aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* grub2: Fix CVE-2015-8370Rosen Penev2018-08-302-1/+45
| | | | | | | | | | | | This CVE is a culmination of multiple integer overflow issues that cause multiple issues like Denial of Service and authentication bypass. More info: https://nvd.nist.gov/vuln/detail/CVE-2015-8370 Taken from Fedora. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 7e73e9128f6a63b9198c88eea97c267810447be4)
* bzip2: Fix CVE-2016-3189Rosen Penev2018-08-302-1/+12
| | | | | | | | | | | Issue causes a crash with specially crafted bzip2 files. More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189 Taken from Fedora. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit f9469efbfa7ce892651f9a6da713eacbef66f177)
* scripts: bundle-libraries: fix logic flawJo-Philipp Wich2018-08-301-7/+6
| | | | | | | | | | | | Previous refactoring of the script moved the LDSO detection into a file-not-exists condition, causing onyl the very first executable to get bundled. Solve the problem by unconditionally checking for LDSO again. Fixes: 9030a78a71 ("scripts: bundle-libraries: prevent loading host locales") Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 5ebcd32997b6d10abcd29c8795a598fdcaf4521d)
* scripts: bundle-libraries: prevent loading host locales (FS#1803)Jo-Philipp Wich2018-08-301-5/+21
| | | | | | | | | | | | | | Binary patch the bundled glibc library to inhibit loading of host locale archives in order to avoid triggering internal libc assertions when invoking shipped, bundled executables. The problem has been solved with upstream Glibc commit 0062ace229 ("Gracefully handle incompatible locale data") but we still need to deal with older Glibc binaries for some time to come. Fixes FS#1803 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 9030a78a716b0a2eeed4510d4a314393262255c2)
* ramips: only limit lzma dictionary size on mt7621Jo-Philipp Wich2018-08-302-1/+2
| | | | | | | | | | | | | | The changed dictionary size leads to a different LZMA header which breaks sysupgrade image magic checkibng on at least some RT288x boards. Since the commit message only mentions testing on MT7621 and since the change appears to break at least one other ramips subtarget, do not take any chances and restrict the size limitation to only MT7621. Fixes FS#1797 Fixes 09b6755946 ("ramips: limit dictionary size for lzma compression") Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 77e2bccde8f7f98603f60473023dadec4f473cf6)
* uqmi: wait for the control device tooThomas Equeter2018-08-301-2/+2
| | | | | | | | | | | | | | | | The control device /dev/cdc-wdm0 is not available immediately on the D-Link DWR-921 Rev.C3, therefore the wwan interface fails to start at boot with a "The specified control device does not exist" error. This patch alters /lib/netifd/proto/qmi.sh to wait for network.wwan.delay earlier, before checking for the control device, instead of just before interacting with the modem. One still has to use network.wwan.proto='qmi', as the "wwan" proto performs that sort of check before any delay is possible, failing with a "No valid device was found" error. Signed-off-by: Thomas Equeter <tequeter@users.noreply.github.com>
* comgt: increase timeout on runcommandsGiuseppe Lippolis2018-08-291-1/+1
| | | | | | | | | | Some combination of modem/wireless operator requires more time to execute the commands. Tested on DWR-512 embedded wwan modem and italian operator iliad (new virtual operator). Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com> (cherry picked from commit 774d7fc9f2897d7b33ef15ddaa3522531eb85970)
* ugps: Update to fix position calculationBruno Randolf2018-08-291-3/+3
| | | | | | | | This is necessary to get my position right. Without this my longitude is incorrecty -15.85xxxx instead of -16.52yyyy Signed-off-by: Bruno Randolf <br1@einfach.org> (cherry picked from commit fe960cead7005811deb03c220f6bb5660f65e1d5)
* ugps: Add option disabledBruno Randolf2018-08-292-0/+4
| | | | | | | Like many other packages, an option to disable can be practical. Signed-off-by: Bruno Randolf <br1@einfach.org> (cherry picked from commit 6b14a73f4f619b7bbdeac1cbcd0d34b0957ca0cb)
* kernel: bump 4.14 to 4.14.67Koen Vandeputte2018-08-2811-38/+14
| | | | | | | | | | | | Refreshed all patches. Removed upstreamed patches: - 037-v4.18-0008-ARM-dts-BCM5301x-Fix-i2c-controller-interrupt-type.patch Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.124Koen Vandeputte2018-08-2812-19/+19
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ar71xx: WNR612v2: fix kernel panic due to wrong Wifi LED initMichal Cieslakiewicz2018-08-281-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Netgear WNR612v2 flashed with recent OpenWrt builds suffers from kernel panic at boot during wireless chip initialization, making device unusable: ath: phy0: Ignoring endianness difference in EEPROM magic bytes. ath: phy0: Enable LNA combining CPU 0 Unable to handle kernel paging request at virtual address 1000fee1, epc == 801d08f0, ra == 801d0d90 Oops[#1]: CPU: 0 PID: 469 Comm: kmodloader Not tainted 4.9.120 #0 [ ... register dump etc ... ] Kernel panic - not syncing: Fatal exception Rebooting in 1 seconds.. This simple patch fixes above error. It keeps LED table in memory after kernel init phase for ath9k driver to operate correctly (__initdata removed). Also, another bug is fixed - correct array size is provided to function that adds platform LEDs (this device has only 1 connected to Wifi chip) preventing code from going outside array bounds. Fixes: 1f5ea4eae46e ("ar71xx: add correct named default wireless led by using platform leds") Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl> [trimmed commit message] Signed-off-by: Mathias Kresin <dev@kresin.me>
* ar71xx/generic: enable Zyxel NBG6616 in kernel config againMatthias Schiffer2018-08-271-0/+1
| | | | | | | | | The NBG6616 shares a config symbol with the NBG6716. It was accidentally removed from the config when the ar71xx-tiny target was split off. Fixes: 0cd5e85e7ad6 ("ar71xx: create new ar71xx/tiny subtarget for 4MB flash devices") Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> (cherry picked from commit a4f4ddba61e61d3f15d19c4e57733a9e44ec8d09)
* mac80211: mwl8k: Expand non-DFS 5G channelsAntonio Silverio2018-08-271-0/+37
| | | | | | | Add non-DFS 5G upper channels (149-165) besides existed 4 lower channels (36, 40, 44, 48). Signed-off-by: Antonio Silverio <menion@gmail.com>
* mt76: update to the latest versionFelix Fietkau2018-08-251-3/+3
| | | | | | | | 7daf962 mt7603: add survey support 980c606 mt7603: add fix for CCA signal configuration 30b8371 mt7603: fix BAR rate Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dropbear: backport upstream fix for CVE-2018-15599Hans Dedecker2018-08-243-3/+224
| | | | | | | | | | CVE description : The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ramips: mt7620: add dir-810l network configRoger Pueyo Centelles2018-08-231-0/+1
| | | | | | | The device was not included in the /etc/board.d/02_network file, so the network wouldn't be properly set up on boot. Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
* ramips: fix compatibles in SoC dtsiMathias Kresin2018-08-233-3/+3
| | | | | | | The former used compatibles aren't defined anywhere and aren't used by the devicetree source files including them. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: fix GL-MT300N-V2 SoC compatibleMathias Kresin2018-08-231-1/+1
| | | | | | | | According to abbfcc85259a ("ramips: add support for GL-inet GL-MT300N-V2") the board has a MediaTek MT7628AN. Change the SoC compatible to match the used hardware. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: drop not existing groups from pinmuxMathias Kresin2018-08-2310-10/+10
| | | | | | | | | | | | | | RT5350 neither have rgmii nor a mdio pinmux group. MT7628an doesn't have a jtag group. Having these groups defined might cause a boot panic. The pin controller fails to initialise for kernels > 4.9 if invalid groups are used. If a subsystem references a pin controller configuration node, it can not find this node and errors out. In worst case it's the SPI driver which errors out and we have no root filesystem to mount. Signed-off-by: Mathias Kresin <dev@kresin.me>
* generic: revert workarounds for AR8337 switchMathias Kresin2018-08-232-62/+1
| | | | | | | | | | | | | The intention of 967b6be118e3 ("ar8327: Add workarounds for AR8337 switch") was to remove the register fixups for AR8337. But instead they were removed for AR8327. The RGMII RX delay is forced even if the port is used as phy instead of mac, which results in no package flow at least for one board. Fixes: FS#1664 Signed-off-by: Mathias Kresin <dev@kresin.me>
* kernel: bump 4.14 to 4.14.66Koen Vandeputte2018-08-223-14/+14
| | | | | | | | | Refreshed all patches Compile-tested on: cns3xxx, imx6 Runtime-tested on: cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.123Koen Vandeputte2018-08-224-19/+19
| | | | | | | | | Refreshed all patches Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* tools/bison: Update to 3.0.5Daniel Engberg2018-08-213-32/+10
| | | | | | | | | Update bison to 3.0.5 Bugfix release Remove 001-fix-macos-vasnprintf.patch as it is fixed upstream Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (cherry picked from commit df02e7a3c790552c9620242544ec0137dae6a32b)
* cns3xxx: fix mtu setting with kernel 4.14Mathias Kresin2018-08-201-10/+1
| | | | | | | | | | | Since kernel 4.10 commit 61e84623ace3 ("net: centralize net_device min/max MTU checking"), the range of mtu is [min_mtu, max_mtu], which is [68, 1500] by default. It's necessary to set a max_mtu if a mtu > 1500 is supported. Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Mathias Kresin <dev@kresin.me>
* kernel: bump 4.14 to 4.14.65Koen Vandeputte2018-08-201-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx, imx6, x86_64 Runtime-tested on: cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.122Koen Vandeputte2018-08-204-6/+6
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* OpenWrt v18.06.1: revert to branch defaultsJo-Philipp Wich2018-08-165-11/+9
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* OpenWrt v18.06.1: adjust config defaultsv18.06.1Jo-Philipp Wich2018-08-165-9/+11
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* rpcd: update to latest git HEADJo-Philipp Wich2018-08-161-3/+3
| | | | | | | | | | | 41333ab uci: tighten uci reorder operation error handling f91751b uci: tighten uci delete operation error handling c2c612b uci: tighten uci set operation error handling 948bb51 uci: tighten uci add operation error handling 51980c6 uci: reject invalid section and option names Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 8c91807214c42b481a0893e118d46f488419468a)
* openssl: update to version 1.0.2pHauke Mehrtens2018-08-153-4/+4
| | | | | | | | This fixes the following security problems: * CVE-2018-0732: Client DoS due to large DH parameter * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump kernel 4.9 to version 4.9.120Hauke Mehrtens2018-08-152-67/+2
| | | | | | | | | | | The following patch was integrated upstream: * target/linux/generic/backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch This fixes tries to work around the following security problems: * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump kernel 4.14 to version 4.14.63Hauke Mehrtens2018-08-155-107/+6
| | | | | | | | | | | | | | The following patches were integrated upstream: * target/linux/ipq40xx/patches-4.14/050-0006-mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch * target/linux/mediatek/patches-4.14/0177-phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass.patch This fixes tries to work around the following security problems: * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ramips: add missing USB packages into ASL26555-16MZoltan HERPAI2018-08-131-1/+1
| | | | | | | Mirror the package list from the 8M device profile to the 16M device profile. Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* brcm47xx: cosmetic fix in model detectionPaul Wassi2018-08-131-1/+1
| | | | | | | | In "brcm47xx: rework model detection" the file 01_detect was moved to 01_network, therefore also update the warning message in case everything fails. Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* ath25: Do not build images for ubnt2 and ubnt5Hauke Mehrtens2018-08-121-2/+2
| | | | | | | | The flash size of the ubnt2 and ubnt5 is limited and the images with LuCI are getting too big for these boards. Do not build images for these boards to make the complete build of this target not fail anymore. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* at91: do not build image for at91-q5xr5Hauke Mehrtens2018-08-121-1/+1
| | | | | | | | The kernel image of the at91-q5xr5 is getting too bing now and this is breaking the build. Remove the image for the at91-q5xr5 from the build to at least build images for the other devices. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uci: bump to source date 2018-08-11Yousong Zhou2018-08-111-3/+3
| | | | | | | Fixes segfault when parsing malformed delta lines Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (cherry picked from commit 3493c1cf41ecaa2f87394059a26578f723109a15)
* mwlwifi: update to version 10.3.8.0-20180615Kabuli Chana2018-08-111-4/+13
| | | | | | | | fix mcs rate for HT support 88W8997 protect rxringdone Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
* tools: findutils: fix compilation with glibc 2.28Luis Araneda2018-08-101-0/+104
| | | | | | | Add a temporary workaround to compile with glibc 2.28 as some constants were removed and others made private Signed-off-by: Luis Araneda <luaraneda@gmail.com>
* tools: m4: fix compilation with glibc 2.28Luis Araneda2018-08-101-0/+118
| | | | | | | Add a temporary workaround to compile with glibc 2.28 as some constants were removed and others made private Signed-off-by: Luis Araneda <luaraneda@gmail.com>
* kernel: bump 4.14 to 4.14.62Koen Vandeputte2018-08-103-10/+5
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx, imx6, x86_64 Runtime-tested on: cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.119Koen Vandeputte2018-08-105-109/+18
| | | | | | | | | | | | Refreshed all patches. Delete upstreamed patch: - 100-tcp-add-tcp_ooo_try_coalesce-helper.patch Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* wpa_supplicant: fix CVE-2018-14526John Crispin2018-08-101-0/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unauthenticated EAPOL-Key decryption in wpa_supplicant Published: August 8, 2018 Identifiers: - CVE-2018-14526 Latest version available from: https://w1.fi/security/2018-1/ Vulnerability A vulnerability was found in how wpa_supplicant processes EAPOL-Key frames. It is possible for an attacker to modify the frame in a way that makes wpa_supplicant decrypt the Key Data field without requiring a valid MIC value in the frame, i.e., without the frame being authenticated. This has a potential issue in the case where WPA2/RSN style of EAPOL-Key construction is used with TKIP negotiated as the pairwise cipher. It should be noted that WPA2 is not supposed to be used with TKIP as the pairwise cipher. Instead, CCMP is expected to be used and with that pairwise cipher, this vulnerability is not applicable in practice. When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data field is encrypted using RC4. This vulnerability allows unauthenticated EAPOL-Key frames to be processed and due to the RC4 design, this makes it possible for an attacker to modify the plaintext version of the Key Data field with bitwise XOR operations without knowing the contents. This can be used to cause a denial of service attack by modifying GTK/IGTK on the station (without the attacker learning any of the keys) which would prevent the station from accepting received group-addressed frames. Furthermore, this might be abused by making wpa_supplicant act as a decryption oracle to try to recover some of the Key Data payload (GTK/IGTK) to get knowledge of the group encryption keys. Full recovery of the group encryption keys requires multiple attempts (128 connection attempts per octet) and each attempt results in disconnection due to a failure to complete the 4-way handshake. These failures can result in the AP/network getting disabled temporarily or even permanently (requiring user action to re-enable) which may make it impractical to perform the attack to recover the keys before the AP has already changes the group keys. By default, wpa_supplicant is enforcing at minimum a ten second wait time between each failed connection attempt, i.e., over 20 minutes waiting to recover each octet while hostapd AP implementation uses 10 minute default for GTK rekeying when using TKIP. With such timing behavior, practical attack would need large number of impacted stations to be trying to connect to the same AP to be able to recover sufficient information from the GTK to be able to determine the key before it gets changed. Vulnerable versions/configurations All wpa_supplicant versions. Acknowledgments Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU Leuven for discovering and reporting this issue. Possible mitigation steps - Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This can be done also on the AP side. - Merge the following commits to wpa_supplicant and rebuild: WPA: Ignore unauthenticated encrypted EAPOL-Key data This patch is available from https://w1.fi/security/2018-1/ - Update to wpa_supplicant v2.7 or newer, once available Signed-off-by: John Crispin <john@phrozen.org> (cherry picked from commit 1961948585e008ad0095d7074784893229b00d06)
* Revert "libevent2: Don't build tests and samples"Jo-Philipp Wich2018-08-091-13/+0
| | | | | | | | This reverts commit fe90d14880ad80e5cbc0eba036f8f9f83fa77396. The cherry pick does not apply cleanly to 18.06. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: move e1000e patches to backportsStijn Tintel2018-08-094-0/+0
| | | | | | | They're already in linux.git, so they shouldn't be in pending. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 14b6c725411dfb3e44242bea3b000a1f58b52235)
* kernel: add pending e1000e fixesStijn Tintel2018-08-094-0/+331
| | | | | | | | | | | | | | | | The previous round of fixes for the 82574 chip cause an issue with emulated e1000e devices in VMware ESXi 6.5. It also contains changes that are not strictly necessary. These patches fix the issues introduced in the previous series, revert the unnecessary changes to avoid unforeseen fallout, and avoid a case where interrupts can be missed. The final two patches of this series are already in the kernel, so no need to include them here. Patchwork: https://patchwork.ozlabs.org/cover/881776/ Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit ef025e6417abd608ee398039623ac8a306bb92c5)
* firmware: intel-microcode: bump to 20180703Zoltan HERPAI2018-08-091-6/+6
| | | | | | | | | | | | | | | | | | | | | | | * New upstream microcode data file 20180703 + Updated Microcodes: sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432 sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456 sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360 sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408 sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792 sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408 sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672 sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744 sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432 sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728 + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640 + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for: Sandybridge server, Ivy Bridge server, Haswell server, Skylake server, Broadwell server, a few HEDT Core i7/i9 models that are actually gimped server dies. Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* curl: Fix CVE-2018-0500Hauke Mehrtens2018-08-082-1/+33
| | | | | | | | This backports a fix for: * CVE-2018-0500 SMTP send heap buffer overflow See here for details: https://curl.haxx.se/docs/adv_2018-70a2.html Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ustream-ssl: update to version 2018-05-22Hauke Mehrtens2018-08-081-4/+4
| | | | | | | 5322f9d mbedtls: Fix setting allowed cipher suites e8a1469 mbedtls: Add support for a session cache Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>