aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* kernel: add missing symbolKoen Vandeputte2019-10-301-0/+1
| | | | | | Discovered during layerscape compile-testing Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.150Koen Vandeputte2019-10-302-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.197Koen Vandeputte2019-10-303-145/+154
| | | | | | | | | | | | | | | | | | | Refreshed all patches. Altered patches: - 804-crypto-support-layerscape.patch Compile-tested on: ar71xx Runtime-tested on: ar71xx Compiling target layerscape before this patch shows that it's broken. Fixing it is out-of-scope for bumping the kernel and will be done in a later patch. The altered patch is a sample change which leaves the target exactly as it was before this bump. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* brcm2708: Add feature flag rootfs-partDaniel F. Dickinson2019-10-301-1/+1
| | | | | | | | | | | | | Even with squashfs brcm2708 requires ROOTFS_PART_SIZE because the overlay exists as a loopback device on the space not used by squashfs in the root partition. Also for ext4 (the other fs option) ROOTFS_PART_SIZE is required, so use feature flag rootfs-part to enable it. Fixes FS#2166 Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com> (cherry picked from commit 3bb44f42990a75e66972016cde75bed6a3f09ef9) Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* iptables: bump PKG_RELEASEYousong Zhou2019-10-241-1/+1
| | | | | | | | | Package content changed with the previous two cherry-picks dff0b2104d kernel: netfilter: Add nf_tproxy_ipv{4,6} and nf_socket_ipv{4,6} a2fe698a40 kernel: Added required dependencies for socket match. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* kernel: Added required dependencies for socket match.Oldřich Jedlička2019-10-241-0/+2
| | | | | | | | | | | | | | | | | This applies to kernel 4.10 and newer. See https://github.com/torvalds/linux/commit/8db4c5be88f62ffd7a552f70687a10c614dc697b The above commit added to kernel 4.10 added new dependency for building the NETFILTER_XT_MATCH_SOCKET (xt_socket.ko) module. The NF_SOCKET_IPVx options (both of them) need to be enabled in order to build the NETFILTER_XT_MATCH_SOCKET module. Without the change the module is not built. Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com> (cherry picked from commit 66e875a07033cdcfd8c4a16940d4acfe63c60202) (required for fixing FS#2531) Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* kernel: netfilter: Add nf_tproxy_ipv{4,6} and nf_socket_ipv{4,6}Hauke Mehrtens2019-10-241-0/+4
| | | | | | | | | | | | | The nf_socket.ko module was split in commit 8db4c5be88f ("netfilter: move socket lookup infrastructure to nf_socket_ipv{4,6}.c") into a common, n IPv4 and an IPv6 part. The nf_tproxy.ko module was split in commit 45ca4e0cf27 ("netfilter: Libify xt_TPROXY") into a common, an IPv4 and an IPv6 part. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 89806545cc1711f4e33c1c2ac5265aec4afe8078) (required for fixing FS#2531) Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* tcpdump: update to 4.9.3DENG Qingfang2019-10-194-19/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixed CVEs: CVE-2017-16808 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16301 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166 CVE-2019-15167 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn> (cherry picked from commit 394273c066b8f4317b77f3ede216cfcdd45250c1)
* libpcap: update to 1.9.1DENG Qingfang2019-10-195-15/+18
| | | | | | | | | | | | | Fixed CVEs: CVE-2018-16301 CVE-2019-15161 CVE-2019-15162 CVE-2019-15163 CVE-2019-15164 CVE-2019-15165 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn> (cherry picked from commit 44f11353de044834a442d3192b66579b99305720)
* libpcap: update to 1.9.0Syrone Wong2019-10-199-306/+50
| | | | | | | | | | | | | 001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch dropped due to upstream 002-Add-missing-compiler_state_t-parameter.patch dropped due to upstream 202-protocol_api.patch dropped due to implemented upstream by another way upstream commit: https://github.com/the-tcpdump-group/libpcap/commit/55c690f6f834b4762697d7a134de439c9096c921 and renamed via: https://github.com/the-tcpdump-group/libpcap/commit/697b1f7e9b1d6f5a5be04f821d7c5dc62458bb3b ead is the only user who use the protocol api, we have to use the new api since libpcap 1.9.0 Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
* kernel: bump 4.14 to 4.14.149Koen Vandeputte2019-10-1518-107/+107
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.148Koen Vandeputte2019-10-085-6/+6
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.196Koen Vandeputte2019-10-085-6/+6
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.147Koen Vandeputte2019-10-085-9/+9
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx, imx6 Compile-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.195Koen Vandeputte2019-10-089-33/+31
| | | | | | | | | | | | Refreshed all patches. Altered patches: - 403-mtd_fix_cfi_cmdset_0002_status_check.patch Compile-tested on: ar71xx Compile-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* apm821xx: fix fan control on highest stepChristian Lamparter2019-09-281-1/+1
| | | | | | | | | | This patch removes a typo (extra "0") so that the 'cpu-alert6' step is triggered once the system reaches 85°C. Note: Unless the WNDR4700 is placed in an hot oven, the hardware-monitor will never reach this value. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* brcm47xx: sysupgrade: fix device model detectionRafał Miłecki2019-09-261-2/+2
| | | | | | | | | $(board_name) was providing content on "boardtype" (and optionally "boardnum") NVRAM values. That function requires & expects more specific and detailed model name extracted from the /proc/cpuinfo. Fixes: f12a32630ff5 ("treewide: use the generic board_name function") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* kernel: bump 4.14 to 4.14.146Koen Vandeputte2019-09-242-3/+3
| | | | | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-14814 - CVE-2019-14815 - CVE-2019-14816 - CVE-2019-14821 Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.194Koen Vandeputte2019-09-2411-21/+21
| | | | | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-14814 - CVE-2019-14815 - CVE-2019-14816 - CVE-2019-14821 Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* hostapd: Fix AP mode PMF disconnection protection bypassHauke Mehrtens2019-09-214-6/+72
| | | | | | | | | This fixes * CVE-2019-16275 AP mode PMF disconnection protection bypass https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit a6981604b30bc1ddc1713b368fe853d89c2ba40d)
* hostapd: SAE/EAP-pwd side-channel attack updateHauke Mehrtens2019-09-219-1/+397
| | | | | | | | | Fixes this security problem: * SAE/EAP-pwd side-channel attack update https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 7bed9bf10fc8d05df34c7efc66e8b4ade37a1a0c)
* mbedtls: update to 2.16.3Magnus Kroken2019-09-214-62/+35
| | | | | | | | Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch, the issue has been fixed upstream. Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit 49d96ffc5c47e40b7f3d99a91a42ea8a54a38bd9)
* mbedtls: Update to version 2.16.2Josef Schlehofer2019-09-212-4/+4
| | | | | Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz> (cherry picked from commit a2f54f6d5d98211e9c58420eed8c67f4fca83665)
* openssl: bump to 1.0.2t, add maintainerEneas U de Queiroz2019-09-202-3/+4
| | | | | | | | | | | | | This version fixes 3 low-severity vulnerabilities: - CVE-2019-1547: ECDSA remote timing attack - CVE-2019-1549: Fork Protection - CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Patches were refreshed, and Eneas U de Queiroz added as maintainer. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* kernel: bump 4.14 to 4.14.145Koen Vandeputte2019-09-2010-22/+22
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.144Koen Vandeputte2019-09-202-4/+4
| | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-15030 Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.193Koen Vandeputte2019-09-205-20/+15
| | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-15030 Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* mac80211: brcmfmac: backport the last 5.4 changesRafał Miłecki2019-09-164-1/+402
| | | | | | | | This makes brcmfmac use the same wiphy after PCIe reset to help user space handle corner cases (e.g. firmware crash). Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit f39f4b2f6d4300995270f635261b07197e8cf61e)
* ar71xx: fix potential IRQ misses during dispatch for qca953xKoen Vandeputte2019-09-131-0/+27
| | | | | | | | | | | If both interrupts are set in the current implementation only the 1st will be handled and the 2nd will be skipped due to the "if else" condition. Fix this by using the same approach as done for QCA955x just below it. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ar71xx: Fix potentially missed IRQ handling during dispatchKoen Vandeputte2019-09-131-0/+57
| | | | | | | | | | | If both interrupts are set in the current implementation only the 1st will be handled and the 2nd will be skipped due to the "if else" condition. Fix this by using the same approach as done for QCA955x just below it. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.143Koen Vandeputte2019-09-132-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.192Koen Vandeputte2019-09-136-9/+9
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* tools: mkimage: fix __u64 typedef conflict with new glibcYousong Zhou2019-09-121-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Including "sys/stat.h" from newer glibc will cause __u64 from linux uapi header to be included, causing compilation failure for u-boot tools USE_HOSTCC Remove typedef for __u64 in include/compiler.h to fix the issue. It should be safe because as of u-boot-2018.03, no ref to __u64 is found under u-boot tools/ directory Error message snippet follows HOSTCC tools/mkenvimage.o In file included from /usr/include/asm-generic/types.h:7, from /usr/include/asm/types.h:5, from /usr/include/linux/types.h:5, from /usr/include/linux/stat.h:5, from /usr/include/bits/statx.h:30, from /usr/include/sys/stat.h:446, from tools/mkenvimage.c:21: /usr/include/asm-generic/int-ll64.h:31:42: error: conflicting types for '__u64' 31 | __extension__ typedef unsigned long long __u64; | ^~~~~ In file included from <command-line>: ././include/compiler.h:69:18: note: previous declaration of '__u64' was here 69 | typedef uint64_t __u64; | ^~~~~ make[5]: *** [scripts/Makefile.host:116: tools/mkenvimage.o] Error 1 Ref: https://forum.openwrt.org/t/compile-error-19-07/44423 Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1699194 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* kernel: bump 4.14 to 4.14.142Koen Vandeputte2019-09-115-35/+9
| | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 0032-usb-host-fotg2-restart-hcd-after-port-reset.patch Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.191Koen Vandeputte2019-09-112-5/+5
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ramips: fix duplicate network setup for dlink, dir-615-h1Adrian Schmutzler2019-09-091-1/+0
| | | | | | | | | | | | | | | In 555ca422d1cb ("ramips: fix D-Link DIR-615 H1 switch port mapping"), port setup for dir-615-h1 was changed without removing the old one. This was working as the new one was triggered earlier than the old one. (In the meantine, changed sorting during ramips rename patches actually inversed that order.) Anyway, just remove the wrong case now. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit e35e4a996e26f17b69d200505ecea78af96a2704)
* ramips: fix D-Link DIR-615 H1 switch port mappingMirko Parthey2019-09-091-0/+1
| | | | | | | | | | Reuse a device-specific switch port mapping which also applies to the D-Link DIR-615 H1. Signed-off-by: Mirko Parthey <mirko.parthey@web.de> [cherry-pick/rebase] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 555ca422d1cbc2db354c0ed03d1a79650f590859)
* ramips: remove duplicate case for MAC setup of freestation5Adrian Schmutzler2019-09-091-1/+0
| | | | | | | | | | | | | ARC FreeStation5 is present twice in MAC address setup. >From older commits/changes, it is not possible to reconstruct the correct choice only by reading the annotations. Thus, remove the second case and keep the first one, so behavior stays the same (as nobody seems to have complained about it). Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit ad4eb2241b33b05b0942a3fa7ed2e53fb6e84386)
* mac80211: brcmfmac: backport more kernel 5.4 changesRafał Miłecki2019-09-098-9/+283
| | | | | | | | Patch getting RAM info got upstreamed. A debugging fs entry for testing reset feature was added. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 681acdcc54d2e59135bb706c38bed942f74ccf74)
* bzip2: Fix CVE-2019-12900Josef Schlehofer2019-09-032-1/+66
| | | | | | | More details about this CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-12900 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* ar71xx: WNR2200: remove redundant GPIO for WLAN LEDMichal Cieslakiewicz2019-08-301-0/+1
| | | | | | | | | | | | | | | | | | | | | | | Without this patch, an extra entry appears for AR9287 GPIO that duplicates WLAN LED but in fact drives nothing: gpiochip1: GPIOs 502-511, ath9k-phy0: gpio-502 ( |netgear:blue:wlan ) out hi gpio-503 ( |netgear:amber:test ) out hi gpio-504 ( |netgear:green:power ) out lo gpio-505 ( |rfkill ) in hi gpio-507 ( |wps ) in hi gpio-508 ( |reset ) in hi gpio-510 ( |ath9k-phy0 ) out hi <===! The pin pointed above is default LED GPIO (8) for AR9287. For WNR2200 it is not connected anywhere - pin 0 drives blue WLAN LED instead - but initialization code is missing that information. This fix calls ap9x_pci_setup_wmac_led_pin() function at device setup, forcing WLAN LED pin to be 0 and removing redundant entry. Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
* kernel: bump 4.14 to 4.14.141Koen Vandeputte2019-08-301-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ath9k: backport dynack improvementsKoen Vandeputte2019-08-284-0/+300
| | | | | | | | | | | | | | | | | | | | | | | | | | | Close cooperation with Lorenzo Bianconi resulted in these patches which fix all remaining seen issues when using dynack. Fix link losses when: - Late Ack's are not seen or not present - switching from too low static coverage class to dynack on a live link These are fixed by setting the Ack Timeout/Slottime to the max possible value for the currently used channel width when a new station has been discovered. When traffic flows, dynack is able to adjust to optimal values within a few packets received (typically < 1 second) These changes have been thoroughly tested on ~60 offshore devices all interconnected using mesh over IBSS and dynack enabled on all. Distances between devices varied from <100m up to ~35km [move patches to correct folder + renumber] Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> (cherry picked from commit f6e8ba0238fe349b7529357793e2fb18635819ed)
* kernel: bump 4.14 to 4.14.140Koen Vandeputte2019-08-283-6/+6
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.190Koen Vandeputte2019-08-286-9/+9
| | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-3900 Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.139Koen Vandeputte2019-08-276-3/+7
| | | | | | | | | | | | Refreshed all patches. Also add a missing symbol for x86 which got used now in this bump. - ISCSI_IBFT Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* musl: Fix CVE-2019-14697Hauke Mehrtens2019-08-193-1/+208
| | | | | | | | | | | | musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code. This problem only affects x86 and no other architectures. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit c262daf308e0f0bd93bb5c5ee6238773935079ee)
* iptables: patch CVE-2019-11360 (security fix)Jan Pavlinec2019-08-172-1/+14
| | | | Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
* musl: ldso/dlsym: fix mips returning undef dlsymLuiz Angelo Daros de Luca2019-08-173-2/+141
| | | | | | | | | | | | | | | This happens only the second time a library is loaded by dlopen(). After lib1 is loaded, dlsym(lib1,"undef1") correctly resolves the undef symbol from lib1 dependencies. After the second library is loaded, dlsym(lib2,"undef1") was returning the address of "undef1" in lib2 instead of searching lib2 dependencies. Backporting upstream fix which now uses the same logic for relocation time and dlsym. Fixes openwrt/packages#9297 Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
* wolfssl: fixes for CVE-2018-16870 & CVE-2019-13628Eneas U de Queiroz2019-08-174-4/+665
| | | | | | | | | | | | | CVE-2018-16870: medium-severity, new variant of the Bleichenbacher attack to perform downgrade attacks against TLS, which may lead to leakage of sensible data. Backported from 3.15.7. CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes when performing ECDSA signing operations. The leak is considered to be difficult to exploit but it could potentially be used maliciously to perform a lattice based timing attack. Backported from 4.1.0. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>