aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* mbedtls: update to version 2.16.5Josef Schlehofer2020-04-131-2/+2
| | | | | | | | | | | Changelog: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released Security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit 36af1967f5fcfc889594a8af0f92f873f445d249)
* busybox: enable truncate on bcm53xx targetRafał Miłecki2020-04-071-0/+1
| | | | | | | | It's needed for optimized sysupgrade. On host machine this change increased busybox size by 4096 B. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 547f1ec25af59f9e69ae3cb69d1312e63138d4bf)
* openssl: bump to 1.1.1fEneas U de Queiroz2020-04-012-83/+3
| | | | | | | | | | There were two changes between 1.1.1e and 1.1.1f: - a change in BN prime generation to avoid possible fingerprinting of newly generated RSA modules - the patch reversing EOF detection we had already applied. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit af5ccfbac74b859801cf174460fb8dbf9ed9e181)
* libpcap: Update shared-lib patch from Debian to fix linking problemsHauke Mehrtens2020-03-294-48/+156
| | | | | | | | | | | | | This updates the shared-lib patch to the recent version from debian found here: https://salsa.debian.org/rfrancoise/libpcap/-/blob/debian/1.9.1-2/debian/patches/shared-lib.diff This patch makes it include missing/strlcpy.o to the shared library which is needed for OpenWrt glibc builds, otherwise there is an undefined symbol and tcpdump and other builds are failing. Fixes: 44f11353de04 ("libpcap: update to 1.9.1") Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
* rpcd: fix respawn settingsPetr Štetiar2020-03-291-1/+1
| | | | | | | | | | | | | | | | | | | | Commit 432ec292ccc8 ("rpcd: add respawn param") has introduced infinite restarting of the service which could be reached over network. This is not recommended security practice as it might give potential adversary infinite number of tries in case there might be some issue in the rpcd or its surrounding stack. So lets remove the currently bogus `respawn_retry` variable (it wasn't possible to override it anyway), reverting to the previous default max. of 5 service restarts which could be now overriden via system's UCI settings if desired. Cc: Jo-Philip Wich <jow@mein.io> Cc: Florian Eckert <fe@dev.tdt.de> Cc: Hauke Mehrtens <hauke@hauke-m.de> Fixes: 432ec292ccc8 ("rpcd: add respawn param") Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 52e6fb13692986c76fd32159fb9fc82d712a5c3f)
* readline: needs host depend on ncurses to buildJan Kardell2020-03-291-0/+2
| | | | | | | We must ensure that host ncurses is build before host readline. Signed-off-by: Jan Kardell <jan.kardell@telliq.com> (cherry picked from commit ecef29b29463e7549779e90739e61f8729ccaf09)
* openssl: revert EOF detection change in 1.1.1Eneas U de Queiroz2020-03-292-1/+81
| | | | | | | | | | | | | | | | | | | | | | | This adds patches to avoid possible application breakage caused by a change in behavior introduced in 1.1.1e. It affects at least nginx, which logs error messages such as: nginx[16652]: [crit] 16675#0: *358 SSL_read() failed (SSL: error: 4095126:SSL routines:ssl3_read_n:unexpected eof while reading) while keepalive, client: xxxx, server: [::]:443 Openssl commits db943f4 (Detect EOF while reading in libssl), and 22623e0 (Teach more BIOs how to handle BIO_CTRL_EOF) changed the behavior when encountering an EOF in SSL_read(). Previous behavior was to return SSL_ERROR_SYSCALL, but errno would still be 0. The commits being reverted changed it to SSL_ERRO_SSL, and add an error to the stack, which is correct. Unfortunately this affects a number of applications that counted on the old behavior, including nginx. The reversion was discussed in openssl/openssl#11378, and implemented as PR openssl/openssl#11400. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 2e8a4db9b6b942e3180afda0dc0fd8ac506527f1)
* mac80211: Update to version 4.19.112Hauke Mehrtens2020-03-2933-365/+65
| | | | | | The removed patches are all integrated in the upstream version now. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* procd: turn error into debug message for missing ujail binaryPetr Štetiar2020-03-281-3/+3
| | | | | | | | | | | | Since commit 557f11b3a20f ("instance: provide error feedback if ujail binary is missing") worrying log spam of the form "unable to find /sbin/jail ..." may be encountered. This corresponds with the changes done in the upstream commit bcb86554f1b4 ("instance: add 'requirejail' attribute"). Ref: https://forum.openwrt.org/t/openwrt-19-07-2-service-release/57066 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* mac80211: fix brcmfmac monitor interface crashRafał Miłecki2020-03-272-1/+101
| | | | | | | | This fixes bug in brcmfmac *exposed* by ipv6/addrconf fix. Fixes: 6e4453aecc22 ("kernel: backport out-of-memory fix for non-Ethernet devices") Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 038318f766a7bd123c4fb413e9a2947445f441d4)
* dnsmasq: add 'scriptarp' optionJordan Sokolic2020-03-232-1/+3
| | | | | | | | | | | Add option 'scriptarp' to uci dnsmasq config to enable --script-arp functions. The default setting is false, meaning any scripts in `/etc/hotplug.d/neigh` intended to be triggered by `/usr/lib/dnsmasq/dhcp-script.sh` will fail to execute. Also enable --script-arp if has_handlers returns true. Signed-off-by: Jordan Sokolic <oofnik@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* openssl: update to 1.1.1eEneas U de Queiroz2020-03-224-41/+22
| | | | | | | | This version includes bug and security fixes, including medium-severity CVE-2019-1551, affecting RSA1024, RSA1536, DSA1024 & DH512 on x86_64. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit dcef8d6093cd54aa990a5ae0099a16e88a18dfbd)
* openssl: add configuration example for afalg-syncEneas U de Queiroz2020-03-222-2/+31
| | | | | | | | This adds commented configuration help for the alternate, afalg-sync engine to /etc/ssl/openssl.cnf. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit d9d689589b96bd80e57e5c603d84d6ee95049800)
* rssileds: add dependencies based on LDFLAGSopenwrt-19.07Adrian Schmutzler2020-03-111-1/+1
| | | | | | | | | | | | | | | | | | This adds the direct dependencies introduced by TARGET_LDFLAGS to the package's DEPENDS variable. This was found by accidentally building rssileds on octeon, which resulted in: "Package rssileds is missing dependencies for the following libraries: libnl-tiny.so" Though the dependencies are provided when building for the relevant targets ar71xx, ath79 and ramips, it seems more tidy to specify them explicitly. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit a5b2c6f5edef1958d8789ff9bd89b408893b4358)
* mt76: update to the latest versionFelix Fietkau2020-03-111-3/+3
| | | | | | | | | | | | | | | | | | | | | 8682e0d0b49c mt76: speed up usb bulk copy 884c25e7caca mt76: usb: use max packet length for m76u_copy 1ad98b95cf4a mt76: mt76u: rely only on data buffer for usb control messagges 3d491603caff mt76: fix array overflow on receiving too many fragments for a packet 9792a62e7f30 mt76: set dma-done flag for flushed descriptors 53233cdf9486 mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw a4ae9219e6c7 mt76: dma: do not write cpu_idx on rx queue reset until after refill 1198fa57d185 mt76: mt7603: increase dma mcu rx ring size 91cd5be6ee37 mt76: avoid extra RCU synchronization on station removal 7d7fb26bb78a mt76: mt76x2: avoid starting the MAC too early aac609809de1 mt76: fix LED link time failure 18627db2e633 mt76: mt76x0u: add support to TP-Link T2UHP 5ecfdb1a6e0a mt76: mt76x02: fix handling MCU timeouts during hw restart f7e9be89db59 mt76: mt7603: add upper limit for dynamic sensitivity minimum receive power 23b834485070 mt76: mt7603: enable dynamic sensitivity adjustment by default 08054d5ab135 mt76: mt76x02: reset MCU timeout counter earlier in watchdog reset Signed-off-by: Felix Fietkau <nbd@nbd.name>
* rpcd: add respawn paramFlorian Eckert2020-03-042-1/+2
| | | | | | | | | | | The rpcd service is an important service, but if the service stops working for any reason, no one will ever respawn that service. With this commit, the procd service will monitor if the rpcd service is running. If the rpcd service has crashed, then procd respawns the rpcd service. Signed-off-by: Florian Eckert <fe@dev.tdt.de> (cherry picked from commit 432ec292ccc8b634facacbd018d08947d204225a)
* rpcd: update to latest Git HEADJo-Philipp Wich2020-03-041-3/+3
| | | | | | | aaa0836 file: extend exec acl checks to commands with arguments Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 762aac50c09cca494bbc8cfbe8aff967f39ce8cd)
* OpenWrt v19.07.2: revert to branch defaultsJo-Philipp Wich2020-02-271-2/+2
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* OpenWrt v19.07.2: adjust config defaultsv19.07.2Jo-Philipp Wich2020-02-271-2/+2
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* libubox: update to latest Git HEADJo-Philipp Wich2020-02-271-3/+3
| | | | | | | | | 7da6643 tests: blobmsg: add test case 75e300a blobmsg: fix wrong payload len passed from blobmsg_check_array Fixes: FS#2833 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 955634b473284847e3c8281a6ac85655329d8b06)
* ppp: backport security fixesPetr Štetiar2020-02-264-1/+129
| | | | | | | | | | | 8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP 8d7970b8f3db pppd: Fix bounds check in EAP code 858976b1fc31 radius: Prevent buffer overflow in rc_mksid() Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 215598fd03899c19a9cd26266221269dd5ec8cee) Fixes: CVE-2020-8597 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* Revert "ppp: backport security fixes"Jo-Philipp Wich2020-02-264-129/+1
| | | | | | | | This reverts commit 6b7eeb74dbf8b491b6426820bfa230fca60047dc since it didn't contain a reference to the CVE it addresses. The next commit will re-add the commit including a CVE reference in its commit message. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: update to latest Git HEADJo-Philipp Wich2020-02-261-3/+3
| | | | | | | 2ee323c file: poke ustream after starting deferred program Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 04069fde19e86af7728111814afadf780bf08018)
* ppp: backport security fixesPetr Štetiar2020-02-204-1/+129
| | | | | | | | | 8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP 8d7970b8f3db pppd: Fix bounds check in EAP code 858976b1fc31 radius: Prevent buffer overflow in rc_mksid() Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 215598fd03899c19a9cd26266221269dd5ec8cee)
* hostapd: remove erroneous $(space) redefinitionJo-Philipp Wich2020-02-081-3/+0
| | | | | | | | | | | | | | | | | The $(space) definition in the hostapd Makefile ceased to work with GNU Make 4.3 and later, leading to syntax errors in the generated Kconfig files. Drop the superfluous redefinition and reuse the working $(space) declaration from rules.mk to fix this issue. Fixes: GH#2713 Ref: https://github.com/openwrt/openwrt/pull/2713#issuecomment-583722469 Reported-by: Karel Kočí <cynerd@email.cz> Suggested-by: Jonas Gorski <jonas.gorski@gmail.com> Tested-by: Shaleen Jain <shaleen@jain.sh> Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 766e778226f5d4c6ec49ce22b101a5dbd4306644)
* uboot-envtools: ath79: add Netgear WNDR3700v2Michal Cieslakiewicz2020-02-071-1/+2
| | | | | | | | | Add Netgear WNDR3700v2 to the list of supported boards. Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl> [rebase, adjusted commit title] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit a09408fa576c6482c21f683662cb2d5a49e14ecf)
* mac80211: brcm: backport remaining 5.6 kernel patchesRafał Miłecki2020-02-0710-3/+651
| | | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit aca274091ad3b50b770c0dd44f3ceefe8095d528)
* OpenWrt v19.07.1: revert to branch defaultsJo-Philipp Wich2020-01-291-2/+2
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* OpenWrt v19.07.1: adjust config defaultsv19.07.1Jo-Philipp Wich2020-01-291-2/+2
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* opkg: update to latest Git HEADJo-Philipp Wich2020-01-291-3/+3
| | | | | | | | | 80d161e opkg: Fix -Wformat-overflow warning c09fe20 libopkg: fix skipping of leading whitespace when parsing checksums Fixes: CVE-2020-7982 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit c69c20c6670081d1eaab000734d89de57eb64148)
* mac80211: Update to version 4.19.98Hauke Mehrtens2020-01-2737-570/+74
| | | | | | The removed patches are all integrated in the upstream version now. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* lantiq: ltq-ptm: vr9: fix skb handling in ptm_hard_start_xmit()Martin Schiller2020-01-262-1/+4
| | | | | | | | | | | Call skb_orphan(skb) to call the owner's destructor function and make the skb unowned. This is necessary to prevent sk_wmem_alloc of a socket from overflowing, which leads to ENOBUFS errors on application level. Signed-off-by: Martin Schiller <ms@dev.tdt.de> (cherry picked from commit 996f02e5bafad2815e72821c19d41fb5297e4dad)
* mbedtls: update to 2.16.4Magnus Kroken2020-01-262-24/+24
| | | | | | | | | | | | | | | | Fixes side channel vulnerabilities in mbed TLS' implementation of ECDSA. Release announcement: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released Security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12 Fixes: * CVE-2019-18222: Side channel attack on ECDSA Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit 6e96fd90471a49185bcfe9dcb4844d444674ecab)
* procd: update to version 2020-01-24Petr Štetiar2020-01-241-4/+4
| | | | | | | | | | | | Get only fix backports from openwr-19.07 procd branch: 31e4b2dfdbd7 state: fix reboot causing shutdown inside LXC container 557f11b3a20f instance: provide error feedback if ujail binary is missing 0a11aa405d3f instance: Fix instance_config_move_strdup() function 44dd9419812b instance: fix typo in error message 153820c76471 instance: fix pidfile and seccomp attributes double free Signed-off-by: Petr Štetiar <ynezz@true.cz>
* hostapd: fix faulty WMM IE parameters with ETSI regulatory domainsFelix Fietkau2020-01-232-0/+88
| | | | | | | | hostapd sets minimum values for CWmin/CWmax/AIFS and maximum for TXOP. The code for applying those values had a few bugs leading to bogus values, which caused significant latency and packet loss. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uboot-envtools: ath79: add support for glinet,gl-ar150Kimmo Vuorinen2020-01-231-0/+3
| | | | | | | | | Add ubootenv uci config for GL.inet GL-AR150 Signed-off-by: Kimmo Vuorinen <kimmo.vuorinen@gmail.com> [commit title/message facelift] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit a8723c48add5cc8381d88234b9cdda2bb6a866aa)
* uboot-envtools: ar71xx: add support for gl-ar150/-domino/-mifiKimmo Vuorinen2020-01-231-0/+5
| | | | | | | | | Add ubootenv uci config for gl-ar150, gl-domino and gl-mifi Signed-off-by: Kimmo Vuorinen <kimmo.vuorinen@gmail.com> [commit message/title facelift] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit dc6dfaac80f392baef1d0d7b06bb1fc19812e041)
* urngd: update to version 2020-01-21Petr Štetiar2020-01-211-3/+3
| | | | | | | | c7f7b6b65b82 Tag version 1.0.2 236b7a0aef21 Fix blocked entropy generation Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 3d8edd9bb4759f56df4482b3ed9c7fc26ed86028)
* urngd: update to latest Git headPetr Štetiar2020-01-211-4/+4
| | | | | | | | | | * 40f939d57c67 Tag version 1.0.1 * 9e758e6e6aec jitterentropy-rngd: update to version v1.1.0 + clang compile fix * 193586a25adc Fix wrong types in format strings used in debug build * d474977bb611 Add initial GitLab CI support Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit ed67b137c748365d7a3be886a2f5309c3bc44c48)
* libubox: update to version 2020-01-20Petr Štetiar2020-01-201-3/+3
| | | | | | | | | | | | | | | | | 43a103ff17ee blobmsg: blobmsg_parse and blobmsg_parse_array oob read fixes 5c0faaf4f5e2 tests: prefer dynamically allocated buffers 1ffa41535369 blobmsg_json: prefer snprintf usage 132ecb563da7 blobmsg: blobmsg_vprintf: prefer vsnprintf a2aab30fc918 jshn: prefer snprintf usage b0886a37f39a cmake: add a possibility to set library version a36ee96618a9 blobmsg: blobmsg_add_json_element() 64-bit values f0da3a4283b7 blobmsg_json: fix int16 serialization 20a070f08139 tests: blobmsg/json: add more test cases 379cd33d1992 tests: include json script shunit2 based testing Acked-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 5c73bb12c82c078d8a93cb896348b41598ed9e19)
* fstools: backport fix from version 2020-01-18Petr Štetiar2020-01-201-3/+3
| | | | | | | | | | | | | Contains only the FS#2735 fix: 189b41b6b487 libblkid-tiny: fix f2fs labels by increasing label buffer Commit adding new feature wasn't backported (needs patched kernel anyway): f5c7c1813f52 fstools: Add support to read-only MTD partitions (eg. recovery images) Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 63000bfaf7163d97ac6feb343c7587e3d339e65e)
* hostapd: cleanup IBSS-RSNDaniel Golle2020-01-162-6/+2
| | | | | | | set noscan also for IBSS and remove redundant/obsolete variable. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 702c70264b388c2b47e171843f297f43c71b86b9)
* cryptodev-linux: remove DEFAULT redefinitionEneas U de Queiroz2020-01-151-1/+0
| | | | | | | | | The 'DEFAULT:=m if ALL' line prevents the phase1 buildbots from building the package, and users from downloading it, since they use 'ALL_KMODS=y' but 'ALL' is not set. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 9b25f833eb840527d07c47930de2c769115844f3)
* mac80211: fix a page refcounting issue leading to leaks/crashes in rx A-MSDU ↵Felix Fietkau2020-01-151-0/+25
| | | | | | | decap Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 9501469e1146c6d76b7dde6391479314897ba4d8)
* mac80211: fix sta TID stats leak on a few nl80211 callsFelix Fietkau2020-01-151-0/+21
| | | | | Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit d5b3024139089e38f57bd1827273d7fba8497635)
* ucert: update to version 2019-12-19Petr Štetiar2020-01-141-3/+3
| | | | | | | | | | | | | | | 14a279411cff fix certificate blob parsing vulnerability by using blob_parse_untrusted 19a7225ac018 fix leaking memory in cert_dump_blob 9dba44ddd4f5 fix possibly garbage value returned in cert_process_revoker 4462ff9dedfa add cram based unit tests 5fe64b5606aa cmake: split usign bits into static library 5d7626a2b6d8 cmake: reindent the file e284ed941972 cmake: enable hardening compiler flags and fix the reported issues 7e5390666347 add initial GitLab CI support fa0bf4ef45b1 cmake: add proper include and library dependencies Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 2544cb1ba377149a8663c7ac4a625d5399993e33)
* ethtool: fix PKG_CONFIG_DEPENDSMatthias Schiffer2020-01-071-1/+1
| | | | | | | Add missing CONFIG_ prefix. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> (cherry picked from commit 41c19dd542973dbc1336ecceaa32777506933cdf)
* OpenWrt v19.07.0: revert to branch defaultsHauke Mehrtens2020-01-061-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* OpenWrt v19.07.0: adjust config defaultsv19.07.0Hauke Mehrtens2020-01-061-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* dnsmasq: Fix potential dnsmasq crash with TCPHauke Mehrtens2020-01-062-1/+36
| | | | | | | | | | | | | | | | This is a backport from the dnsmasq master which should fix a bug which could cause a crash in dnsmasq. I saw the following crashes in my log: [522413.117215] do_page_fault(): sending SIGSEGV to dnsmasq for invalid read access from 2a001450 [522413.124464] epc = 004197f1 in dnsmasq[400000+23000] [522413.129459] ra = 004197ef in dnsmasq[400000+23000] This is happening in blockdata_write() when block->next is dereferenced, but I am not sure if this is related to this problem or if this is a different problem. I am unable to reproduce this problem. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 414d0541381d432e69190f394dfe2a6e8122d6bb)