:171:14: error: 'mdio_mode' undeclared (first use in this function); did you mean 'd_move'? } else if (!mdio_mode) { ^~~~~~~~~ d_move Back it out for now to restore compilation. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: add missing ARM64_SSBD symbolStijn Tintel2018-08-066-0/+6
| | | | | | | | | | In 4.14.57, a new symbol for Spectre v4 mitigation was introduced for ARM64. Add this symbol to all ARM64 targets using kernel 4.14. This mitigates CVE-2018-3639 on ARM64. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 77e3e706ce0dfe653a28e088bdcf0acddead0091)
* mt7620: gsw: make IntPHY and ExtPHY share mdio addr 4 possibleChen Minqiang2018-08-061-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | To share mdio addr for IntPHY and ExtPHY, as described in the documentation (MT7620_ProgrammingGuide.pdf). (refer: http://download.villagetelco.org/hardware/MT7620/MT7620_ProgrammingGuide.pdf) when port4 setup to work as gmac mode, dts like: &gsw { mediatek,port4 = "gmac"; }; we should set SYSCFG1.GE2_MODE==0x0 (RGMII). but SYSCFG1.GE2_MODE may have been set to 3(RJ-45) by uboot/default so we need to re-set it to 0x0 before this changes: gsw: 4FE + 2GE may not work correctly and MDIO addr 4 cannot be used by ExtPHY after this changes: gsw: 4FE + 2GE works and MDIO addr 4 can be used by ExtPHY Signed-off-by: Chen Minqiang <ptpt52@gmail.com> (cherry picked from commit f6d81e2fa1f110d8025eaa434d67d0014aca1d42)
* ramips: fix gigabit switch PHY access on MDIODaniel Gimpelevich2018-08-061-1/+2
| | | | | | | | | | | When PHY's are defined on the MDIO bus in the DTS, gigabit support was being masked out for no apparent reason, pegging all such ports to 10/100. If gigabit support must be disabled for some reason, there should be a "max-speed" property in the DTS. Reported-by: James McKenzie <openwrt@madingley.org> Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us> (cherry picked from commit 379fe506729a20c5fdb072840cb662b032e90c36)
* kernel: bump 4.14 to 4.14.60 for 18.06Stijn Segers2018-08-0654-660/+164
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refreshed patches. * Patches made redundant by changes upstream: - target/linux/ramips/patches-4.14/0036-mtd-fix-cfi-cmdset-0002-erase-status-check.patch * Patches accepted upstream: - target/linux/apm821xx/patches-4.14/020-0001-crypto-crypto4xx-remove-bad-list_del.patch - target/linux/apm821xx/patches-4.14/020-0011-crypto-crypto4xx-fix-crypto4xx_build_pdr-crypto4xx_b.patch - target/linux/brcm63xx/patches-4.14/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch - target/linux/brcm63xx/patches-4.14/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch - target/linux/generic/backport-4.14/080-net-convert-sock.sk_wmem_alloc-from-atomic_t-to-refc.patch - target/linux/generic/pending-4.14/900-gen_stats-fix-netlink-stats-padding.patch The ext4 regression introduced in 4.14.55 has been fixed by 4.14.60 (commit f547aa20b4f61662ad3e1a2040bb3cc5778f19b0). Fixes the following CVEs: - CVE-2018-10876 - CVE-2018-10877 - CVE-2018-10879 - CVE-2018-10880 - CVE-2018-10881 - CVE-2018-10882 - CVE-2018-10883 Thanks to Stijn Tintel for the CVE list :-). Compile-tested on: ramips/mt7621, x86/64 Run-tested on: ramips/mt7621, x86/64 Signed-off-by: Stijn Segers <foss@volatilesystems.org>
* kernel: bump 4.9 to 4.9.117 for 18.06Stijn Segers2018-08-0650-575/+319
| | | | | | | | | | | | | | | | | | | | | | | * Refreshed patches. * Removed patches: - target/linux/ar71xx/patches-4.9/103-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch superseded by upstream - target/linux/ar71xx/patches-4.9/403-mtd_fix_cfi_cmdset_0002_status_check.patch superseded by upstream - target/linux/brcm63xx/patches-4.9/001-4.11-01-mtd-m25p80-consider-max-message-size-in-m25p80_read.patch accepted upstream - target/linux/brcm63xx/patches-4.9/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch accepted upstream - target/linux/brcm63xx/patches-4.9/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch accepted upstream - target/linux/generic/pending-4.9/900-gen_stats-fix-netlink-stats-padding.patch * New backported patch to address ext4 breakage, introduced in 4.9.112: - backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch Also add ARM64_SSBD symbol to ARM64 targets still running kernel 4.9 Thanks to Koen Vandeputte for pointing out the need to add the ARM64_SSBD symbol, and the ext4 patch. Compile-tested on: ar71xx Run-tested on: ar71xx Signed-off-by: Stijn Segers <foss@volatilesystems.org>
* uclient: update to latest git HEADJo-Philipp Wich2018-08-031-3/+3
| | | | | | | | | | | | | | | f2573da uclient-fetch: use package name pattern in message for missing SSL library 9fd8070 uclient-fetch: Check for nullpointer returned by uclient_get_url_filename f41ff60 uclient-http: basic auth: Handle memory allocation failure a73b23b uclient-http: auth digest: Handle multiple possible memory allocation failures 66fb58d uclient-http: Handle memory allocation failure 2ac991b uclient: Handle memory allocation failure for url 63beea4 uclient-http: Implement error handling for header-sending eb850df uclient-utils: Handle memory allocation failure for url file name ae1c656 uclient-http: Close ustream file handle only if allocated Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit e44162ffca448d024fe023944df702c9d3f6b586)