aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* relayd: bump to version 2020-04-20Kevin Darbyshire-Bryant2020-05-041-3/+3
| | | | | | | | | 796da66 dhcp.c: improve input validation & length checks Addresses CVE-2020-11752 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit be172e663f318ec364c13f795df025bbcce9ac18)
* umdns: update to version 2020-04-25Kevin Darbyshire-Bryant2020-05-041-3/+3
| | | | | | | | | | | | cdac046 dns.c: fix input validation fix Due to a slight foobar typo, failing to de-reference a pointer, previous fix not quite as complete as it should have been. Improve CVE-2020-11750 fix Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 9f7c8ed0786be97eda879e5f6681994e4de53d74)
* umdns: update to version 2020-04-20Kevin Darbyshire-Bryant2020-05-041-4/+4
| | | | | | | | | e74a3f9 dns.c: improve input validation Addresses CVE-2020-11750 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 533da61ac63079f218a9946cd8e347b880c33dc0)
* umdns: update to the version 2020-04-05Kevin Darbyshire-Bryant2020-05-041-4/+4
| | | | | | | | ab7a39a umdns: fix unused error 45c4953 dns: explicitly endian-convert all fields in header and question Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 22ae8bd50ef6d056b25a96ce6c77de0b0d53c1a1)
* umdns: suppress address-of-packed-member warningKevin Darbyshire-Bryant2020-05-041-2/+2
| | | | | | | | | | | | | | | | | | gcc 8 & 9 appear to be more picky with regards access alignment to packed structures, leading to this warning in dns.c: dns.c:261:2: error: converting a packed ‘struct dns_question’ pointer (alignment 1) to a ‘uint16_t’ {aka ‘short unsigned int’} pointer (alignment 2) may result in an unaligned pointer value [-Werror=address-of-packed-member] 261 | uint16_t *swap = (uint16_t *) q; Work around what I think is a false positive by turning the warning off. Not ideal, but not quite as not ideal as build failure. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 02640f014719a994e2e538b2cb6376a189cd39de)
* ramips: remove unnecessary DEVICE_PACKAGES for Belkin F7C027Sungbo Eo2020-04-271-1/+0
| | | | | | | | kmod-usb-dwc2 and kmod-usb-ledtrig-usbport are not target default packages, and Belkin F7C027 does not have a USB port anyway. Just drop it. Signed-off-by: Sungbo Eo <mans0n@gorani.run> (cherry picked from commit 1dedad2a00d8519d4892b8529b5f2fffcb768220)
* oxnas: move service file to correct placeSungbo Eo2020-04-271-0/+0
| | | | | | | | This service file has been misplaced from the very beginning. Fixes: dcc34574efba ("oxnas: bring in new oxnas target") Signed-off-by: Sungbo Eo <mans0n@gorani.run> (cherry picked from commit 01961f163d927d6b44097f48a67bbc5b4c63eaf7)
* kernel: bump 4.14 to 4.14.176Koen Vandeputte2020-04-1628-260/+79
| | | | | | | | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 0001-net-thunderx-workaround-BGX-TX-Underflow-issue.patch - 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch Fixes: - CVE-2020-8647 - CVE-2020-8648 (potentially) - CVE-2020-8649 Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.219Koen Vandeputte2020-04-1619-72/+72
| | | | | | | | | | | | | | | | | Refreshed all patches. Altered patches: - 0026-NET-multi-phy-support.patch Fixes: - CVE-2020-8647 - CVE-2020-8648 (Potentially) - CVE-2020-8649 Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: add missing symbol for Kernel 4.14Koen Vandeputte2020-04-151-0/+1
| | | | | | | | | | | Reported by Buildbot: x86 instruction decoder selftest (X86_DECODER_SELFTEST) [N/y/?] (NEW) aborted! Fixes: 4eba86820fd3 ("kernel: bump 4.14 to 4.14.169") Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> [rebased onto 18.06] Signed-off-by: David Bauer <mail@david-bauer.net>
* ramips: use full 8MB flash on ZyXEL KeeneticAlexey Dobrovolsky2020-04-122-2/+2
| | | | | | | | | | | | | | | | | ZyXEL Keenetic has 8MB flash, but OpenWrt uses only 4MB. This commit fixes the problem. WikiDevi page [1] says that ZyXEL Keenetic has FLA1: 8 MiB, there is an article with specs [2] (in Russian). [1] https://wikidevi.wi-cat.ru/ZyXEL_Keenetic [2] https://3dnews.ru/608774/page-2.html Fixes: FS#2487 Fixes: a7cbf59e0e04 ("ramips: add new device ZyXEL Keenetic as kn") Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com> (cherry picked from commit fea232ae8feb6af780fd4fa78ebe9231778bf75a)
* Revert "ar71xx: use status led for GL.iNet GL-AR750S"Adrian Schmutzler2020-03-261-1/+0
| | | | | | | | This reverts commit c3c6cc95eeadf5230d77d5afabc9a9e0b4887ee5. The GL.iNet GL-AR750S is not supported in 18.06. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ar71xx: use status led for GL.iNet GL-AR750SJan Alexander2020-03-261-0/+1
| | | | | | | | | | | | | Use power led for device status. The status led behavior has already been fixed in af28d8a539fe ("ath79: add support for GL.iNet GL-AR750S") when porting the device to ath79. This fixes it for ar71xx as well. Signed-off-by: Jan Alexander <jan@nalx.net> [minor commit title/message adjustments] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit d394c354ee0e8660f876889f6293803c581cbf85)
* ar71xx: fix port order on TP-Link Archer C60 v1/v2Adrian Schmutzler2020-03-141-6/+2
| | | | | | | | | | The labels on the LAN ports of the TP-Link Archer C60 v1/v2 are actually inverted compared to the ports of the internal switch. Add this information to 02_network. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 14a07fa1f000f962d55bf53cfe9b128448b1f11f)
* ar71xx: remove wrong MAC address adjustment for Archer C60 v2Adrian Schmutzler2020-03-141-2/+1
| | | | | | | | | | | | The adjustment of the MAC address for Archer C60 v2 in 10_fix_wifi_mac is broken since a "mac" partition is not set up for this device on ar71xx. Instead, the MAC address is already patched correctly in 11-ath10k-caldata. Remove the useless adjustment. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit cbdc91902466dd113b9680566abb2eb2f8022dd4)
* ar71xx: fix swapped LAN/WAN MAC address for Archer C60 v1/v2Adrian Schmutzler2020-03-142-5/+5
| | | | | | | | | | | | | | | | | | | | The MAC addresses for lan/wan are swapped compared to the vendor firmware. This adjusts to vendor configuration, which is: lan *:7b label wan *:7c label+1 2.4g *:7b label 5g *:7a label-1 Only one address is stored in <&mac 0x8>, corresponding to the label. This has been checked on revisions v1, v2 and v3. Since ar71xx calculates the ath10k MAC address based on the ethernet addresses, the number there is adjusted, too. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 14eb54938b525d4c2d2847a6fad7670ed944650c)
* ar71xx: ew-dorin, fix the trigger level for WPS buttonopenwrt-18.06Catrinel Catrinescu2020-03-111-1/+1
| | | | | | | | | | Because the WPS button had the wrong trigger level, the failsafe mode was triggered quite often, after this commit: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=27f3f493de Signed-off-by: Catrinel Catrinescu <cc@80211.de> (cherry picked from commit 3e03b7ac4ada4966d058871d0a1f67f1f0f408d4)
* kernel: backport out-of-memory fix for non-Ethernet devicesRafał Miłecki2020-03-111-0/+71
| | | | | | | | Doing up & down on non-Ethernet devices (e.g. monitor mode interface) was consuming memory. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit ec8e8e2ef0826d82b4dfbd567a073b31dc27b764)
* kernel: bump 4.14 to 4.14.172Koen Vandeputte2020-03-0910-15/+15
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.215Koen Vandeputte2020-03-096-24/+24
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* OpenWrt v18.06.8: revert to branch defaultsJo-Philipp Wich2020-02-275-11/+9
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* OpenWrt v18.06.8: adjust config defaultsv18.06.8Jo-Philipp Wich2020-02-275-9/+11
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* libubox: backport blobmsg_check_array() fixJo-Philipp Wich2020-02-272-1/+34
| | | | | | Fixes: FS#2833 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit 955634b473284847e3c8281a6ac85655329d8b06)
* ppp: backport security fixesPetr Štetiar2020-02-264-1/+129
| | | | | | | | | | | 8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP 8d7970b8f3db pppd: Fix bounds check in EAP code 858976b1fc31 radius: Prevent buffer overflow in rc_mksid() Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 215598fd03899c19a9cd26266221269dd5ec8cee) Fixes: CVE-2020-8597 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* Revert "ppp: backport security fixes"Jo-Philipp Wich2020-02-264-129/+1
| | | | | | | | This reverts commit cc78f934a9466a0ef404bb169cc42680c7501d02 since it didn't contain a reference to the CVE it addresses. The next commit will re-add the commit including a CVE reference in its commit message. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: update to latest Git HEADJo-Philipp Wich2020-02-261-3/+3
| | | | | | | 2ee323c file: poke ustream after starting deferred program Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 04069fde19e86af7728111814afadf780bf08018)
* kernel: bump 4.14 to 4.14.171Koen Vandeputte2020-02-2414-32/+27
| | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2013-1798 Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.214Koen Vandeputte2020-02-2410-20/+20
| | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2013-1798 Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ppp: backport security fixesPetr Štetiar2020-02-204-1/+129
| | | | | | | | | 8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP 8d7970b8f3db pppd: Fix bounds check in EAP code 858976b1fc31 radius: Prevent buffer overflow in rc_mksid() Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 215598fd03899c19a9cd26266221269dd5ec8cee)
* hostapd: remove erroneous $(space) redefinitionJo-Philipp Wich2020-02-081-3/+0
| | | | | | | | | | | | | | | | | The $(space) definition in the hostapd Makefile ceased to work with GNU Make 4.3 and later, leading to syntax errors in the generated Kconfig files. Drop the superfluous redefinition and reuse the working $(space) declaration from rules.mk to fix this issue. Fixes: GH#2713 Ref: https://github.com/openwrt/openwrt/pull/2713#issuecomment-583722469 Reported-by: Karel Kočí <cynerd@email.cz> Suggested-by: Jonas Gorski <jonas.gorski@gmail.com> Tested-by: Shaleen Jain <shaleen@jain.sh> Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit 766e778226f5d4c6ec49ce22b101a5dbd4306644)
* kernel: add support for GD25D05 SPI NORKoen Vandeputte2020-02-041-0/+29
| | | | | | | | | | | | | | | | | | | | | | This chip is used on newer RB912UAG-5HPnD r2 boards: Before: [ 0.642553] m25p80 spi0.0: unrecognized JEDEC id bytes: c8, 40, 10 [ 0.649381] NAND flash driver for the RouterBOARD 91x series After: [ 0.641714] m25p80 spi0.0: found gd25d05, expected m25p80 [ 0.649916] m25p80 spi0.0: gd25d05 (64 Kbytes) [ 0.655122] Creating 4 MTD partitions on "spi0.0": [ 0.660164] 0x000000000000-0x00000000c000 : "routerboot" [ 0.667782] 0x00000000c000-0x00000000d000 : "hard_config" [ 0.675073] 0x00000000d000-0x00000000e000 : "bios" [ 0.682613] 0x00000000e000-0x00000000f000 : "soft_config" [ 0.690304] NAND flash driver for the RouterBOARD 91x series Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.169Koen Vandeputte2020-02-04102-369/+330
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-14896 - CVE-2019-14897 Remove upstreamed: - 023-0007-crypto-crypto4xx-Fix-wrong-ppc4xx_trng_probe-ppc4xx_.patch Altered patches: - 102-MIPS-BCM63XX-move-code-touching-the-USB-private-regi.patch - 105-MIPS-BCM63XX-add-support-for-the-on-chip-OHCI-contro.patch - 106-MIPS-BCM63XX-register-OHCI-controller-if-board-enabl.patch - 108-MIPS-BCM63XX-add-support-for-the-on-chip-EHCI-contro.patch - 207-MIPS-BCM63XX-move-device-registration-code-into-its-.patch - 350-MIPS-BCM63XX-support-settings-num-usbh-ports.patch - 356-MIPS-BCM63XX-move-fallback-sprom-support-into-its-ow.patch - 390-MIPS-BCM63XX-do-not-register-SPI-controllers.patch - 391-MIPS-BCM63XX-do-not-register-uart.patch - 392-MIPS-BCM63XX-remove-leds-and-buttons.patch - 416-BCM63XX-add-a-fixup-for-ath9k-devices.patch - 422-BCM63XX-add-a-fixup-for-rt2x00-devices.patch - Compile-tested on: brcm63xx, cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.212Koen Vandeputte2020-02-0412-54/+54
| | | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-14896 - CVE-2019-14897 Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* OpenWrt v18.06.7: revert to branch defaultsJo-Philipp Wich2020-01-295-11/+9
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* OpenWrt v18.06.7: adjust config defaultsv18.06.7Jo-Philipp Wich2020-01-295-9/+11
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* opkg: update to latest Git HEADJo-Philipp Wich2020-01-291-3/+3
| | | | | | | | | 80d161e opkg: Fix -Wformat-overflow warning c09fe20 libopkg: fix skipping of leading whitespace when parsing checksums Fixes: CVE-2020-7982 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit c69c20c6670081d1eaab000734d89de57eb64148)
* libubox: backport security patchesHauke Mehrtens2020-01-2717-1/+1097
| | | | | | | | | | | | | | This backports some security relevant patches from libubox master. These patches should not change the existing API and ABI so that old applications still work like before without any recompilation. Application can now also use more secure APIs. The new more secure interfaces are also available, but not used. OpenWrt master and 19.07 already have these patches by using a more recent libubox version. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* lantiq: ltq-ptm: vr9: fix skb handling in ptm_hard_start_xmit()Martin Schiller2020-01-262-1/+4
| | | | | | | | | | | Call skb_orphan(skb) to call the owner's destructor function and make the skb unowned. This is necessary to prevent sk_wmem_alloc of a socket from overflowing, which leads to ENOBUFS errors on application level. Signed-off-by: Martin Schiller <ms@dev.tdt.de> (cherry picked from commit 996f02e5bafad2815e72821c19d41fb5297e4dad)
* tools/expat: Update to version 2.2.9Josef Schlehofer2020-01-261-2/+2
| | | | | | | | | Fixes two CVEs: - CVE-2019-15903 (Fix heap overflow triggered by XML_GetCurrentLineNumber) - CVE-2018-20843 (Fix extraction of namespace prefixes from XML names) Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit b4af2c689fc8736777940b7bbf009bb1672296ec)
* mbedtls: update to 2.16.4Magnus Kroken2020-01-262-31/+31
| | | | | | | | | | | | | | | | Fixes side channel vulnerabilities in mbed TLS' implementation of ECDSA. Release announcement: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released Security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12 Fixes: * CVE-2019-18222: Side channel attack on ECDSA Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit 6e96fd90471a49185bcfe9dcb4844d444674ecab)
* kernel: bump 4.14 to 4.14.167Koen Vandeputte2020-01-242-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.211Koen Vandeputte2020-01-247-11/+11
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kirkwood: fix HDD LED labels for Zyxel NSA325 in 01_ledsStephan Knauss2020-01-211-2/+2
| | | | | | | | | | Change the LED labels for hdd1/hdd2 in 01_leds to match their counterpart in DTS. Signed-off-by: Stephan Knauss <openwrt@stephans-server.de> [improve commit title and message] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit fbf297be38a93b9ca1119e5aaffecd2299087aa5)
* brcm47xx: fix switch port order for Netgear WN2500RP V1Walter Sonius2020-01-211-0/+5
| | | | | | | | | | | | | | The Netgear WN2500RP V1 switch0 already works for LAN however the port order for the LAN ports is inverted. Correct physical port order watched from the back of the device is: 4 / 3 / 2 / 1 WAN port is absent on this device and therefore removed from switch config. Signed-off-by: Walter Sonius <walterav1984@gmail.com> [move block to maintain alphabetic sorting] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 098cbc68ee23db589ed6f0d081fe26cc385462f2)
* brcm47xx: fix switch port order for Netgear WNR3500 V2Walter Sonius2020-01-211-1/+2
| | | | | | | | | | | | The Netgear WNR3500 V2 switch0 already works for WAN/LAN however the port order for the LAN ports is inverted. Correct physical port order watched from the back of the device is: Internet / 4 / 3 / 2 / 1 this resembles the Linksys E3000 V1. Verfied with imagebuilder edit FILES=/etc/board.d/01_network Signed-off-by: Walter Sonius <walterav1984@gmail.com> (cherry picked from commit cf2f1fc6871da0320afeefaa799af87fc7c0d1db)
* ramips: fix HiWiFi HC5962 switch configurationDENG Qingfang2020-01-211-1/+4
| | | | | | | | HC5962 has only 3 LAN ports, switch port 0 is unused Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn> (backported from commit 68f49df31507454f86b72a5c1e250505176baed7) Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* kernel: bump 4.14 to 4.14.166Koen Vandeputte2020-01-201-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.165Koen Vandeputte2020-01-202-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.210Koen Vandeputte2020-01-204-5/+5
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.164Koen Vandeputte2020-01-2022-104/+104
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-26 20:16:39 +0000