aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* uci: Backport security fixesHauke Mehrtens2020-10-283-1/+156
| | | | | | | This packports two security fixes from master. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit f9005d4f80dee3dcc257d4613cbc46668faad094)
* uboot-envtools: mvebu: fix config for mainline u-bootAndre Heider2020-10-281-1/+8
| | | | | | | | | | | | | Mainline u-boot dynamically passes the mtd partitions via devicetree: $ cat /proc/mtd dev: size erasesize name mtd0: 003f0000 00001000 "firmware" mtd1: 00010000 00001000 "u-boot-env" Add support for this setup. Signed-off-by: Andre Heider <a.heider@gmail.com> (cherry picked from commit 60c9a27cbcc6ba00d75b4b592f507237dbfb460f)
* mvebu: Add bootscript for espressobin to support mainline firmwareAndre Heider2020-10-282-0/+38
| | | | | | | | | | | | | | | | | The generic bootscript is tailored around a downstream firmware and doesn't work on a firmware built from mainline components. Add a bootscript which: * sets $console since mainline u-boot doesn't do that * uses distro boot variables, so OpenWRT can be booted off any supported device when using a mainline firmware * sets missing distro boot variables for the downstream firmware Booting with a downstream firmware is unchanged. Booting with a mainline firmware now works. Signed-off-by: Andre Heider <a.heider@gmail.com> (cherry picked from commit c43b45863e38fb18a486601c1601f1485d649c0b)
* kernel: bump 4.14 to 4.14.202Koen Vandeputte2020-10-212-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* firmware: intel-microcode: update to 20200616Tan Zien2020-10-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | intel-microcode (3.20200616.1) * New upstream microcode datafile 20200616 + Downgraded microcodes (to a previously shipped revision): sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376 * Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3, * This update *removes* the SRBDS mitigations from the above processors * Note that Debian had already downgraded 0x406e3 in release 3.20200609.2 intel-microcode (3.20200609.2) * REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression * Microcode rollbacks (closes: LP#1883002) sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 * THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS * Avoid hangs on boot on (some?) Skylake-U/Y processors, * ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading, just in case. Note that Debian does not do late loading by itself. Refer to LP#1883002 for the report, 0x806ec hangs upon late load. intel-microcode (3.20200609.1) * SECURITY UPDATE * For most processors: SRBDS and/or VRDS, L1DCES mitigations depending on the processor model * For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and L1DCES mitigations, plus mitigations described in the changelog entry for package release 3.20191112.1. * Expect some performance impact, the mitigations are enabled by default. A Linux kernel update will be issued that allows one to selectively disable the mitigations. * New upstream microcode datafile 20200609 * Implements mitigation for CVE-2020-0543 Special Register Buffer Data Sampling (SRBDS), INTEL-SA-00320, CROSSTalk * Implements mitigation for CVE-2020-0548 Vector Register Data Sampling (VRDS), INTEL-SA-00329 * Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling (L1DCES), INTEL-SA-00329 * Known to fix the regression introduced in release 2019-11-12 (sig 0x50564, rev. 0x2000065), which would cause several systems with Skylake Xeon, Skylake HEDT processors to hang while rebooting * Updated Microcodes: sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552 sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456 sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528 sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600 sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336 sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448 sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768 sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816 sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224 sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224 sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448 sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400 sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400 sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424 * Restores the microcode-level fixes that were reverted by release 3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT) intel-microcode (3.20200520.1) * New upstream microcode datafile 20200520 + Updated Microcodes: sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432 sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456 intel-microcode (3.20200508.1) * New upstream microcode datafile 20200508 + Updated Microcodes: sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520 * Likely fixes several critical errata on IceLake-U/Y causing system hangs intel-microcode (3.20191115.2) * Microcode rollbacks (closes: #946515, LP#1854764): sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792 * Avoids hangs on warm reboots (cold boots work fine) on HEDT and Xeon processors with signature 0x50654. intel-microcode (3.20191115.1) * New upstream microcode datafile 20191115 + Updated Microcodes: sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376 sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352 sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352 sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352 sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352 sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352 sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352 sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328 sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352 sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328 sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352 sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136 intel-microcode (3.20191113.1) * New upstream microcode datafile 20191113 + SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details Adds microcode update for CFL-S (Coffe Lake Desktop) INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117 + Updated Microcodes (previously removed): sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328 intel-microcode (3.20191112.1) * New upstream microcode datafile 20191112 + SECURITY UPDATE - Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135 - Implements TA Indirect Sharing mitigation, and improves the MDS mitigation (VERW) - Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271, CVE-2019-11139 - Fixes SGX vulnerabilities and errata (including CVE-2019-0117) + CRITICAL ERRATA FIXES - Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except Ice Lake), causes a 0-3% typical perforance hit (can be as bad as 10%). But ensures the processor will actually jump where it should, so don't even *dream* of not applying this fix. - Fixes AVX SHUF* instruction implementation flaw erratum + Removed Microcodes: sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304 + New Microcodes: sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992 sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200 sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040 sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752 sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400 sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136 + Updated Microcodes: sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376 sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x2000065, size 34816 sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200 sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376 sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728 sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328 sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352 sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328 sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352 sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352 sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352 sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328 sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352 sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328 + Updated Microcodes (previously removed): sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768 Signed-off-by: Tan Zien <nabsdh9@gmail.com> (cherry picked from commit e826e007658911df91385935e74621889abbda24)
* firmware: amd64-microcode: update to 20191218Tan Zien2020-10-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | amd64-microcode (3.20191218.1) * New microcode update packages from AMD upstream: + Removed Microcode updates (known to cause issues): sig 0x00830f10, patch id 0x08301025, 2019-07-11 * README: update for new release amd64-microcode (3.20191021.1) * New microcode update packages from AMD upstream: + New Microcodes: sig 0x00830f10, patch id 0x08301025, 2019-07-11 + Updated Microcodes: sig 0x00800f12, patch id 0x08001250, 2019-04-16 sig 0x00800f82, patch id 0x0800820d, 2019-04-16 amd64-microcode (3.20181128.1) * New microcode update packages from AMD upstream: + New Microcodes: sig 0x00800f82, patch id 0x0800820b, 2018-06-20 Signed-off-by: Tan Zien <nabsdh9@gmail.com> (cherry picked from commit 182c7d955f872cb712f6d16d4b5cc0824bf4cc67)
* firewall: options: fix parsing of boolean attributesHauke Mehrtens2020-10-162-1/+39
| | | | | | | | | | | Boolean attributes were parsed the same way as string attributes, so a value of { "bool_attr": "true" } would be parsed correctly, but { "bool_attr": true } (without quotes) was parsed as false. Fixes FS#3284 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 7f676b5ed6a2bcd6786a0fcb6a6db3ddfeedf795)
* kernel: bump 4.14 to 4.14.201Koen Vandeputte2020-10-1410-21/+21
| | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2020-14386 Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* oxnas: fix qc_prep return in sata driver after kernel 4.14.200Adrian Schmutzler2020-10-121-1/+3
| | | | | | | | | | | | | | | | | | | | | | | This fixes a regression after a kernel change in 4.14.200 [1] that led to build failure on oxnas/ox820: drivers/ata/sata_oxnas.c:2238:13: error: initialization of 'enum ata_completion_errors (*)(struct ata_queued_cmd *)' from incompatible pointer type 'void (*)(struct ata_queued_cmd *)' [-Werror=incompatible-pointer-types] .qc_prep = sata_oxnas_qc_prep, ^~~~~~~~~~~~~~~~~~ drivers/ata/sata_oxnas.c:2238:13: note: (near initialization for 'sata_oxnas_ops.qc_prep') Our local driver is changed the same way as prototyped in the kernel patch, i.e. return type is changed and AC_ERR_OK return value is added. [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=306a1c5b5683c1d37565e575386139a64bdbec6f Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit f6ca57e4f40528a8a0103c9f0e9647a2e11d10c3)
* mac80211: do not allow bigger VHT MPDUs than the hardware supportsFelix Fietkau2020-10-121-0/+34
| | | | | | | Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit caf727767ab5c8f8d884ef458c74726a8e610d96) [Refreshed patch] Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.200Koen Vandeputte2020-10-1220-48/+48
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ath79: ar8216: make switch register access atomicChuanhong Guo2020-10-111-0/+59
| | | | | | | | | | | | | | | | | | | | reg accesses on integrated ar8229 sometimes fails. As a result, phy read got incorrect port status and wan link goes down and up mysteriously. After comparing ar8216 with the old driver, these local_irq_save/restore calls are the only meaningful differences I could find and it does fix the issue. The same changes were added in svn r26856 by Gabor Juhos: ar71xx: ag71xx: make switch register access atomic As I can't find the underlying problem either, this hack is broght back to fix the unstable link issue. This hack is only suitable for ath79 mdio and may easily break the driver on other platform. Limit it to ath79-only as a target patch. Fixes: FS#2216 Fixes: FS#3226 Signed-off-by: Chuanhong Guo <gch981213@gmail.com> (cherry picked from commit 86fdc8abed5992a74078b000b5ff9da723b6f46b)
* scripts: getver.sh: fix version based on stable branchBaptiste Jonglez2020-10-071-1/+1
| | | | | | | | | | | | | | | | | | | | When building from a local branch based off the "openwrt-19.07" branch, version computation is wrong, for instance: r10194+1004-c53f62b111 The number of local commits (1004 in this case) is wrong because it is computed against master. As a result, it wrongly counts *all* commits since the beginning of the openwrt-19.07 branch as local commits. The fix is to compare to the openwrt-19.07 branch instead, which gives the expected result such as: r11192+6-8b0278a17e Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org> [shorten commit title] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* openssl: bump to 1.1.1hEneas U de Queiroz2020-09-283-5/+5
| | | | | | | This is a bug-fix release. Patches were refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 475838de1a33d49d1a0b81aad374a8db6dd2b3c8)
* ath79: fix rssi-low LED for My Net Range ExtenderAdrian Schmutzler2020-09-281-1/+1
| | | | | | | | | | The LED color was missing in 01_leds. Fixes: 745dee11ac78 ("ath79: add support for WD My Net Wi-Fi Range Extender") Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit d232a8ac7d1679f7ff97cbc66b4c49c940bd009f)
* kernel: Update to version 4.14.199Hauke Mehrtens2020-09-2843-203/+203
| | | | | | Compile and runtime tested on lantiq/xrx200 + ath79/generic. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* comgt: fix hotplug event handlingRozhuk Ivan2020-09-192-5/+5
| | | | | | | | | | | | Hotplug manager send: "remove" -> "add" -> "bind" events, script interpret bind as "not add" = "remove" and mark device as unavailable. Signed-off-by: Rozhuk Ivan <rozhuk.im@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase] (cherry picked from commit 4821ff064b735c320ae2625a739018d1fc7d6457) Fixes: FS#3351 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* Revert "ramips: ethernet: fix to interrupt handling"Jo-Philipp Wich2020-09-181-5/+6
| | | | | | | | | This reverts commit 7ac454014a11347887323a131415ac7032d53546. The change reportedly causes regressions in ethernet performance. Fixes: FS#3332 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* OpenWrt v19.07.4: revert to branch defaultsHauke Mehrtens2020-09-075-11/+9
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* OpenWrt v19.07.4: adjust config defaultsv19.07.4Hauke Mehrtens2020-09-075-9/+11
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ath10k-ct-firmware: update firmware imagesMichael Yartys2020-09-061-21/+21
| | | | | | | | | | | | | | | | Not a large change from last time, but should fix at least one rare wave-2 crash. Tested on Netgear R7800. Signed-off-by: Michael Yartys <michael.yartys@gmail.com> Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> (cherry picked from commit 91aab77bf1ce91b0e60e720eb147c94a02c1f2fd) [adapt variables and package names] [remove changes to non-full htt-mgt variants because we did not backport a882bfce052e ("ath10k-ct-firmware: add htt-mgt variants")] Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org> Tested-by: Baptiste Jonglez <git@bitsofnetworks.org> [QCA9886, QCA9887]
* ath10k-ct-firmware: update firmware imagesÁlvaro Fernández Rojas2020-09-061-25/+25
| | | | | | | | | | No release notes this time. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> (cherry picked from commit 06f510df6e2aa0b1e40124bbd758672458d01482) [adapt variables and package names because we did not backport 2e5e9b459ed5 ("ath10k-ct-firmware: rename ct-htt packages")] Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* ath10k-firmware: move CT firmwares to new packageÁlvaro Fernández Rojas2020-09-062-446/+524
| | | | | Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> (cherry picked from commit 658e68f85c2645e0132edc6b30a9c76cc17292de)
* ath10k-firmware: update ath10k-ct firmware imagesÁlvaro Fernández Rojas2020-09-061-24/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Release notes for 017: Wave-1: * March 19, 2020: Fix problem where power-save was not enabled when going off-channel to scan. The problem was a boolean logic inversion in the chmgr code, a regression I introduced a long time ago. * March 19, 2020: When scanning only on current working channel, do not bother with disable/enable powersave. This should make an on-channel scan less obtrusive than it was previously. * March 23, 2020: Fix channel-mgr use-after-free problem that caused crashes in some cases. The crash was exacerbated by recent power-save changes. * March 23, 2020: Fix station-mode power-save related crash: backported the fix from 10.2 QCA firmware. * March 23, 2020: Attempt to better clean up power-save objects and state, especially in station mode. Release notes for 016: Wave-1 changes, some debugging code for a crash someone reported, plus: * February 28, 2020: Fix custom-tx path when sending in 0x0 for rate-code. Have tries == 0 mean one try but NO-ACK (similar to how wave-2 does it). wave-2: * Fixed some long-ago regressions related to powersave and/or multicast. Maybe fix some additional multicast and/or tx-scheduling bugs. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> Acked-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 84f4a783c6987fd9d67c089a76e2f90b7491f446)
* ath10k-firmware: update ath10k-ct firmwareMichael Yartys2020-09-061-24/+24
| | | | | | | | | | | | | | | This supports better per-chain noise floor reporting, which in turn allows for better RSSI reporting in the driver. Wave-2 fixes a long-standing rate-ctrl problem when connected to xbox (and probably other devices). Wave-2 has fix for crash likely related to rekeying. Wave-1 has some debugging code added where a user reported a crash. Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> [ipq806x+qca9984,ipq4019+qca9986] Signed-off-by: Michael Yartys <michael.yartys@protonmail.com> (cherry picked from commit 18622638831707038556b9b8bd5a0b4d4a53ce53)
* ath10k-firmware: update Candela Tech firmware imagesStefan Lippers-Hollmann2020-09-061-20/+20
| | | | | | | | | | | | | | | | | | The release notes since last time for wave-1: * No changes to wave-1, but I make a version .014 copy anyway to keep the makefile in sync. The release notes since last time for wave-2: * December 16, 2019: Wave-2 has a fix to make setting txpower work better. Before setting the power was ignored at least some of the time (it also appeared to work mostly, so I guess it was being correctly set in other ways). Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> (cherry picked from commit 65982642668e859540b21c2bd3bf907493df830a)
* ramips: ethernet: fix to interrupt handlingNeilBrown2020-09-061-6/+5
| | | | | | | | | | | | | The current code acknowledged interrupts *after* polling. This is the wrong way around, and could cause an interrupt to be missed. This is not likely to be fatal as another packet, and so another interrupt, should come along soon. But maybe it is causing problems, so let's fix it anyway. Signed-off-by: NeilBrown <neil@brown.name> (Note that this matches the upstream driver.) Signed-off-by: Rosen Penev <rosenp@gmail.com>
* hostapd: Fix compile errors after wolfssl updateHauke Mehrtens2020-09-041-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following compile errors after the wolfssl 4.5.0 update: LD wpa_cli ../src/crypto/tls_wolfssl.c: In function 'tls_match_alt_subject': ../src/crypto/tls_wolfssl.c:610:11: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'? type = GEN_EMAIL; ^~~~~~~~~ ENAVAIL ../src/crypto/tls_wolfssl.c:610:11: note: each undeclared identifier is reported only once for each function it appears in ../src/crypto/tls_wolfssl.c:613:11: error: 'GEN_DNS' undeclared (first use in this function) type = GEN_DNS; ^~~~~~~ ../src/crypto/tls_wolfssl.c:616:11: error: 'GEN_URI' undeclared (first use in this function) type = GEN_URI; ^~~~~~~ ../src/crypto/tls_wolfssl.c: In function 'wolfssl_tls_cert_event': ../src/crypto/tls_wolfssl.c:902:20: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'? if (gen->type != GEN_EMAIL && ^~~~~~~~~ ENAVAIL ../src/crypto/tls_wolfssl.c:903:20: error: 'GEN_DNS' undeclared (first use in this function) gen->type != GEN_DNS && ^~~~~~~ ../src/crypto/tls_wolfssl.c:904:20: error: 'GEN_URI' undeclared (first use in this function) gen->type != GEN_URI) ^~~~~~~ Makefile:2029: recipe for target '../src/crypto/tls_wolfssl.o' failed Fixes: 00722a720c77 ("wolfssl: Update to version 4.5.0") Reported-by: Andre Heider <a.heider@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit bc19481826e0da9119945eaae4f25736306f023b)
* wolfssl: Update to version 4.5.0Hauke Mehrtens2020-09-023-4/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following security problems: * In earlier versions of wolfSSL there exists a potential man in the middle attack on TLS 1.3 clients. * Denial of service attack on TLS 1.3 servers from repetitively sending ChangeCipherSpecs messages. (CVE-2020-12457) * Potential cache timing attacks on public key operations in builds that are not using SP (single precision). (CVE-2020-15309) * When using SGX with EC scalar multiplication the possibility of side- channel attacks are present. * Leak of private key in the case that PEM format private keys are bundled in with PEM certificates into a single file. * During the handshake, clear application_data messages in epoch 0 are processed and returned to the application. Full changelog: https://www.wolfssl.com/docs/wolfssl-changelog/ Fix a build error on big endian systems by backporting a pull request: https://github.com/wolfSSL/wolfssl/pull/3255 The size of the ipk increases on mips BE by 1.4% old: libwolfssl24_4.4.0-stable-2_mips_24kc.ipk: 386246 new: libwolfssl24_4.5.0-stable-1_mips_24kc.ipk: 391528 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 00722a720c778e623d6f37af3a3b4e43b29c3fe8)
* wolfssl: use -fomit-frame-pointer to fix asm errorEneas U de Queiroz2020-09-021-2/+2
| | | | | | | | | | | | 32-bit x86 fail to compile fast-math feature when compiled with frame pointer, which uses a register used in a couple of inline asm functions. Previous versions of wolfssl had this by default. Keeping an extra register available may increase performance, so it's being restored for all architectures. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 750d52f6c90e2a144c250779741607f0cb306a94)
* wolfssl: update to 4.4.0-stableEneas U de Queiroz2020-09-021-2/+2
| | | | | | | | | | | | | This version adds many bugfixes, including a couple of security vulnerabilities: - For fast math (enabled by wpa_supplicant option), use a constant time modular inverse when mapping to affine when operation involves a private key - keygen, calc shared secret, sign. - Change constant time and cache resistant ECC mulmod. Ensure points being operated on change to make constant time. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 3481f6ffc79f46fc7ba86a4cc15ad958e99b5a82)
* mbedtls: update to 2.16.8Magnus Kroken2020-09-022-25/+25
| | | | | | | | | | | | | | | | | | This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues and the most notable of them are described in more detail in the security advisories. * Local side channel attack on RSA and static Diffie-Hellman * Local side channel attack on classical CBC decryption in (D)TLS * When checking X.509 CRLs, a certificate was only considered as revoked if its revocationDate was in the past according to the local clock if available. Full release announcement: https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8 Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit 66893063abf56b7d8c21eceed56e5d27859eaaea)
* mac80211: Fix potential endless loopHauke Mehrtens2020-08-301-0/+31
| | | | | | | Backport a fix from kernel 5.8.3. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit ca5ee6eba34593ec9f8b5b195c94cf6c3f6ff914)
* oxnas: reduce size of ATA DMA descriptor spaceDaniel Golle2020-08-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After years of trying to find the reason for random kernel crashes while both CPU and SATA are under load it has been found. Some odd commented-out #defines in kref's single-port driver [1] which were copied from the vendor driver made me develop a theory: The IO-mapped memory area for DMA descriptors apparetly got some holes just before the alignment boundaries. This feels like an off-by-one bug in the hardware or maybe those fields are used internally by the SATA controller's firmware. Whatever the cause is: they cannot be used and trying to use them results in reading back unexpected stuff and ends up with oopsing Unable to handle kernel paging request at virtual address d085c004 Work around the issue by reducing the area used for bmdma descriptors. This reduces SATA performance (iops) quite a bit, but finally makes things work reliably. Possibly one could optimize this much more by really just skipping the holes in that memory area -- however, that seems to be non-trivial with the driver and libata in it's current form (suggestions are welcome). The 'proper' way to have good SATA performance would be to make use of the hardware RAID features (one can use the JBOD mode to access even just a single disc transparently through the RAID controller integrated in the SATA host instead of accessing the SATA ports 'raw' as we do now). [1]: https://github.com/kref/linux-oxnas/blob/master/drivers/ata/sata_oxnas.c#L25 Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 5793112f751ee3d9f841af4846d68e6b1ff1bff4, including fixup commit d75e75306301852a848824cf268d8b58eda28a8a)
* mbedtls: update to 2.16.7Magnus Kroken2020-08-272-27/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Mbed TLS 2.16.7 is a maintenance release of the Mbed TLS 2.16 branch, and provides bug fixes and minor enhancements. This release includes fixes for security issues and the most severe one is described in more detail in a security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07 * Fix a side channel vulnerability in modular exponentiation that could reveal an RSA private key used in a secure enclave. * Fix side channel in mbedtls_ecp_check_pub_priv() and mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private key that didn't include the uncompressed public key), as well as mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL f_rng argument. An attacker with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave) could fully recover the ECC private key. * Fix issue in Lucky 13 counter-measure that could make it ineffective when hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT macros). Due to Mbed TLS moving from ARMmbed to the Trusted Firmware project, some changes to the download URLs are required. For the time being, the ARMmbed/mbedtls Github repository is the canonical source for Mbed TLS. Signed-off-by: Magnus Kroken <mkroken@gmail.com> [Use https://codeload.github.com and new tar.gz file] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 201d6776a0b5858b8ce43a2392c9fe48aa1c4dd7)
* kernel: Update kernel 4.14 to version 4.14.195Hauke Mehrtens2020-08-2743-104/+104
| | | | | | Compile and runtime tested on lantiq/xrx200 and x86/64. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ath79: add support for TP-Link TL-WR710N v2.1Adrian Schmutzler2020-08-245-118/+152
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds support for the TP-Link TL-WR710N v2.1. It is basically a re-issue of the v1.2. Specifications: SoC: Atheros AR9331 CPU: 400 MHz Flash: 8 MiB RAM: 32 MiB WiFi: 2.4 GHz b/g/n Ethernet: 2x 100M ports USB: 1x 2.0 The only difference from the v1 is the TP-Link hardware ID/revision. Attention: The TL-WR710N v2.0 (!) has only 4 MB flash and cannot be flashed with this image. It has a different TPLINK_HWREV, so accidental flashing of the factory image should be impossible without additional measures. Unfortunately, the v2.0 in ar71xx has the same board name, so sysupgrade from ar71xx v2.0 into ath79 v1/v2.1 will not be prevented, but will brick the device. Flashing instruction: Upload the factory image via the OEM firmware GUI upgrade mechanism. Further notes: To make implementation easier if somebody desires to port the 4M v2.0, this already creates two DTSI files. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> Tested-by: Fabian Eppig <fabian@eppig.de> (backported from eb531337a779a48a2d17bc66f0d222325d6c1563)
* tools/tplink-safeloader: use soft_ver 1.9.1 for archer c6 v2Alexander Couzens2020-08-241-1/+1
| | | | | | | | | | | | TP-LINK published a firmware update for the archer c6 v2. This updates also reached the factory devices. Newer software version rejects downgrading to 1.2.x. Use 1.9.x to allow installing the factory images and have a little bit time to change it again. Tested on archer c6 v2 with firmware 1.3.1 Signed-off-by: Alexander Couzens <lynxis@fe80.eu> (cherry picked from commit 6d5d815e3f6850a0dc754bf16053fa34490766f7)
* tplink-safeloader: update soft_ver for TP-Link Archer C6 v2 (EU)Georgi Vlaev2020-08-241-1/+1
| | | | | | | | | | | | | The last couple of TP-Link firmware releases for Archer C6 v2 (EU) have switched to version 1.2.x. Bump the soft_ver to "1.2.1" to allow firmware updates from the vendor web interface. TP-Link vendor firmware releases supported by this change: * Archer C6(EU)_V2_200110: soft_ver:1.2.1 Build 20200110 rel.60119 * Archer C6(EU)_V2_191014: soft_ver:1.2.0 Build 20191014 rel.33289 Signed-off-by: Georgi Vlaev <georgi.vlaev@gmail.com> (cherry picked from commit ff75bbc423eddc09f5349b63c34773b04822f171)
* Revert "scripts/download: add sources CDN as first mirror"Jo-Philipp Wich2020-08-241-1/+0
| | | | | | | | | | | This reverts commit c737a9ee6a9c47b6e553ac81bf293b1161e59799. The source CDN has been discontinued in its current form and will take a while to be reestablished. Even then it makes little sense to put a CDN before other CDNs such as kernel.org, apache.org, sourceforge etc. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit bf96eb55c82191701030b68810e6f19adbb91eeb)
* generic: platform/mikrotik: fix incorrect testThibaut VARÈNE2020-08-181-1/+1
| | | | | | | The test is meant to check the result of the preceding kmalloc() Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org> (cherry picked from commit d0498872ff71a79f0676cfc6b6b547c499bff712)
* ath79: enable gpio on ar933x by defaultAdrian Schmutzler2020-08-1812-46/+0
| | | | | | | | | | | | | | | | All other SoC DTSI files have gpio enabled by default, only ar9330/ar9331 disable it by default, only to have it enabled again afterwards for each individual device. So, do not disable it in the first place, and drop all device-specific status statements afterwards. Though this is a cosmetic commit, it might be a pitfall for device-support backporters if missing. Since backporting it is trivial, let's just do it. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit dc1280ef652c6522269c7a864810c19362d33dc4)
* ath79: fix syntax error in ar7240_tplink_tl-wa.dtsiAdrian Schmutzler2020-08-171-1/+1
| | | | | | | | | | The node needs to be terminated by a semicolon. Fixes: 8484a764df20 ("ath79: ar724x: make sure builtin-switch is enabled in DT") Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit e329e71c6915ffdf7fe99efc323a6de7867d0cbe)
* ath79: ar724x: make sure builtin-switch is enabled in DTAdrian Schmutzler2020-08-179-12/+8
| | | | | | | | | | | | | | | | | | | | On ar7240/ar7241 the mdioX node with the builtin-switch is enabled in the DTSI files, but the parent ethX node is left disabled. It only gets enabled per device or device family, and has not been enabled at all yet for the TP-Link WA devices with ar7240, making the switch unavailable there. This patch makes sure &eth0/&eth1 nodes are enabled together with the &mdio0/&mdio1 nodes containing the builtin-switch. For ar7240_tplink_tl-wa.dtsi, &eth0 is properly hidden again via compatible = "syscon", "simple-mfd"; This partially fixes FS#2887, however it seems dmesg still does not show cable (dis)connect in dmesg for ar7240 TP-Link WA devices. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 8484a764df20cdd673c74b583bfbf71e10c02726)
* ath79: WNR612v2: improve device supportMichal Cieslakiewicz2020-08-174-10/+18
| | | | | | | | | | | | | | | | | | This patch improves ath79 support for Netgear WNR612v2. Router functionality becomes identical to ar71xx version. Changes include: * software control over LAN LEDs via sysfs * correct MAC addresses for network interfaces * correct image size in device definition * dts: 'keys' renamed to 'ath9k-keys' * dts: 'label-mac-device' set to eth1 (LAN) * dts: formatting adjustments Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl> (cherry picked from commit d74324e407de7fb641310070762923f7e4cd2d6c) [remove label-mac-device] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ath79: add LAN LEDs control bits for AR724x GPIO function pinmuxMichal Cieslakiewicz2020-08-171-1/+9
| | | | | | | | | | | | | | | | Currently AR724x pinmux for register 0x18040028 controls only JTAG disable bit. This patch adds new DTS settings to control LAN LEDs and CLKs that allow full software control over these diodes - exactly the same is done by ar71xx target in device setup phase for many routers (WNR2000v3 for example). 'switch_led_disable_pins' clears AR724X_GPIO_FUNC_ETH_SWITCH_LED[0-4]_EN bits. 'clks_disable_pins' clears AR724X_GPIO_FUNC_CLK_OBS[1-5]_EN and AR724X_GPIO_FUNC_GE0_MII_CLK_EN bits. These all should be used together, along with 'jtag_disable_pins', to allow OS to control all GPIO-connected LEDs and buttons on device. Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl> (cherry picked from commit 69df7eb73d9922e5e717b004aae06f93fe692dba)
* ramips: fix Xiaomi MiWiFi Mini switch definitionChih-Wei Chen2020-08-131-6/+6
| | | | | | | | | | | | | | | | | | | | | | Based on OpenWRT Table of Hardware > Xiaomi > Xiaomi Mi WiFi Mini Switch Ports Defaults: 0, 1: LAN 4: WAN 6: CPU Port in Web GUI (word printed on bottom of case) WAN(Internet) map to switch port 4 LAN1(.) map to switch port 1 LAN2(..) map to switch port 0 CPU map to switch port 6 current setting is 1 WAN/ 4 LAN port, fix it. Signed-off-by: Chih-Wei Chen <changeway@gmail.com> [rebased after base-files split, fixed commit title] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (backported from commit 3e88ab79b03917bc4b03b34db12edf622bde1de1)
* busybox: delete redundant patchMagnus Kroken2020-08-122-14/+1
| | | | | | | | | | | This problem has been fixed in upstream commit 6b6a3d9339f1c08efaa18a7fb7357e20b48bdc95. This patch now (harmlessly) adds the same definition a second time. Signed-off-by: Magnus Kroken <mkroken@gmail.com> [bump PKG_RELEASE] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 4165232c45df224f32a94f43b9938d13d643b2a8)
* mac80211: Fix build on mpc85xx targetHauke Mehrtens2020-08-112-1/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following compile error seen on the mpc85xx target: CC [M] /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o In file included from /builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/stddef.h:17, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/uapi/linux/wireless.h:77, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/linux/wireless.h:13, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:89: /builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/bits/alltypes.h:106:15: error: conflicting types for 'ptrdiff_t' typedef _Addr ptrdiff_t; ^~~~~~~~~ In file included from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/types.h:4, from ./include/linux/list.h:5, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/list.h:3, from ./include/linux/module.h:9, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/module.h:3, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:79: ./include/linux/types.h:65:28: note: previous declaration of 'ptrdiff_t' was here typedef __kernel_ptrdiff_t ptrdiff_t; ^~~~~~~~~ scripts/Makefile.build:265: recipe for target '/linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o' failed Fixes: d6b158b86981 ("mac80211: Update to 4.19.137-1") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 04b1a11f5ca72a741493addca1b1ae093f37934f)
* x86: Add CONFIG_EFI_CUSTOM_SSDT_OVERLAYSHauke Mehrtens2020-08-111-0/+1
| | | | | | | | | | The CONFIG_EFI_CUSTOM_SSDT_OVERLAYS option was added in kernel 4.14.188, set it for the x86/generic target. This fixes a build problem in the x86/generic target. Fixes: 148d59c67edd ("kernel: update kernel 4.14 to version 4.14.193") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>