aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* OpenWrt v19.07.5: adjust config defaultsv19.07.5Hauke Mehrtens2020-12-075-10/+12
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* tools: always create $STAGING_DIR/usr/{include,lib}Andre Heider2020-12-061-1/+1
| | | | | | | | | | | | | | rules.mk always passes these as -I/-L to the toolchain. Fixes rare errors like: cc1: error: staging_dir/target-aarch64_cortex-a53_musl/usr/include: No such file or directory [-Werror=missing-include-dirs] Signed-off-by: Andre Heider <a.heider@gmail.com> Acked-by: Paul Spooren <mail@aparcar.org> Acked-by: Rosen Penev <rosenp@gmail.com> [fixed merge conflict] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit b0cb305236524095bfd899449b0ad8eb821cb3bb)
* toolchain: kernel-headers: kernel Git tree mirror hashPetr Štetiar2020-12-052-0/+6
| | | | | | | Allow setting of mirror hash for Git kernel tree. Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 796d51834c5be85771d26e433fd509cd3bef72e3)
* toolchain: kernel-headers: fix check target for kernel Git treePetr Štetiar2020-12-051-2/+9
| | | | | | | | | | | | | | Currently the check target fails if the kernel Git tree is used: $ make toolchain/kernel-headers/{download,check} make[2]: Entering directory 'toolchain/kernel-headers' Makefile:105: *** ERROR: Unknown pack format for file openwrt/tmp/dl/. Stop. make[2]: Leaving directory 'toolchain/kernel-headers' toolchain/Makefile:100: recipe for target 'toolchain/kernel-headers/check' failed Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit bb7ba6b6a81d1fb7ac6075edfd8e8b713dd61db2)
* download.pl: properly cleanup intermediate .hash filePetr Štetiar2020-12-051-1/+1
| | | | | | | | | | | It seems like after a build the /dl dir seems to now contain a .hash file for each source file due to inproper cleanup so fix it by removing those intermediate files before leaving the download action. Fixes: 4e19cbc55335 ("download: handle possibly invalid local tarballs") Reported-by: Hannu Nyman <hannu.nyman@iki.fi> Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 52a5d0d27f2557db99fc5435fbd7783b649cb9b2)
* download: handle possibly invalid local tarballsPetr Štetiar2020-12-053-0/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently it's assumed, that already downloaded tarballs are always fine, so no checksum checking is performed and the tarball is used even if it might be corrupted. From now on, we're going to always check the downloaded tarballs before considering them valid. Steps to reproduce: 1. Remove cached tarball rm dl/libubox-2020-08-06-9e52171d.tar.xz 2. Download valid tarball again make package/libubox/download 3. Invalidate the tarball sed -i 's/PKG_MIRROR_HASH:=../PKG_MIRROR_HASH:=ff/' package/libs/libubox/Makefile 4. Now compile with corrupt tarball source make package/libubox/{clean,compile} Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 4e19cbc553350b8146985367ba46514cf50e3393)
* cmake.mk,rules.mk: fix host builds using CMake and ccachePetr Štetiar2020-12-052-2/+17
| | | | | | | | | | | | | | | Commit f98878e4c17d ("cmake.mk: set C/CXX compiler for host builds as well") has introduced regression as it didn't taken usage of ccache into the account so fix it by handling ccache use cases as well. In order to get this working we need to export HOSTCXX_NOCACHE in rules.mk as well. Fixes: f98878e4c17d ("cmake.mk: set C/CXX compiler for host builds as well") Reported-by: Ansuel Smith <ansuelsmth@gmail.com> Tested-by: Ansuel Smith <ansuelsmth@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 524fb5646eec6147aadfdd508219f39bcf8ba8fc)
* cmake.mk: set C/CXX compiler for host builds as wellRosen Penev2020-12-051-0/+2
| | | | | | | | Without this, cmake will use whatever CC/CXX is set to, which could be clang. In that case, at least libjson-c/host will fail to compile. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit f98878e4c17d5f11e78994b4fc456e6b60b2660f)
* mvebu: fixup Turris Omnia U-Boot environmentKlaus Kudielka2020-12-041-0/+44
| | | | | | | | | | | | | | | | Fixup dfa357a3de "mvebu: base-files: Update Turris Omnia U-Boot environment" which should have included this file as well. By rebasing the initial patch this file somehow disappeared. Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com> Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl> Tested-by: W. Michael Petullo <mike@flyn.org> (Turris Omnia "2020") Tested-by: Klaus Kudielka <klaus.kudielka@gmail.com> (Turris Omnia) [explain fixup in commit message] Signed-off-by: Paul Spooren <mail@aparcar.org> (backported from commit 485ce5bbe5cc33526e56817694a79a7d94160e01) Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* mvebu: base-files: Update Turris Omnia U-Boot environmentKlaus Kudielka2020-12-041-9/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move the update procedure from sysupgrade to first boot, which is much more convenient in the sysupgrade case (otherwise the environment is always one generation behind). Check whether we have an old U-Boot release installed, and update the environment only if necessary. Some notes on the U-Boot environment: The first 9 lines are a copy of the default environment of the old U-Boot release - only modified, to run "distro_bootcmd", in case "mmcboot" fails to boot the factory OS. The remaining 16 lines are a backport of the default environment of the new U-Boot release (shipped with CZ11NIC23). The main entry point is "distro_bootcmd", which eventually sources boot.scr. This way, we have a unified boot protocol for all Turris Omnia revisions so far. This commit also fixes a shortcoming of previous Turris Omnia support: Users may install OpenWrt with the Turris Omnia in factory state (i.e. invalid environment store). In that case, neither fw_setenv, nor U-Boot itself, would import the default environment from the image - screwing up the rescue system, at least! Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com> Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl> Tested-by: W. Michael Petullo <mike@flyn.org> (Turris Omnia "2020") Tested-by: Klaus Kudielka <klaus.kudielka@gmail.com> (Turris Omnia) (cherry picked from commit dfa357a3def512c13f22371d24138b6e8093be18)
* mvebu: Add turris-omnia.bootscriptKlaus Kudielka2020-12-042-1/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In contrast to the U-Boot version shipped with older versions of Turris Omnia (CZ11NIC13, CZ11NIC20), the version shipped with Turris Omnia 2019 (CZ11NIC23) relies on the existence of /boot.scr. Consequently, add a suitable boot script to the sysupgrade image. Flash instructions for Turris Omnia 2019: - Download openwrt-...-sysupgrade.img.gz, gunzip it, and copy the resulting .img file to the root of a USB flash drive (FAT32 or ext2/3/4). - Enter a rescue shell: Either via 5-LED reset and ssh root@192.168.1.1 on LAN port 4, or via 7-LED reset and the serial console. - Insert the USB drive and mount it: mkdir /mnt; mount /dev/sda1 /mnt - Flash the OpenWrt image to eMMC: dd if=/mnt/openwrt-...-sysupgrade.img of=/dev/mmcblk0 bs=4096 conv=fsync - Reboot. Flash instructions using a temporary "medkit" installation were written for the older versions of Turris Omnia, and will *not* work on the Turris Omnia 2019. Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com> Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl> Tested-by: W. Michael Petullo <mike@flyn.org> (Turris Omnia "2020") (cherry picked from commit afd4375a33840fa949c898fb6bc603e8645edd61)
* uboot-envtools: mvebu: update uci defaults for Turris OmniaKlaus Kudielka2020-12-042-2/+6
| | | | | | | | | | | | | On the Turris Omnia 2019, u-boot environment is located at 0xF0000, instead of 0xC0000. The switch happened with u-boot-omnia package version 2019-04-2 (May 10, 2019). Check the installed u-boot release, and set the default accordingly. Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com> [bump PKG_RELEASE, use lower case for hex offset] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 04d3b517dc3301e0148a2ce811ffc136568b04bd)
* kernel: backport GD25Q256 support from 4.15Kuan-Yi Li2020-12-0123-52/+134
| | | | | | | | | | | | | | | | | | | | | | | | | | | Backport below changes for GigaDevice GD25Q256 support from v4.15: e27072851bf7 mtd: spi-nor: add a quad_enable callback in struct flash_info 65153846b18c mtd: spi-nor: add support for GD25Q256 This chip is used on newer Quad-E4G boards. Before: [ 2.366493] m25p80 spi0.0: unrecognized JEDEC id bytes: c8, 40, 19 [ 2.372853] m25p80: probe of spi0.0 failed with error -2 After: [ 2.371722] m25p80 spi0.0: gd25q256 (32768 Kbytes) [ 2.376694] 5 fixed-partitions partitions found on MTD device spi0.0 [ 2.383043] Creating 5 MTD partitions on "spi0.0": [ 2.387824] 0x000000000000-0x000000030000 : "u-boot" [ 2.394138] 0x000000030000-0x000000031000 : "u-boot-env" [ 2.400608] 0x000000031000-0x000000040000 : "config" [ 2.406830] 0x000000040000-0x000000050000 : "factory" [ 2.413169] 0x000000050000-0x000002000000 : "firmware" Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
* kernel: bump 4.14 to 4.14.209Hauke Mehrtens2020-12-016-59/+39
| | | | | | | | | | | | Refreshed all patches. Altered patches: - 804-i2c-support-layerscape.patch Compile-tested on: ipq40xx, ath79, layerscape/armv8_64b Runtime-tested on: ipq40xx, ath79 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wireguard-tools: fix category/description in menuconfigAlberto Bursi2020-12-011-2/+11
| | | | | | | | | | | | | | | | | | | | | | wireguard-tools is trying to import the menuconfig section from the wireguard package, but since it's not anymore in the same makefile this seems to fail and wireguard-tools ends up in "extra packages" category instead with other odds and ends. Same for the description, it's trying to import it from the wireguard package but it fails so it only shows the line written in this makefile. remove the broken imports and add manually the entries and description they were supposed to load Fixes: ea980fb9c6de ("wireguard: bump to 20191226") Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com> [fix trailing whitespaces, add Fixes] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit a4d52522c7fbc47a04215b8f04a2e1f7cf7aafea)
* ipq40xx: disable double-tagging for PSGMII devicesDavid Bauer2020-11-301-128/+0
| | | | | | | | | | | | | This commit disables the double tagging recently backported to 19.07. Operating the switch on the S-Tag had the advantage of being able to have separate VLANs for the same C-VID on LAN and WAN. However, this broke the ability to configure C-TAG modifications on the switch. Also performance took a significant toll. Fixes: commit 8c191712558c ("ipq40xx: fix ethernet vlan double tagging") Signed-off-by: David Bauer <mail@david-bauer.net>
* tcpdump: patch CVE-2020-8037Jan Pavlinec2020-11-252-1/+48
| | | | | | | | | | This PR backports upstream fix for CVE-2020-8037. This fix is only relevant for tcpdump package, tcpdump-mini is not affeted by this issue. Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz> [added missing commit description] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 5bb3cc749ee0d08d82acda3c084ff759f3829a91)
* kernel: mtd: parser: cmdline: Fix parsing of part-names with colonsSven Eckelmann2020-11-241-0/+63
| | | | | | | | | | | | | | | | | | | | | | | Some devices (especially QCA ones) are already using hardcoded partition names with colons in it. The OpenMesh A62 for example provides following mtd relevant information via cmdline: root=31:11 mtdparts=spi0.0:256k(0:SBL1),128k(0:MIBIB),384k(0:QSEE),64k(0:CDT),64k(0:DDRPARAMS),64k(0:APPSBLENV),512k(0:APPSBL),64k(0:ART),64k(custom),64k(0:KEYS),0x002b0000(kernel),0x00c80000(rootfs),15552k(inactive) rootfsname=rootfs rootwait The change to split only on the last colon between mtd-id and partitions will cause newpart to see following string for the first partition: KEYS),0x002b0000(kernel),0x00c80000(rootfs),15552k(inactive) Such a partition list cannot be parsed and thus the device fails to boot. Avoid this behavior by making sure that the start of the first part-name ("(") will also be the last byte the mtd-id split algorithm is using for its colon search. Fixes: 9c718b5478ac ("kernel: bump 4.14 to 4.14.200") Signed-off-by: Sven Eckelmann <sven@narfation.org> (backported from commit 223eec7e81f8506592fc89cf79a2f14360f5c57b)
* ar71xx,ath79: refresh 910-unaligned_access_hacks.patchPetr Štetiar2020-11-242-2/+2
| | | | | | | | | Commit c9c7b4b3945c ("kernel: add netfilter-actual-sk patch") has touched net/ipv6/netfilter/ip6table_mangle.c which in turn has affected 910-unaligned_access_hacks.patch so the patch needs to be refreshed. Fixes: c9c7b4b3945c ("kernel: add netfilter-actual-sk patch") Signed-off-by: Petr Štetiar <ynezz@true.cz>
* musl: handle wcsnrtombs destination buffer overflow (CVE-2020-28928)Petr Štetiar2020-11-232-1/+66
| | | | | | | | | | | | | | | | | | | The wcsnrtombs function in all musl libc versions up through 1.2.1 has been found to have multiple bugs in handling of destination buffer size when limiting the input character count, which can lead to infinite loop with no forward progress (no overflow) or writing past the end of the destination buffera. This function is not used internally in musl and is not widely used, but does appear in some applications. The non-input-limiting form wcsrtombs is not affected. All users of musl 1.2.1 and prior versions should apply the attached patch, which replaces the overly complex and erroneous implementation. The upcoming 1.2.2 release will adopt this new implementation. Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 4d4ef1058c0f10aa2fa4070cd6b9db4d48b94148)
* kernel: add netfilter-actual-sk patchAaron Goodman2020-11-231-0/+234
| | | | | | | | Backport of linux kernel commit 46d6c5a to 4.14 kernel. netfilter: use actual socket sk rather than skb sk when routing harder Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
* uhttpd: update to 19.07 Git HEADJo-Philipp Wich2020-11-201-3/+3
| | | | | | | 3abcc89 client: fix spurious keepalive connection timeouts Fixes: FS#3443 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* scripts: download.pl: retry download using filenameDavid Bauer2020-11-201-2/+6
| | | | | | | | | | | | | | | | | With this commit, the download script will try downloading source files using the filename instead of the url-filename in case the previous download attempt using the url-filename failed. This is required, as the OpenWrt sources mirrors serve files using the filename files might be renamed to after downloading. If the original mirror for a file where url-filename and filename do not match goes down, the download failed prior to this patch. Further improvement can be done by performing this only for the OpenWrt sources mirrors. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit d36999389890fb952fc7cc8c0db8e1bbb671af12)
* layerscape: Fix check after kernel updateHauke Mehrtens2020-11-161-2/+7
| | | | | | | | The fsl_destroy_mc_io() function was moved, add the new checks to the moved copy and not just remove it. Fixes: ac5297340e64 ("kernel: bump 4.14 to 4.14.206") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.14 to 4.14.206Koen Vandeputte2020-11-1632-49/+54
| | | | | | | | | | | | | | | | Refreshed all patches. Altered patches: - 210-dwc2_defaults.patch - 708-mc-bus-support-layerscape.patch Fixes: - CVE-2020-25656 Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ath79: remove wmac mtd-mac-address for UniFi AC familyRoger Pueyo Centelles2020-11-121-1/+1
| | | | | | | | | | | | | | | | | The MAC address for the wmac 2.4 GHz radio of the Ubiquiti UniFi AC family of devices is actually embedded in the mtd-cal-data, so there is no need for mtd-mac-address (which was incorrectly forcing wmac to have the same MAC as eth0). This makes it coherent with the stock firmware and the ar71xx target: · XX:XX:XX:X0:XX:XX eth0 · XX:XX:XX:X1:XX:XX ath0/wlan1 (2.4 GHz) · XX:XX:XX:X2:XX:XX ath1/wlan0 (5 GHz) Checked on a UniFi AC Mesh, a UniFi AC LR and a UniFi Lite. Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net> (cherry picked from commit 20ace70db65c3f1cb6a842d3092ac2eb7be81b5a)
* feeds: add freifunk feedSven Roederer2020-11-111-0/+1
| | | | | | | | | | Read the freifunk packages, that have been moved from the LuCI feed into its own feed in January 2019. Use openwrt-19.07 branch of that repository for openwrt-19.07. Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de> (cherry picked from commit 221f97ff4737f012c90feb086bc1c2ed86c6001b) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ath79: use correct firmware name for UniFi APDavid Bauer2020-11-111-4/+2
| | | | | | | | | | | The Ubiquiti UniFi AP does not have a AHB connected radio but a PCI one. Also the EEPROM ist only 0x440 bytes of length. Reported-by: Martin Weinelt <martin@darmstadt.freifunk.net> Tested-by: Martin Weinelt <martin@darmstadt.freifunk.net> Signed-off-by: David Bauer <mail@david-bauer.net> (backported from commit 4c5eb1040f94871626f6a533242c3a9c068d5bb6) Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ramips: fix logic level for DIR-645 buttonsDavid Bauer2020-11-111-2/+2
| | | | | | | | | | | | The D-Link DIR-645 currently uses an incorrect logic level for its buttons. Correct them in order to prevent unintentional activation of failsafe mode. Reported-by: Perry Melange <isprotejesvalkata@gmail.com> Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 929e8f0f553637076f2612fb1c2225c5cee1f7ab)
* ath79: fix LED labels for PowerCloud CAP324Adrian Schmutzler2020-11-113-3/+6
| | | | | | | | | | The order of function and color in the labels in inverted for the LAN LEDs. Fix it. Fixes: 915966d86121 ("ath79: Port PowerCloud Systems CAP324 support") Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 96023cd4ba66c33e77d9df562dda44b0a1ba1ac9)
* uci: Backport security fixesHauke Mehrtens2020-10-283-1/+156
| | | | | | | This packports two security fixes from master. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit f9005d4f80dee3dcc257d4613cbc46668faad094)
* uboot-envtools: mvebu: fix config for mainline u-bootAndre Heider2020-10-281-1/+8
| | | | | | | | | | | | | Mainline u-boot dynamically passes the mtd partitions via devicetree: $ cat /proc/mtd dev: size erasesize name mtd0: 003f0000 00001000 "firmware" mtd1: 00010000 00001000 "u-boot-env" Add support for this setup. Signed-off-by: Andre Heider <a.heider@gmail.com> (cherry picked from commit 60c9a27cbcc6ba00d75b4b592f507237dbfb460f)
* mvebu: Add bootscript for espressobin to support mainline firmwareAndre Heider2020-10-282-0/+38
| | | | | | | | | | | | | | | | | The generic bootscript is tailored around a downstream firmware and doesn't work on a firmware built from mainline components. Add a bootscript which: * sets $console since mainline u-boot doesn't do that * uses distro boot variables, so OpenWRT can be booted off any supported device when using a mainline firmware * sets missing distro boot variables for the downstream firmware Booting with a downstream firmware is unchanged. Booting with a mainline firmware now works. Signed-off-by: Andre Heider <a.heider@gmail.com> (cherry picked from commit c43b45863e38fb18a486601c1601f1485d649c0b)
* kernel: bump 4.14 to 4.14.202Koen Vandeputte2020-10-212-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* firmware: intel-microcode: update to 20200616Tan Zien2020-10-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | intel-microcode (3.20200616.1) * New upstream microcode datafile 20200616 + Downgraded microcodes (to a previously shipped revision): sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376 * Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3, * This update *removes* the SRBDS mitigations from the above processors * Note that Debian had already downgraded 0x406e3 in release 3.20200609.2 intel-microcode (3.20200609.2) * REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression * Microcode rollbacks (closes: LP#1883002) sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 * THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS * Avoid hangs on boot on (some?) Skylake-U/Y processors, * ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading, just in case. Note that Debian does not do late loading by itself. Refer to LP#1883002 for the report, 0x806ec hangs upon late load. intel-microcode (3.20200609.1) * SECURITY UPDATE * For most processors: SRBDS and/or VRDS, L1DCES mitigations depending on the processor model * For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and L1DCES mitigations, plus mitigations described in the changelog entry for package release 3.20191112.1. * Expect some performance impact, the mitigations are enabled by default. A Linux kernel update will be issued that allows one to selectively disable the mitigations. * New upstream microcode datafile 20200609 * Implements mitigation for CVE-2020-0543 Special Register Buffer Data Sampling (SRBDS), INTEL-SA-00320, CROSSTalk * Implements mitigation for CVE-2020-0548 Vector Register Data Sampling (VRDS), INTEL-SA-00329 * Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling (L1DCES), INTEL-SA-00329 * Known to fix the regression introduced in release 2019-11-12 (sig 0x50564, rev. 0x2000065), which would cause several systems with Skylake Xeon, Skylake HEDT processors to hang while rebooting * Updated Microcodes: sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552 sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456 sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528 sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600 sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336 sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448 sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768 sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816 sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224 sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224 sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448 sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400 sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400 sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424 * Restores the microcode-level fixes that were reverted by release 3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT) intel-microcode (3.20200520.1) * New upstream microcode datafile 20200520 + Updated Microcodes: sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432 sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456 intel-microcode (3.20200508.1) * New upstream microcode datafile 20200508 + Updated Microcodes: sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520 * Likely fixes several critical errata on IceLake-U/Y causing system hangs intel-microcode (3.20191115.2) * Microcode rollbacks (closes: #946515, LP#1854764): sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792 * Avoids hangs on warm reboots (cold boots work fine) on HEDT and Xeon processors with signature 0x50654. intel-microcode (3.20191115.1) * New upstream microcode datafile 20191115 + Updated Microcodes: sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376 sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352 sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352 sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352 sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352 sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352 sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352 sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328 sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352 sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328 sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352 sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136 intel-microcode (3.20191113.1) * New upstream microcode datafile 20191113 + SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details Adds microcode update for CFL-S (Coffe Lake Desktop) INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117 + Updated Microcodes (previously removed): sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328 intel-microcode (3.20191112.1) * New upstream microcode datafile 20191112 + SECURITY UPDATE - Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135 - Implements TA Indirect Sharing mitigation, and improves the MDS mitigation (VERW) - Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271, CVE-2019-11139 - Fixes SGX vulnerabilities and errata (including CVE-2019-0117) + CRITICAL ERRATA FIXES - Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except Ice Lake), causes a 0-3% typical perforance hit (can be as bad as 10%). But ensures the processor will actually jump where it should, so don't even *dream* of not applying this fix. - Fixes AVX SHUF* instruction implementation flaw erratum + Removed Microcodes: sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304 + New Microcodes: sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992 sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200 sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040 sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752 sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400 sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136 + Updated Microcodes: sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376 sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x2000065, size 34816 sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200 sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376 sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728 sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328 sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352 sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328 sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352 sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352 sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352 sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328 sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352 sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328 + Updated Microcodes (previously removed): sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768 Signed-off-by: Tan Zien <nabsdh9@gmail.com> (cherry picked from commit e826e007658911df91385935e74621889abbda24)
* firmware: amd64-microcode: update to 20191218Tan Zien2020-10-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | amd64-microcode (3.20191218.1) * New microcode update packages from AMD upstream: + Removed Microcode updates (known to cause issues): sig 0x00830f10, patch id 0x08301025, 2019-07-11 * README: update for new release amd64-microcode (3.20191021.1) * New microcode update packages from AMD upstream: + New Microcodes: sig 0x00830f10, patch id 0x08301025, 2019-07-11 + Updated Microcodes: sig 0x00800f12, patch id 0x08001250, 2019-04-16 sig 0x00800f82, patch id 0x0800820d, 2019-04-16 amd64-microcode (3.20181128.1) * New microcode update packages from AMD upstream: + New Microcodes: sig 0x00800f82, patch id 0x0800820b, 2018-06-20 Signed-off-by: Tan Zien <nabsdh9@gmail.com> (cherry picked from commit 182c7d955f872cb712f6d16d4b5cc0824bf4cc67)
* firewall: options: fix parsing of boolean attributesHauke Mehrtens2020-10-162-1/+39
| | | | | | | | | | | Boolean attributes were parsed the same way as string attributes, so a value of { "bool_attr": "true" } would be parsed correctly, but { "bool_attr": true } (without quotes) was parsed as false. Fixes FS#3284 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 7f676b5ed6a2bcd6786a0fcb6a6db3ddfeedf795)
* kernel: bump 4.14 to 4.14.201Koen Vandeputte2020-10-1410-21/+21
| | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2020-14386 Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* oxnas: fix qc_prep return in sata driver after kernel 4.14.200Adrian Schmutzler2020-10-121-1/+3
| | | | | | | | | | | | | | | | | | | | | | | This fixes a regression after a kernel change in 4.14.200 [1] that led to build failure on oxnas/ox820: drivers/ata/sata_oxnas.c:2238:13: error: initialization of 'enum ata_completion_errors (*)(struct ata_queued_cmd *)' from incompatible pointer type 'void (*)(struct ata_queued_cmd *)' [-Werror=incompatible-pointer-types] .qc_prep = sata_oxnas_qc_prep, ^~~~~~~~~~~~~~~~~~ drivers/ata/sata_oxnas.c:2238:13: note: (near initialization for 'sata_oxnas_ops.qc_prep') Our local driver is changed the same way as prototyped in the kernel patch, i.e. return type is changed and AC_ERR_OK return value is added. [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=306a1c5b5683c1d37565e575386139a64bdbec6f Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit f6ca57e4f40528a8a0103c9f0e9647a2e11d10c3)
* mac80211: do not allow bigger VHT MPDUs than the hardware supportsFelix Fietkau2020-10-121-0/+34
| | | | | | | Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit caf727767ab5c8f8d884ef458c74726a8e610d96) [Refreshed patch] Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.200Koen Vandeputte2020-10-1220-48/+48
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ath79: ar8216: make switch register access atomicChuanhong Guo2020-10-111-0/+59
| | | | | | | | | | | | | | | | | | | | reg accesses on integrated ar8229 sometimes fails. As a result, phy read got incorrect port status and wan link goes down and up mysteriously. After comparing ar8216 with the old driver, these local_irq_save/restore calls are the only meaningful differences I could find and it does fix the issue. The same changes were added in svn r26856 by Gabor Juhos: ar71xx: ag71xx: make switch register access atomic As I can't find the underlying problem either, this hack is broght back to fix the unstable link issue. This hack is only suitable for ath79 mdio and may easily break the driver on other platform. Limit it to ath79-only as a target patch. Fixes: FS#2216 Fixes: FS#3226 Signed-off-by: Chuanhong Guo <gch981213@gmail.com> (cherry picked from commit 86fdc8abed5992a74078b000b5ff9da723b6f46b)
* scripts: getver.sh: fix version based on stable branchBaptiste Jonglez2020-10-071-1/+1
| | | | | | | | | | | | | | | | | | | | When building from a local branch based off the "openwrt-19.07" branch, version computation is wrong, for instance: r10194+1004-c53f62b111 The number of local commits (1004 in this case) is wrong because it is computed against master. As a result, it wrongly counts *all* commits since the beginning of the openwrt-19.07 branch as local commits. The fix is to compare to the openwrt-19.07 branch instead, which gives the expected result such as: r11192+6-8b0278a17e Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org> [shorten commit title] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* openssl: bump to 1.1.1hEneas U de Queiroz2020-09-283-5/+5
| | | | | | | This is a bug-fix release. Patches were refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 475838de1a33d49d1a0b81aad374a8db6dd2b3c8)
* ath79: fix rssi-low LED for My Net Range ExtenderAdrian Schmutzler2020-09-281-1/+1
| | | | | | | | | | The LED color was missing in 01_leds. Fixes: 745dee11ac78 ("ath79: add support for WD My Net Wi-Fi Range Extender") Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit d232a8ac7d1679f7ff97cbc66b4c49c940bd009f)
* kernel: Update to version 4.14.199Hauke Mehrtens2020-09-2843-203/+203
| | | | | | Compile and runtime tested on lantiq/xrx200 + ath79/generic. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* comgt: fix hotplug event handlingRozhuk Ivan2020-09-192-5/+5
| | | | | | | | | | | | Hotplug manager send: "remove" -> "add" -> "bind" events, script interpret bind as "not add" = "remove" and mark device as unavailable. Signed-off-by: Rozhuk Ivan <rozhuk.im@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase] (cherry picked from commit 4821ff064b735c320ae2625a739018d1fc7d6457) Fixes: FS#3351 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* Revert "ramips: ethernet: fix to interrupt handling"Jo-Philipp Wich2020-09-181-5/+6
| | | | | | | | | This reverts commit 7ac454014a11347887323a131415ac7032d53546. The change reportedly causes regressions in ethernet performance. Fixes: FS#3332 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* OpenWrt v19.07.4: revert to branch defaultsHauke Mehrtens2020-09-075-11/+9
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* OpenWrt v19.07.4: adjust config defaultsv19.07.4Hauke Mehrtens2020-09-075-9/+11
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>