Commit Graph

42421 Commits (ab9d1bf608170c17dd8a372bc42806b9703a20ce)

Author SHA1 Message Date
Petr Štetiar ab6addc95d ramips: rt3833: fix build breakage
Commit 60f41c6c9e ("ramips: add usb-ledtrig-usbport to DEVICE_PACKAGES
of CY-SWR1100") added stray | during backport which caused build
breakage on the buildbots:

 bash: -c: line 0: syntax error near unexpected token `|'
 bash: -c: line 0: `echo kmod-usb-core kmod-usb-ledtrig-usbport kmod-usb-ohci kmod-usb2 swconfig | | mkhash md5 | head -c 8'

Fixes: 60f41c6c9e ("ramips: add usb-ledtrig-usbport to DEVICE_PACKAGES of CY-SWR1100")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit a1ff175dbf)
2019-11-15 11:48:03 +01:00
Sungbo Eo f503bc3d25 ramips: add usb-ledtrig-usbport to DEVICE_PACKAGES of CY-SWR1100
CY-SWR1100 has a USB LED but kmod-usb-ledtrig-usbport is missing
in default images. This commit adds it.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[changed commit title, backported to 19.07]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 261c746631)
2019-11-14 23:24:48 +01:00
Sungbo Eo 506bfaa126 ramips: fix MAC address setup for Samsung CY-SWR1100
Ethernet MAC address setup has been broken since c3e420f28c. Restore
original setting.

Fixes: c3e420f28c ("ramips: Add support for D-Link DCH-M225")

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 7231c1edd9)
[backported due to base-files split]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-11-14 23:24:34 +01:00
Adrian Schmutzler c89437e398 gitignore: ignore patches in OpenWrt root directory
This will have GIT ignore patches in root directory, as created
when using "git format-patch".

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 2c54135598)
2019-11-14 18:26:06 +01:00
南浦月 ea8f7d74ba ar71xx: fix tl-wdr3320-v2 upgrade
Fix the error that tl-wdr3320-v2 can't upgrade firmware via web
interface by using magic_ver="0200" for this device.

Signed-off-by: 南浦月 <nanpuyue@gmail.com>
[commit message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 0ff2385a92)
2019-11-12 16:31:41 +01:00
Michal Cieslakiewicz 79fd7593a2 ar71xx: update uboot-envtools for Netgear WNR routers
Boards added: WNR1000v2, WNR2000v3, WNR2200, WNR612v2, WNDR4300.
Boards changed: WNDR3700 (u-boot env size is 2 sectors not 1).

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
(cherry picked from commit 1105290049)
2019-11-12 16:31:09 +01:00
Koen Vandeputte 3d3a933315 kernel: bump 4.14 to 4.14.152
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-11-12 10:33:42 +01:00
Koen Vandeputte 862a885103 kernel: bump 4.9 to 4.9.199
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-11-12 10:33:42 +01:00
Petr Štetiar 05c858ff6a sdk: fix GCC and Python dangling symlinks
Force prereq again in SDK in order to fix GCC and Python dangling
symlinks:

 staging_dir/host/bin/g++ -> /builder/ath79_generic/ccache_cxx.sh
 staging_dir/host/bin/gcc -> /builder/ath79_generic/ccache_cc.sh
 staging_dir/host/bin/python -> /usr/bin/python3.5
 staging_dir/host/bin/python3 -> /usr/bin/python3.5

Ref: FS#2424
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 200f2666fb)
2019-11-09 08:31:04 +01:00
Etienne Champetier c1d19b37d5 build: cleanup possibly dangling Python 3 host symlink
When switching from master branch to 19.07 or older, we need to ensure
that Python symlink in staging bin directory points to Python 2.

We can't rely completly just on SetupHostCommand as its executed only in
cases when the $(STAGING_DIR_HOST)/bin/python doesn't already exist, so
we need to remove it before running SetupHostCommand.

This is a cherry-pick of 3b68fb57c9
with python3 instead of python2

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 799de7c641)
2019-11-09 08:27:58 +01:00
Etienne Champetier dfd8c3bfdc build: fixup python SetupHostCommand to use python2
Here is a way to break your build env without this patch:
1) have python point to python3, and no python2
2) start the build, SetupHostCommand will create a symlink
./staging_dir/host/bin/python -> /usr/bin/python
3) build fails on scons because it can't find any python2
4) install python2 and restart the build
5) the build fails on wireless-regdb compile because python is python3 instead of python

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 785d4f3efd)
2019-11-09 08:26:14 +01:00
Jo-Philipp Wich 69bc68b46b OpenWrt v18.06.5: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-08 20:32:31 +01:00
Jo-Philipp Wich 5e4533cdd4 OpenWrt v18.06.5: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-08 20:32:24 +01:00
Jo-Philipp Wich 9d401013fc ustream-ssl: backport fix for CVE-2019-5101, CVE-2019-5102
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c5d5cdb759)
2019-11-05 15:12:18 +01:00
Koen Vandeputte e70772311d kernel: bump 4.14 to 4.14.151
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-31 09:18:43 +01:00
Koen Vandeputte cdc2937edd kernel: bump 4.9 to 4.9.198
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-31 09:18:43 +01:00
Petr Štetiar f024b4c83d scripts/ubinize-image.sh: fix buildbot breakage
New Docker based buildslaves install just bare minimum of packages, thus
not having bsdmainutils package installed which provides `hexdump`
utility, leading to the following build breakage on buildbots:

 ubinize-image.sh: 12: /builder/scripts/ubinize-image.sh: hexdump: not found

So this patch simply replaces `hexdump` with `od` utility provided by
coreutils package, which should be likely available.

Co-authored-by: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit c6d41c320c)
2019-10-31 09:00:13 +01:00
Yousong Zhou 700f66ae95 kernel: mark kmod-usb-serial-wwan as hidden
The kconfig symbol is an invisible one since its introduction.  It is
not supposed to be enabled on its own.

Resolves FS#1821

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 4bf9bec361)
2019-10-30 12:47:17 +00:00
Koen Vandeputte c4a2e5102d kernel: add missing symbol
Discovered during layerscape compile-testing

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-30 11:21:46 +01:00
Koen Vandeputte 61df1285ce kernel: bump 4.14 to 4.14.150
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-30 11:21:46 +01:00
Koen Vandeputte 51431de30d kernel: bump 4.9 to 4.9.197
Refreshed all patches.

Altered patches:
- 804-crypto-support-layerscape.patch

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Compiling target layerscape before this patch shows that it's broken.
Fixing it is out-of-scope for bumping the kernel and will
be done in a later patch.

The altered patch is a sample change which leaves the target
exactly as it was before this bump.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-30 11:21:46 +01:00
Daniel F. Dickinson 0880275d5e brcm2708: Add feature flag rootfs-part
Even with squashfs brcm2708 requires ROOTFS_PART_SIZE because the overlay
exists as a loopback device on the space not used by squashfs in the root
partition. Also for ext4 (the other fs option) ROOTFS_PART_SIZE is required,
so use feature flag rootfs-part to enable it.

Fixes FS#2166

Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
(cherry picked from commit 3bb44f4299)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-30 02:38:02 +00:00
Yousong Zhou b2fba59f10 iptables: bump PKG_RELEASE
Package content changed with the previous two cherry-picks

  dff0b2104d kernel: netfilter: Add nf_tproxy_ipv{4,6} and nf_socket_ipv{4,6}
  a2fe698a40 kernel: Added required dependencies for socket match.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-24 10:41:07 +00:00
Oldřich Jedlička a2fe698a40 kernel: Added required dependencies for socket match.
This applies to kernel 4.10 and newer.

See 8db4c5be88

The above commit added to kernel 4.10 added new dependency
for building the NETFILTER_XT_MATCH_SOCKET (xt_socket.ko)
module. The NF_SOCKET_IPVx options (both of them) need to
be enabled in order to build the NETFILTER_XT_MATCH_SOCKET
module. Without the change the module is not built.

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
(cherry picked from commit 66e875a070)
(required for fixing FS#2531)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-24 10:30:02 +00:00
Hauke Mehrtens dff0b2104d kernel: netfilter: Add nf_tproxy_ipv{4,6} and nf_socket_ipv{4,6}
The nf_socket.ko module was split in commit 8db4c5be88f ("netfilter:
move socket lookup infrastructure to nf_socket_ipv{4,6}.c") into a
common, n IPv4 and an IPv6 part.
The nf_tproxy.ko module was split in commit 45ca4e0cf27 ("netfilter:
Libify xt_TPROXY") into a common, an IPv4 and an IPv6 part.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 89806545cc)
(required for fixing FS#2531)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-24 10:28:51 +00:00
DENG Qingfang 3b8db97a52 tcpdump: update to 4.9.3
Fixed CVEs:
	CVE-2017-16808
	CVE-2018-10103
	CVE-2018-10105
	CVE-2018-14461
	CVE-2018-14462
	CVE-2018-14463
	CVE-2018-14464
	CVE-2018-14465
	CVE-2018-14466
	CVE-2018-14467
	CVE-2018-14468
	CVE-2018-14469
	CVE-2018-14470
	CVE-2018-14879
	CVE-2018-14880
	CVE-2018-14881
	CVE-2018-14882
	CVE-2018-16227
	CVE-2018-16228
	CVE-2018-16229
	CVE-2018-16230
	CVE-2018-16300
	CVE-2018-16301
	CVE-2018-16451
	CVE-2018-16452
	CVE-2019-15166
	CVE-2019-15167

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit 394273c066)
2019-10-19 15:26:35 +02:00
DENG Qingfang 96a87b90ef libpcap: update to 1.9.1
Fixed CVEs:
	CVE-2018-16301
	CVE-2019-15161
	CVE-2019-15162
	CVE-2019-15163
	CVE-2019-15164
	CVE-2019-15165

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit 44f11353de)
2019-10-19 15:26:19 +02:00
Syrone Wong a857fc2ded libpcap: update to 1.9.0
001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch dropped due to upstream
002-Add-missing-compiler_state_t-parameter.patch dropped due to upstream

202-protocol_api.patch dropped due to implemented upstream by another way
upstream commit: 55c690f6f8
and renamed via: 697b1f7e9b

ead is the only user who use the protocol api, we have to use the new api since libpcap 1.9.0

Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
2019-10-19 15:25:45 +02:00
Koen Vandeputte 31181fa062 kernel: bump 4.14 to 4.14.149
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-15 16:14:13 +02:00
Koen Vandeputte 9628612abe kernel: bump 4.14 to 4.14.148
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-08 15:53:15 +02:00
Koen Vandeputte 1737131c9d kernel: bump 4.9 to 4.9.196
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-08 15:53:15 +02:00
Koen Vandeputte 778243b3b4 kernel: bump 4.14 to 4.14.147
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Compile-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-08 12:46:02 +02:00
Koen Vandeputte d513f28351 kernel: bump 4.9 to 4.9.195
Refreshed all patches.

Altered patches:
- 403-mtd_fix_cfi_cmdset_0002_status_check.patch

Compile-tested on: ar71xx
Compile-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-08 12:46:02 +02:00
Christian Lamparter 6f1a71c2d0 apm821xx: fix fan control on highest step
This patch removes a typo (extra "0") so that the 'cpu-alert6'
step is triggered once the system reaches 85°C.

Note: Unless the WNDR4700 is placed in an hot oven, the
hardware-monitor will never reach this value.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-09-28 14:36:00 +02:00
Rafał Miłecki 491e839262 brcm47xx: sysupgrade: fix device model detection
$(board_name) was providing content on "boardtype" (and optionally
"boardnum") NVRAM values. That function requires & expects more specific
and detailed model name extracted from the /proc/cpuinfo.

Fixes: f12a32630f ("treewide: use the generic board_name function")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-26 06:54:31 +02:00
Koen Vandeputte 4acc0db480 kernel: bump 4.14 to 4.14.146
Refreshed all patches.

Fixes:
- CVE-2019-14814
- CVE-2019-14815
- CVE-2019-14816
- CVE-2019-14821

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-24 12:53:40 +02:00
Koen Vandeputte 3699327da3 kernel: bump 4.9 to 4.9.194
Refreshed all patches.

Fixes:
- CVE-2019-14814
- CVE-2019-14815
- CVE-2019-14816
- CVE-2019-14821

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-24 12:53:40 +02:00
Hauke Mehrtens 45a2c0f309 hostapd: Fix AP mode PMF disconnection protection bypass
This fixes
* CVE-2019-16275 AP mode PMF disconnection protection bypass
https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a6981604b3)
2019-09-21 21:16:22 +02:00
Hauke Mehrtens e289a4133c hostapd: SAE/EAP-pwd side-channel attack update
Fixes this security problem:
* SAE/EAP-pwd side-channel attack update
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7bed9bf10f)
2019-09-21 21:16:07 +02:00
Magnus Kroken a63edb4691 mbedtls: update to 2.16.3
Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch,
the issue has been fixed upstream.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit 49d96ffc5c)
2019-09-21 21:11:21 +02:00
Josef Schlehofer 2698157d54 mbedtls: Update to version 2.16.2
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
(cherry picked from commit a2f54f6d5d)
2019-09-21 21:10:44 +02:00
Eneas U de Queiroz 952bafa03c openssl: bump to 1.0.2t, add maintainer
This version fixes 3 low-severity vulnerabilities:

- CVE-2019-1547: ECDSA remote timing attack
- CVE-2019-1549: Fork Protection
- CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
                 CMS_decrypt_set1_pkey

Patches were refreshed, and Eneas U de Queiroz added as maintainer.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-20 20:50:07 +02:00
Koen Vandeputte 7e1db8f27c kernel: bump 4.14 to 4.14.145
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-20 15:52:54 +02:00
Koen Vandeputte d32cf52674 kernel: bump 4.14 to 4.14.144
Refreshed all patches.

Fixes:
- CVE-2019-15030

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-20 13:17:20 +02:00
Koen Vandeputte 745292ba10 kernel: bump 4.9 to 4.9.193
Refreshed all patches.

Fixes:
- CVE-2019-15030

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-20 13:17:20 +02:00
Rafał Miłecki 5880dd48d5 mac80211: brcmfmac: backport the last 5.4 changes
This makes brcmfmac use the same wiphy after PCIe reset to help user
space handle corner cases (e.g. firmware crash).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f39f4b2f6d)
2019-09-16 09:25:29 +02:00
Koen Vandeputte 90f6af5108 ar71xx: fix potential IRQ misses during dispatch for qca953x
If both interrupts are set in the current implementation
only the 1st will be handled and the 2nd will be skipped
due to the "if else" condition.

Fix this by using the same approach as done for QCA955x
just below it.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-13 16:04:00 +02:00
Koen Vandeputte e545808e89 ar71xx: Fix potentially missed IRQ handling during dispatch
If both interrupts are set in the current implementation
only the 1st will be handled and the 2nd will be skipped
due to the "if else" condition.

Fix this by using the same approach as done for QCA955x
just below it.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-13 16:04:00 +02:00
Koen Vandeputte 59e42f9e3e kernel: bump 4.14 to 4.14.143
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-13 16:04:00 +02:00
Koen Vandeputte 418cf097e7 kernel: bump 4.9 to 4.9.192
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-13 16:04:00 +02:00