aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ath10k-ct: update to version 2019-09-09Koen Vandeputte2019-09-248-17/+17
| | | | | | | | | | 5e8cd86f90da ath10k-ct: Backport ap-vlan code from 5.2 to 4.20 and 4.19 drivers. 0c518586bd7f ath10k-ct: Fix a few warning splats. Adds AP VLAN. Refreshed all patches. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ath10k-firmware: update Candela Tech firmware imagesRobert Marko2019-09-241-20/+20
| | | | | | | | This enables a feature flag in the wave-2 firmware wmi-services indicating it can send software-encrypted raw frames. This should in turn allow the AP-VLAN feature to work. Signed-off-by: Robert Marko <robimarko@gmail.com> (cherry picked from commit 7c930990af911f6634b422d7253f09df2bb164bf)
* kernel: bump 4.14 to 4.14.146Koen Vandeputte2019-09-242-3/+3
| | | | | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-14814 - CVE-2019-14815 - CVE-2019-14816 - CVE-2019-14821 Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: add disable_eap_hack sysfs attributeEtienne Champetier2019-09-231-4/+55
| | | | | | | | We are not sure if 640-bridge-only-accept-EAP-locally.patch is still needed as a first step, add disable_eap_hack sysfs config to allow to disable it Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> (cherry picked from commit 7d542dc8047d276517b296132926e722004065e0)
* openssl: bump to 1.1.1dEneas U de Queiroz2019-09-2312-2524/+223
| | | | | | | | | | | | | | This version fixes 3 low-severity vulnerabilities: - CVE-2019-1547: ECDSA remote timing attack - CVE-2019-1549: Fork Protection - CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Patches were refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit d868d0a5d7e1d76bb1a8980346d222fae55fa18b)
* ath79: remove invalid uses of ath9k_patch_fw_mac_crcAdrian Schmutzler2019-09-221-3/+3
| | | | | | | | | | | | | Some ar9344-based devices are using ath9k_patch_fw_mac_crc, which is meant to generate a checksum, for fixing their ath9k MAC addresses. However, those do not have a checksum field, and the calculated checksum offset would be negative. This patch will use ath9k_patch_fw_mac function for those devices. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit f8d8b3f85d70a85d4fabc9b8ed4dbc8020be0523)
* hostapd: Fix AP mode PMF disconnection protection bypassHauke Mehrtens2019-09-214-6/+72
| | | | | | | | | This fixes * CVE-2019-16275 AP mode PMF disconnection protection bypass https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit a6981604b30bc1ddc1713b368fe853d89c2ba40d)
* uClibc++: Remove faulty patchRosen Penev2019-09-212-14/+1
| | | | | | | | | | | | | | | | This patch was originally added to fix compilation with v4l2rtspserver. Turns out it was v4l2rtspserver that was broken, not uClibc++. This now causes issues with a different package where the arguments are being split. Note that with this patch, shellcheck throws an error: SC2068: Double quote array expansions to avoid re-splitting elements. More: https://github.com/openwrt/packages/pull/9972#discussion_r324878373 Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 977a8fc5fc2e1be6d159b2d9e1c617826b5d9701)
* mbedtls: update to 2.16.3Magnus Kroken2019-09-213-52/+25
| | | | | | | | Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch, the issue has been fixed upstream. Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit 49d96ffc5c47e40b7f3d99a91a42ea8a54a38bd9)
* ltq-vdsl-fw: update firmware filename and download URLDaniel Golle2019-09-213-5/+5
| | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 4fc0a61ed3da96330d30703a2a039a6a06dc0b2f)
* kernel: add module for Emulex OneConnect 10GbitAlberto Bursi2019-09-211-0/+22
| | | | | | | | | | add module to support Emulex OneConnect common in 10Gbit SFP+ cards by Dell/HP/IBM supports OneConnect OCe10xxx OCe11xxx OCe14xxx, LightPulse LPe12xxx Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it> (cherry picked from commit 827f47749b75dcc6b650297b9303c27127b15201)
* kernel: bump 4.14 to 4.14.145Koen Vandeputte2019-09-2013-27/+27
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.144Koen Vandeputte2019-09-208-182/+99
| | | | | | | | | | | | | | | Refreshed all patches. Altered patches: - 816-pcie-support-layerscape.patch Fixes: - CVE-2019-15030 Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* procd: fix invalid JSON filter expression in procd_running()Jo-Philipp Wich2019-09-192-2/+2
| | | | | | | | | | Since service and instance names may contain characters which are not allowed in JSON path labels, such as dashes or spaces, change the filter expression to array square bracket notation to properly match these cases as well. Fixes: 2c3dd70741 ("procd: add procd_running() helper for checking running state") Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit c933b6d22478c1113629ef549beea6337f978d62)
* firewall: update to latest Git HEADJo-Philipp Wich2019-09-181-3/+3
| | | | | | | | | | | | | | | | | | | | 383eb58 ubus: do not overwrite ipset name attribute c26f890 firewall3: fix typo that affects ICMPv6 rules with numeric icmp_type 487bd0d utils: Fix string format message 4d0c703 firewall3: Fix some format string problems 8c404ef iptables.c: lock the xtables.lock c1d3a4d utils: implement fw3_lock_path() & fw3_unlock_path() Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: Petr Štetiar <ynezz@true.cz> [cherry picked and squashed from commits 7db655991443a98f84e4c39e733232d41d2d6137, 359bff605244c2cf2bff75bce0f0b16b496a6a77, 2cf209ce9166575d8259b5b4176ee91d8b48d2ff, 5ef9e4f107a94c502908403fdf56cf6bcdc08dd2] Ref: https://forum.openwrt.org/t/fw3-ipset-procd-objects/44044 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: update to the latest git HEADRafał Miłecki2019-09-181-3/+3
| | | | | | | | 62dc8c0 system: sysupgrade: send reply on error 2710c65 system: refuse sysupgrade with backup if it's unsupported Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 04e912d21720b2d906d84aaf172af79a25076a41)
* ramips: add factory image for NETGEAR R6220David Bauer2019-09-161-1/+6
| | | | | | | | | | | This adds an easy-installation factory image for the NETGEAR R6220 router. The factory image can either be flashed via the vendor Web-UI or the bootloader using nmrpflash. Tested with NETGEAR V1.1.0.86 firmware. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 607dfdf211bebb5043cbc0267c1e2c3e3c2514b4)
* brcm47xx: sysupgrade: support Luxul firmware formatDan Haab2019-09-161-0/+82
| | | | | | | Allow flashing Luxul devices using vendor firmware format. Signed-off-by: Dan Haab <dan.haab@legrand.com> (cherry picked from commit 95240c4933607544ad1788c2ed19843dd96bccbb)
* bcm53xx: sysupgrade: support Luxul firmware formatDan Haab2019-09-161-0/+84
| | | | | | | | Allow flashing Luxul devices using vendor firmware format. The next step will be building proper images once they are conirmed to work. Signed-off-by: Dan Haab <dan.haab@legrand.com> (cherry picked from commit bc5db7364d1e00be5bbe5444e81c40571fbd696d)
* mac80211: brcmfmac: backport the last 5.4 changesRafał Miłecki2019-09-164-1/+413
| | | | | | | | This makes brcmfmac use the same wiphy after PCIe reset to help user space handle corner cases (e.g. firmware crash). Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit f39f4b2f6d4300995270f635261b07197e8cf61e)
* ar71xx: fix typo in platform_do_upgrade_compex()Rafał Miłecki2019-09-161-1/+1
| | | | | | Fixes: a71742882855 ("treewide: use new procd sysupgrade $UPGRADE_BACKUP variable") Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 63d611390c4d34a838e744e278529f30f9d2cc20)
* treewide: sysupgrade: use $UPGRADE_BACKUP to check for backupRafał Miłecki2019-09-1611-13/+12
| | | | | | | | Now that $UPGRADE_BACKUP is set conditionally there is no need to check the $UPGRADE_OPT_SAVE_CONFIG anymore. All conditions can be simplified. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit a858db313687ddfa6ed1ddba76bd74844a7b89dc)
* procd: update to the latest git HEADRafał Miłecki2019-09-161-3/+3
| | | | | | | | | | b8238df sysupgrade: support "backup" attribute This update requires "sysupgrade" method callers to pass "backup" attribute if $UPGRADE_BACKUP is used in the project. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 9785a9121d2d7a0a25bcd2924ee78fafada056da)
* base-files: sysupgrade: pass "backup" ubus attributeRafał Miłecki2019-09-161-0/+3
| | | | | | | | | This explicitly tells procd what backup file should be used during sysupgrade (if any). It's much more generic this way compared to the magic /tmp/sysupgrade.tgz file that had to be created before a call. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit c5223b26a40ae61fc7750bf865464048af328ab1)
* odhcpd: retry failed PD assignments on addrlist changeHans Dedecker2019-09-151-3/+3
| | | | | | 88d9ab6 dhcpv6: retry failed PD assignments on addrlist change Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* scripts/feeds: fix accepting "-" in feed type stringFelix Fietkau2019-09-151-1/+1
| | | | | | Fixes a syntax error in processing the type src-git-full Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ath79: fix UniFi AC LED mappingDavid Bauer2019-09-151-4/+9
| | | | | | | | | | | | The UniFi AC LED mapping is currently off. The blue/white LED are used as WiFi indicators, while the vendor firmware does not feature WiFI LEDs. Instead, the LEDs are used to indicate the devices status. Align the LED mapping to match the vendor firmware as good as possible. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 18fa749df8bd9fe292c93f60ddd3fb963a78274a)
* iwinfo: update to latest Git HEADDavid Bauer2019-09-151-3/+3
| | | | | | | | a88fb42 iwinfo: add device id for Qualcomm Atheros QCA9886 1b69d86 iwinfo: add device id for Qualcomm Atheros QCA9887 Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 7db2f1a71f202023154e80758079193fc47352eb)
* ar71xx: make IRQ fixes target specificKoen Vandeputte2019-09-141-0/+0
| | | | | | | | | | | Move the IRQ fix from generic to ar71xx specific. Other targets like ath79 have specific pathes to delete this code. This resulted in a build failure on ath79 Fixes: 00d48bcac08a ("ar71xx: Fix potentially missed IRQ handling during dispatch") Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ar71xx: fix potential IRQ misses during dispatch for qca953xKoen Vandeputte2019-09-131-0/+27
| | | | | | | | | | | | If both interrupts are set in the current implementation only the 1st will be handled and the 2nd will be skipped due to the "if else" condition. Fix this by using the same approach as done for QCA955x just below it. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit 9e8c36557cc0582986862f5a36e17adf6db2b90e)
* ar71xx: Fix potentially missed IRQ handling during dispatchKoen Vandeputte2019-09-131-0/+57
| | | | | | | | | | | If both interrupts are set in the current implementation only the 1st will be handled and the 2nd will be skipped due to the "if else" condition. Fix this by using the same approach as done for QCA955x just below it. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.143Koen Vandeputte2019-09-133-293/+3
| | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 390-v5.3-net-sched-fix-action-ipt-crash.patch Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* base-files: validate firmware for compatibility with backupRafał Miłecki2019-09-121-0/+7
| | | | | | | | | | This allows platform code to check if firmware image can be used with preserving a backup. It may be used e.g. when installing vendor firmwares that won't restore appended backup archive. Suggested-by: Luis Araneda <luaraneda@gmail.com> Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 1c510fe2980cd787602786e82f44602549d607d4)
* bcm53xx: extend firmware validationRafał Miłecki2019-09-121-1/+11
| | | | | | | | This provides TRX validation result to the validation JSON. It also prevents users from installing broken firmware files. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit c19b9f9a2623c110222210d04f75ace0e594c7e9)
* brcm47xx: extend firmware validationRafał Miłecki2019-09-121-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | | This provides TRX validation result, so final JSON may look like: { "tests": { "fwtool_signature": true, "fwtool_device_match": true, "trx_valid": true }, "valid": true, "forceable": true } It also prevents users from installing broken firmware files, e.g.: root@OpenWrt:/# sysupgrade -F -n /tmp/TZ Image metadata not found Invalid image type. Please use firmware specific for this device. Image check failed but --force given - will update anyway! Commencing upgrade. Closing all shell sessions. Firmware image is broken and cannot be installed Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit e68c1cebd1d87ce60f0646688e437e83081e2322)
* treewide: use new procd sysupgrade $UPGRADE_BACKUP variableRafał Miłecki2019-09-1221-24/+23
| | | | | | | | | | | It's a variable set by procd that should replace hardcoded /tmp/sysupgrade.tgz. This change requires the most recent procd with the commit 0f3c136 ("sysupgrade: set UPGRADE_BACKUP env variable"). Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 641f6b6c26cb9ab5e1198810015e5f4b2b5b34ad)
* treewide: when copying a backup file always specify dest nameRafał Miłecki2019-09-1212-12/+12
| | | | | | | | $CONF_TAR shouldn't be assumed to always point to the sysupgrade.tgz. This change makes code more generic and allows refactoring $CONF_TAR. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 62dbe361a1b1ed1506bc0387bff55eddcb619e49)
* treewide: don't hardcode "sysupgrade.tgz" file nameRafał Miłecki2019-09-1215-22/+31
| | | | | | | | | 1) Add BACKUP_FILE and use it when copying an archive to be restored after sysupgrade (on the next preinit). 2) Use CONF_TAR for copying backup prepared by the /sbin/sysupgrade Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit bf390478727ac5f4f9d6fb684de48b8150bcec67)
* tools: mkimage: fix __u64 typedef conflict with new glibcYousong Zhou2019-09-121-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Including "sys/stat.h" from newer glibc will cause __u64 from linux uapi header to be included, causing compilation failure for u-boot tools USE_HOSTCC Remove typedef for __u64 in include/compiler.h to fix the issue. It should be safe because as of u-boot-2018.03, no ref to __u64 is found under u-boot tools/ directory Error message snippet follows HOSTCC tools/mkenvimage.o In file included from /usr/include/asm-generic/types.h:7, from /usr/include/asm/types.h:5, from /usr/include/linux/types.h:5, from /usr/include/linux/stat.h:5, from /usr/include/bits/statx.h:30, from /usr/include/sys/stat.h:446, from tools/mkenvimage.c:21: /usr/include/asm-generic/int-ll64.h:31:42: error: conflicting types for '__u64' 31 | __extension__ typedef unsigned long long __u64; | ^~~~~ In file included from <command-line>: ././include/compiler.h:69:18: note: previous declaration of '__u64' was here 69 | typedef uint64_t __u64; | ^~~~~ make[5]: *** [scripts/Makefile.host:116: tools/mkenvimage.o] Error 1 Ref: https://forum.openwrt.org/t/compile-error-19-07/44423 Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1699194 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* Revert "ar71xx: use platform code for qca955x usb0 init"Koen Vandeputte2019-09-121-14/+0
| | | | | | | | | | | | | | | This reverts commit af91a370de2b94a37b8a87a9f95503e96dfcb744. As Piotr Dymacz pointed out: In QCA MIPS based WiSOCs, for first USB interface, device/host mode can be selected _only_ in hardware see description of 57c641ba6e QCA955x and QCA9563, second USB can be switched to device mode in software (tested and confirmed on real hardware). Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ar71xx: qca955x pci init/reset fixesTomislav Požega2019-09-111-0/+120
| | | | | | | | | | | | | | | Current ar724x code does the reset only on single pci bus, and in case of qca9558 writes the wrong register (0x10 vs 0x0c). This change allows the reset of second pci bus, commonly used in Archer C7 devices, in case host controller is stuck in reset. If the resetting controller on boot can solve any other issue it can be enabled unconditionally by removing reset check before ar724x_pci_hw_init is called. Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com> [refreshed to apply cleanly] Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit 76d870871cb12fc0c170e5fd23bce568adfaae6d)
* ar71xx: enable ddr wb flush on qca955xTomislav Požega2019-09-111-0/+49
| | | | | | | | | Enable flushing of write buffers on qca955x. GPL code has 0x88 reg defined for PCI flush which is likely an error since the device freezes on boot. So use DS default value 0xA8 for PCI flush. Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com> (cherry picked from commit fe9e702dc94ece2a004f6db68d6fb9a94d9437cb)
* ar71xx: use platform code for qca955x usb0 initTomislav Požega2019-09-111-0/+14
| | | | | | | | Switch from ci_usb_setup to generic platform initialization of usb0 port. Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com> (cherry picked from commit 36a0cfd24be1cb79f221964ed2bfe12b98befff3)
* kernel: bump 4.14 to 4.4.142Koen Vandeputte2019-09-116-36/+10
| | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 0032-usb-host-fotg2-restart-hcd-after-port-reset.patch Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* hostapd: SAE/EAP-pwd side-channel attack updateHauke Mehrtens2019-09-109-1/+397
| | | | | | | | | Fixes this security problem: * SAE/EAP-pwd side-channel attack update https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 7bed9bf10fc8d05df34c7efc66e8b4ade37a1a0c)
* hostapd: Fix security problem in EAP-pwdHauke Mehrtens2019-09-103-1/+81
| | | | | | | | | | | | This fixes: CVE-2019-11555 "EAP-pwd message reassembly issue with unexpected fragment" https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt This should not affect OpenWrt in the default settings as we do not use EAP-pwd. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 9f34bf51d60a237696b1d4cc9b5f4835b95e7ea2)
* ramips: fix ethernet MAC address of ASUS RT-AC57UAdrian Schmutzler2019-09-091-1/+1
| | | | | | | This backports the only non-cosmetic fix from 6640e1c3681b ("ramips: clean and improve MAC address setup in 02_network"). Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ramips: fix duplicate network setup for dlink, dir-615-h1Adrian Schmutzler2019-09-091-1/+0
| | | | | | | | | | | | | | | In 555ca422d1cb ("ramips: fix D-Link DIR-615 H1 switch port mapping"), port setup for dir-615-h1 was changed without removing the old one. This was working as the new one was triggered earlier than the old one. (In the meantine, changed sorting during ramips rename patches actually inversed that order.) Anyway, just remove the wrong case now. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit e35e4a996e26f17b69d200505ecea78af96a2704)
* ramips: remove duplicate case for MAC setup of freestation5Adrian Schmutzler2019-09-091-1/+0
| | | | | | | | | | | | | ARC FreeStation5 is present twice in MAC address setup. >From older commits/changes, it is not possible to reconstruct the correct choice only by reading the annotations. Thus, remove the second case and keep the first one, so behavior stays the same (as nobody seems to have complained about it). Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit ad4eb2241b33b05b0942a3fa7ed2e53fb6e84386)
* mac80211: brcmfmac: backport more kernel 5.4 changesRafał Miłecki2019-09-098-9/+283
| | | | | | | | Patch getting RAM info got upstreamed. A debugging fs entry for testing reset feature was added. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 681acdcc54d2e59135bb706c38bed942f74ccf74)