aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* OpenWrt v19.07.10: adjust config defaultsv19.07.10Hauke Mehrtens2022-04-175-10/+12
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wolfssl: bump to 5.2.0Eneas U de Queiroz2022-04-164-11/+9
| | | | | | | | | | | | | | | | | | | Fixes two high-severity vulnerabilities: - CVE-2022-25640: A TLS v1.3 server who requires mutual authentication can be bypassed. If a malicious client does not send the certificate_verify message a client can connect without presenting a certificate even if the server requires one. - CVE-2022-25638: A TLS v1.3 client attempting to authenticate a TLS v1.3 server can have its certificate heck bypassed. If the sig_algo in the certificate_verify message is different than the certificate message checking may be bypassed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> [ABI version change] (cherry picked from commit e89f3e85eb1c1d81294e5d430a91b0ba625e2ec0) (cherry picked from commit 2393b09b5906014047a14a79c03292429afcf408)
* mac80211: Update to version 4.19.237-1Hauke Mehrtens2022-04-115-13/+13
| | | | | | | | | | This updates mac80211 to version 4.19.237-1 which is based on kernel 4.19.237. This new release contains many fixes which were merged into the upstream Linux kernel. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: generic: add missing symbol for arm64 spectre mitigationPetr Štetiar2022-04-061-0/+1
| | | | | | | | | | | | | Upstream in commit 3e3904125fcc ("arm64: Mitigate spectre style branch history side channels") introduced new config symbol MITIGATE_SPECTRE_BRANCH_HISTORY which I missed in commit d39a6c67dcb4 ("kernel: bump 4.14 to 4.14.275") and buildworkers for arm64 targets started complaining: Mitigate Spectre style attacks against branch history (MITIGATE_SPECTRE_BRANCH_HISTORY) [Y/n/?] (NEW) aborted! Fixes: d39a6c67dcb4 ("kernel: bump 4.14 to 4.14.275") Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: generic: reorder kernel config optionsPetr Štetiar2022-04-061-3/+3
| | | | | | So it's sorted and tidy. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* imagebuilder: fix broken image generation with external targetsPetr Štetiar2022-04-051-1/+1
| | | | | | | | | | | | | When using external targets there is a symlink being created for the target under target/linux which then becomes dangling under Image Builder. Fix it by dereferencing the possible symlink. Tested on IB with external target, ipq40xx and mvebu. Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 621f39d1f438bf95dbae667c575926fa16a6d797) (cherry picked from commit ec9af870f3278f75549836b469baefa260e2ed41) (cherry picked from commit 3008f1f441a41e162311cee1ccadfdaaec1581c1)
* kernel: bump 4.14 to 4.14.275Petr Štetiar2022-04-054-10/+10
| | | | | | | | All patches refreshed automagically without conflicts. Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* patchelf: backport fix for rpath endiannessPetr Štetiar2022-03-311-0/+41
| | | | | | | | | | | | | | | | | | | | | | | | | This is backport of upstream fix introduced in commit e88d83c8b4e4 ("patchelf: Check ELF endianness before writing new runpath") which fixes broken rpath handling on big endian systems: $ patchelf --set-rpath '/opt/foo/bar' lxc4-start $ readelf -d lxc4-start ... 0x1d000000 (<unknown>: 1d000000) 0x72f ... Expected output, having following patch applied is: $ readelf -d lxc4-start ... 0x0000001d (RUNPATH) Library runpath: [/opt/foo/bar] ... Build and runtime tested on mvebu/turris-omnia, ipq40xx/glinet-b1300 and external target xrx500/nec-wx3000hp (MIPS BE). Signed-off-by: Matthias Van Gestel <matthias.vangestel_ext@softathome.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: bump 4.14 to 4.14.274Petr Štetiar2022-03-283-4/+4
| | | | | | | | All patches refreshed automagically without conflicts. Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ath79: fix link for long cables with OCEDO RaccoonDavid Bauer2022-03-271-1/+12
| | | | | | | | | | The OCEDO Raccoon had significant packet-loss with cables longer than 50 meter. Disabling EEE restores normal operation. Also change the ethernet config to reduce loss on sub-1G links. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 4551bfd91f31be5987727c77e58333fa06ba3acd)
* kernel: bump 4.14 to 4.14.273Petr Štetiar2022-03-245-8/+8
| | | | | | | | All patches refreshed automagically without conflicts. Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* zlib: backport security fix for a reproducible crash in compressorPetr Štetiar2022-03-244-2/+688
| | | | | | | | | | | | | | | | | | | Tavis has just reported, that he was recently trying to track down a reproducible crash in a compressor. Believe it or not, it really was a bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs. Tavis has reported it upstream, but it turns out the issue has been public since 2018, but the patch never made it into a release. As far as he knows, nobody ever assigned it a CVE. Runtime tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia. Suggested-by: Tavis Ormandy <taviso@gmail.com> References: https://www.openwall.com/lists/oss-security/2022/03/24/1 Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit b3aa2909a79aeff20d594160b207a89dc807c033) (cherry picked from commit 3965dda0fa70dc9408f1a2e55a3ddefde78bd50e) (cherry picked from commit f65edc9b990c2bcc10c9e9fca29253adc6fe316d)
* kernel: bump 4.14 to 4.14.272Petr Štetiar2022-03-1724-75/+84
| | | | | | | | | | | | | | | Added new config symbol `HARDEN_BRANCH_HISTORY` in order to harden Spectre style attacks against branch history and fixed rejects in following patches: * generic/hack-4.14/220-gc_sections.patch * generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch Other patches refreshed automagically. Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* openssl: bump to 1.1.1nMartin Schiller2022-03-161-2/+2
| | | | | | | | | | | | | | This is a bugfix release. Changelog: *) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever for non-prime moduli. (CVE-2022-0778) *) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489) to the list of ciphersuites providing Perfect Forward Secrecy as required by SECLEVEL >= 3. Signed-off-by: Martin Schiller <ms@dev.tdt.de> (cherry picked from commit e17c6ee62770005e398364ee5d955c9a8ab6f016)
* base-files: call "sync" after initial setupRafał Miłecki2022-03-151-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | OpenWrt uses a lot of (b)ash scripts for initial setup. This isn't the best solution as they almost never consider syncing files / data. Still this is what we have and we need to try living with it. Without proper syncing OpenWrt can easily get into an inconsistent state on power cut. It's because: 1. Actual (flash) inode and data writes are not synchronized 2. Data writeback can take up to 30 seconds (dirty_expire_centisecs) 3. ubifs adds extra 5 seconds (dirty_writeback_centisecs) "delay" Some possible cases (examples) for new files: 1. Power cut during 5 seconds after write() can result in all data loss 2. Power cut happening between 5 and 35 seconds after write() can result in empty file (inode flushed after 5 seconds, data flush queued) Above affects e.g. uci-defaults. After executing some migration script it may get deleted (whited out) without generated data getting actually written. Power cut will result in missing data and deleted file. There are three ways of dealing with that: 1. Rewriting all user-space init to proper C with syncs 2. Trying bash hacks (like creating tmp files & moving them) 3. Adding sync and hoping for no power cut during critical section This change introduces the last solution that is the simplest. It reduces time during which things may go wrong from ~35 seconds to probably less than a second. Of course it applies only to IO operations performed before /etc/init.d/boot . It's probably the stage when the most new files get created. All later changes are usually done using smarter C apps (e.g. busybox or uci) that creates tmp files and uses rename() that is expected to be atomic. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> Acked-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Sergey Ryazanov <ryazanov.s.a@gmail.com> (cherry picked from commit 9851d4b6ce6e89d164a04803817625a9041b060a)
* kernel: bump 4.14 to 4.14.269Hauke Mehrtens2022-03-068-18/+18
| | | | | | | | | All patches refreshed automagically without conflicts. Compile-tested: lantiq/xrx200, armvirt/64 Run-tested: lantiq/xrx200, armvirt/64 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* imagebuilder: fix partition signatureMatthew Gyurgyik2022-02-271-0/+2
| | | | | | | | | | When building images with the imagebuilder, the partition signature never changes. The signature is generated by hashing SOURCE_DATE_EPOCH and LINUX_VERMAGIC which are undefined. Prepopulate these variables, as done by the SDK. Signed-off-by: Matthew Gyurgyik <matthew@gyurgyik.io> (cherry picked from commit aab36200e7eb539afb18df74476132f4750a9f0b)
* wolfssl: fix API breakage of SSL_get_verify_resultPetr Štetiar2022-02-222-1/+27
| | | | | | | | | | | | | | | | | | | | Backport fix for API breakage of SSL_get_verify_result() introduced in v5.1.1-stable. In v4.8.1-stable SSL_get_verify_result() used to return X509_V_OK when used on LE powered sites or other sites utilizing relaxed/alternative cert chain validation feature. After an update to v5.1.1-stable that API calls started returning X509_V_ERR_INVALID_CA error and thus rendered all such connection attempts imposible: $ docker run -it openwrt/rootfs:x86_64-21.02.2 sh -c "wget https://letsencrypt.org" Downloading 'https://letsencrypt.org' Connecting to 18.159.128.50:443 Connection error: Invalid SSL certificate Fixes: #9283 References: https://github.com/wolfSSL/wolfssl/issues/4879 Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit b9251e3b407592f3114e739231088c3d27663c4c) (cherry picked from commit b99d7aecc83fd180f7a3c3efaae00845e7a73129)
* ubus: backport fixes for UAF and other issuesPetr Štetiar2022-02-211-3/+3
| | | | | | | | | | | | | | | | | | | | | | Backporting following fixes: a72457b61df0 libubus: increase stack depth for processing obj msgs ef038488edc3 libubus: process pending messages in data handler if stack depth is 0 2099bb3ad997 libubus: use list_empty/list_first_entry in ubus_process_pending_msg where at least commit 2099bb3ad997 ("libubus: use list_empty/list_first_entry in ubus_process_pending_msg") fixes UAF issue I've introduced in commit c5f2053dfcfd ("workaround possibly false positive uses of memory after it is freed") while fixing another false positive UAF reported[1] by clang's static analyzer. Those fixes are being used in master/21.02 for about 6 months, so should be tested enough and considered for backporting. I've runtested those fixes on mvebu/turris-omnia and ipq40xx/glinet-b1300 devices. 1. https://openwrt.gitlab.io/-/project/ubus/-/jobs/2096090992/artifacts/build/scan/2022-02-15-150310-70-1/index.html Signed-off-by: Petr Štetiar <ynezz@true.cz>
* wolfssl: bump to 5.1.1-stablePetr Štetiar2022-02-215-8/+86
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is amalgamation of backported changes since 4.7.0-stable release: Sergey V. Lobanov (2): 5b13b0b02c70 wolfssl: update to 5.1.1-stable 7d376e6e528f libs/wolfssl: add SAN (Subject Alternative Name) support Andre Heider (3): 3f8adcb215ed wolfssl: remove --enable-sha512 configure switch 249478ec4850 wolfssl: always build with --enable-reproducible-build 4b212b1306a9 wolfssl: build with WOLFSSL_ALT_CERT_CHAINS Ivan Pavlov (1): 16414718f9ae wolfssl: update to 4.8.1-stable David Bauer (1): f6d8c0cf2b47 wolfssl: always export wc_ecc_set_rng Christian Lamparter (1): 86801bd3d806 wolfssl: fix Ed25519 typo in config prompt The diff of security related changes we would need to backport would be so huge, that there would be a high probability of introducing new vulnerabilities, so it was decided, that bumping to latest stable release is the prefered way for fixing following security issues: * OCSP request/response verification issue. (fixed in 4.8.0) * Incorrectly skips OCSP verification in certain situations CVE-2021-38597 (fixed in 4.8.1) * Issue with incorrectly validating a certificate (fixed in 5.0.0) * Hang with DSA signature creation when a specific q value is used (fixed in 5.0.0) * Client side session resumption issue (fixed in 5.1.0) * Potential for DoS attack on a wolfSSL client CVE-2021-44718 (fixed in 5.1.0) * Non-random IV values in certain situations CVE-2022-23408 (fixed in 5.1.1) Cc: Hauke Mehrtens <hauke@hauke-m.de> Cc: Eneas U de Queiroz <cotequeiroz@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> Acked-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* ar71xx: fix MikroTik wAP detectionThibaut VARÈNE2022-02-191-1/+2
| | | | | | | | MikroTik released a 3rd revision of that board, virtually identical to the previous one as far as software is concerned. Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org> Signed-off-by: Petr Štetiar <ynezz@true.cz> [wixed typo]
* OpenWrt v19.07.9: revert to branch defaultsHauke Mehrtens2022-02-175-12/+10
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* OpenWrt v19.07.9: adjust config defaultsv19.07.9Hauke Mehrtens2022-02-175-10/+12
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.14 to 4.14.267Petr Štetiar2022-02-167-24/+25
| | | | | | | | | | | All patches refreshed automagically without conflicts, but test builds choked on new BPF_UNPRIV_DEFAULT_OFF kernel config symbol introduced in upstream commit e69f08ba23a3 ("bpf: Add kconfig knob for disabling unpriv bpf by default"). Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: bump 4.14 to 4.14.266Hauke Mehrtens2022-02-131-2/+2
| | | | | | | | | All patches refreshed automagically without conflicts. Compile-tested: lantiq/xrx200 Run-tested: lantiq/xrx200 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: Apply SAE/EAP-pwd side-channel attack update 2Hauke Mehrtens2022-02-135-1/+577
| | | | | | | | | This fixes some recent security problems in hostapd. See here for details: https://w1.fi/security/2022-1 * CVE-2022-23303 * CVE-2022-23304 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Update to version 2.16.12Hauke Mehrtens2022-02-131-2/+2
| | | | | | | | | | | | | | | | | | | | | This fixes the following security problems: * Zeroize several intermediate variables used to calculate the expected value when verifying a MAC or AEAD tag. This hardens the library in case the value leaks through a memory disclosure vulnerability. For example, a memory disclosure vulnerability could have allowed a man-in-the-middle to inject fake ciphertext into a DTLS connection. * Fix a double-free that happened after mbedtls_ssl_set_session() or mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED (out of memory). After that, calling mbedtls_ssl_session_free() and mbedtls_ssl_free() would cause an internal session buffer to be free()'d twice. CVE-2021-44732 The sizes of the ipk changed on MIPS 24Kc like this: 182454 libmbedtls12_2.16.11-2_mips_24kc.ipk 182742 libmbedtls12_2.16.12-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 57f38e2c827e3be71d8b1709073e366afe011985)
* mbedtls: update to 2.16.11Rosen Penev2022-02-131-2/+2
| | | | | | | | | | Switched to AUTORELEASE to avoid manual increments. Release notes: https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11 Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit fcfd741eb83520e496eb09de5f8b2f2b62792a80)
* tcpdump: libpcap: Remove http://www.us.tcpdump.org mirrorHauke Mehrtens2022-02-132-4/+2
| | | | | | | | | | | | The http://www.us.tcpdump.org mirror will go offline soon, only use the normal download URL. Reported-by: Denis Ovsienko <denis@ovsienko.info> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 18bdfc803bef00fad03f90b73b6e65c3c79cb397) Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> [rebased for OpenWrt 21.02 branch] (cherry picked from commit 4dddb7ca3669e93d4da2b1ca43b8bc22bd007e48)
* tcpdump: Fix CVE-2018-16301Hauke Mehrtens2022-02-132-1/+102
| | | | | | | | | | | | | This fixes the following security problem: The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 8f5875c4e221453932f217a82f8c3092cacba3e5) (cherry picked from commit 59e7ae8d65ab9a9315608a69565f6a4247d3b1ac)
* kernel: bump 4.14 to 4.14.265Petr Štetiar2022-02-106-19/+19
| | | | | | | | All patches refreshed automagically without conflicts. Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* build: store SOURCE_DATE_EPOCH in JSON info filesPaul Spooren2022-02-012-0/+2
| | | | | | | | | | | The source date epoch is the only reproducible date close to the actual build date. It can be used for tooling like the firmware wizard to show the image age. Signed-off-by: Paul Spooren <mail@aparcar.org> (cherry picked from commit 165f0b00cdd2f763c1d478c2f58c535fc19b13bd) [store source_date_epoch as integer] Signed-off-by: Paul Spooren <mail@aparcar.org>
* kernel: bump 4.14 to 4.14.264Petr Štetiar2022-01-3121-84/+84
| | | | | | | | All patches refreshed automagically without conflicts. Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: bump 4.14 to 4.14.262Petr Štetiar2022-01-182-9/+9
| | | | | | | | All patches refreshed automagically without conflicts. Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* openssl: bump to 1.1.1mEneas U de Queiroz2022-01-162-3/+3
| | | | | | | | | | | | | | This is a bugfix release. Changelog: *) Avoid loading of a dynamic engine twice. *) Fixed building on Debian with kfreebsd kernels *) Prioritise DANE TLSA issuer certs over peer certs *) Fixed random API for MacOS prior to 10.12 Patches were refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 5beaa75d94c4a981c580905b84c7ef33caf0c3e2)
* kernel: bump 4.14 to 4.14.261Petr Štetiar2022-01-0622-38/+38
| | | | | | | | All patches refreshed automagically without conflicts. Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* kernel: bump 4.14 to 4.14.259Petr Štetiar2021-12-2947-30/+60
| | | | | | | | | | | | All patches refreshed automagically without conflicts, but upstream in commit 48c2461f28fe ("ARM: 8800/1: use choice for kernel unwinders") added new config options UNWINDER_ARM and UNWINDER_FRAME_POINTER so we need to adjust default configs as well. Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia. Signed-off-by: Petr Štetiar <ynezz@true.cz> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.14 to 4.14.258Petr Štetiar2021-12-1947-389/+99
| | | | | | | | | | | | | | | | | | | | | | | | | | | Rebased patches: * generic: 273-batman-adv-Convert-packet.h-to-uapi-header.patch * ipq806x: 0065-arm-override-compiler-flags.patch * mvebu: 513-arm64-dts-marvell-armada37xx-Add-emmc-sdio-pinctrl-d.patch Removed patches: Fixed upstream: * ar71xx: 821-serial-core-add-support-for-boot-console-with-arbitr.patch * ath79: 921-serial-core-add-support-for-boot-console-with-arbitr.patch - in 4.14.256 via 9112e7ef87149b3d8093e7446d784117f6e18d69 * mvebu: 527-PCI-aardvark-allow-to-specify-link-capability.patch - in 4.14.257 via 62a3dc9b65a2b24800fc4267b8cf590fad135034 * mvebu: 524-PCI-aardvark-set-host-and-device-to-the-same-MAX-payload-size.patch - should be hopefully fixed by the bunch of changes in .256 and .257 Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia. Fixes: CVE-2021-3640 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* mac80211: Update to version 4.19.221Hauke Mehrtens2021-12-1421-104/+55
| | | | | | | | The following patch was backported from upstream before and is not needed any more: package/kernel/mac80211/patches/ath/980-ath10k-fix-max-antenna-gain-unit.patch Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iproute2: m_xt.so depends on dynsyms.listRoman Yeryomin2021-12-141-4/+5
| | | | | | | | | | | | | | | | | | | When doing parallel build on a fast machine with bottleneck in i/o, m_xt.so may start linking faster than dynsyms.list gets populated, resulting in error: ld:dynsyms.list:0: syntax error in dynamic list Fix this by adding dynsyms.list as make dependency to m_xt.so Described also here: https://bugs.openwrt.org/index.php?do=details&task_id=3353 Change from v1: - add dynsysms.list dependancy only when shared libs are enabled Signed-off-by: Roman Yeryomin <roman@advem.lv> Fixes: FS#3353 (cherry-picked from commit edd53df16843a0a6380920ed17b88bfe7d26d71b)
* uboot-lantiq: danube: fix hanging lzma kernel uncompression #2Mathias Kresin2021-11-271-0/+9
| | | | | | | Follow up to commit 8fb714edd6e4340729e271139164a0163b027d68. Managed to hit the very same issue again while playing with the NOR SPL builds. Signed-off-by: Mathias Kresin <dev@kresin.me>
* uboot-lantiq: danube: fix hanging lzma kernel uncompressionMathias Kresin2021-11-141-0/+48
| | | | | | | | | | | | | | | | | | | | | | | At least since gcc 7.3.0 (OpenWrt 18.06) lwr/lwl are used in the assembly of LzmaProps_Decode. While the decission made by the compiler looks perfect fine, it triggers some obscure hang on lantiq danube-s v1.5 with MX29LV640EB NOR flash chips. Only if the offset 1 is used, the hang can be observed. Using any other offset works fine: lwl s0,0(a1) - s0 == 0x6d000080 lwl s0,1(a1) - hangs lwl s0,2(a1) - s0 == 0x0080xxxx lwl s0,3(a1) - s0 == 0x80xxxxxx It isn't clear whether it is a limitation of the flash chip, the EBU or something else. Force 8bit reads to prevent gcc optimizing the read with lwr/lwl instructions. Signed-off-by: Mathias Kresin <dev@kresin.me>
* wireless-regdb: update to version 2021.08.28Christian Lamparter2021-11-071-2/+2
| | | | | | | | | | | | | e983a25 Update regulatory rules for Ecuador (EC) a0bcb88 wireless-regdb: Update regulatory rules for Norway (NO) on 6 and 60 GHz cdf854d wireless-regdb: Update regulatory rules for Germany (DE) on 6GHz 86cba52 wireless-regdb: reduce bandwidth for 5730-5850 and 5850-5895 MHz in US 6fa2384 wireless-regdb: remove PTMP-ONLY from 5850-5895 MHz for US 9839e1e wireless-regdb: recent FCC report and order allows 5850-5895 immediately 42dfaf4 wireless-regdb: update 5725-5850 MHz rule for GB Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit dbb4c47798b17112cb1eed2a309cdefd33b5f193)
* wireless-regdb: update to version 2021.04.21Felix Fietkau2021-11-071-2/+2
| | | | | Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit d76535c45e6e970b212744781431e152e90c1ce6)
* tools/m4: update to 1.4.19Rosen Penev2021-11-073-145/+2
| | | | | | | Remove upstreamed patches. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit fc9682ed3961e098ace708ca1ca41c2239a4e2ee)
* kernel: bump 4.14 to 4.14.254Hauke Mehrtens2021-11-0724-53/+53
| | | | | | | | | All updated automatically. Compile-tested on: malta/le, lantiq/xrx200 Runtime-tested on: malta/le, lantiq/xrx200 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ar71xx: mikrotik: rb91x: fix 10M ethernet link speedKoen Vandeputte2021-10-121-0/+1
| | | | | | | | | | | | | | | Extensive testing on the board showed that ethernet does not work when forced to 10Mbps. Trial-and-error revealed that the correct PLL value should be altered to 0x00001313 (iso 0x00001616) The change is done for this specific board only as I do not have other boards using this specific SoC. The board now works correctly in 1000, 100 and 10 Mode Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* uboot-lantiq: fix sha1.h header clash when system libmd installedAlan Swanson2021-10-021-0/+172
| | | | | | | | | Backport of u-boot commit "includes: move openssl headers to include/u-boot" https://github.com/u-boot/u-boot/commit/2b9912e6a7df7b1f60beb7942bd0e6fa5f9d0167 Fixes: FS#3955 Signed-off-by: Alan Swanson <reiver@improbability.net> (cherry picked from commit 8db641049292035604f0e1fb788608fdea879eca)
* kernel: bump 4.14 to 4.14.248Hauke Mehrtens2021-10-0221-45/+45
| | | | | | | | | All updated automatically. Compile-tested on: lantiq/xrx200, armvirt/64 Runtime-tested on: lantiq/xrx200, armvirt/64 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: Update to backports-4.19.207-1Hauke Mehrtens2021-09-2243-341/+341
| | | | | | | | | | | | | | | | | Refresh all patches. This contains fixes for CVE-2020-3702 1. These patches (ath, ath9k, mac80211) were included in kernel versions since 4.14.245 and 4.19.205. They fix security vulnerability CVE-2020-3702 [1] similar to KrØØk, which was found by ESET [2]. Thank you Josef Schlehofer for reporting this problem. [1] https://nvd.nist.gov/vuln/detail/CVE-2020-3702 [2] https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/ Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>