47655 Commits

Author SHA1 Message Date
Petr Štetiar
3773ae127a openssl: bump to 1.1.1g
Fixes NULL dereference in SSL_check_chain() for TLS 1.3, marked with
high severity, assigned CVE-2020-1967.

Ref: https://www.openssl.org/news/secadv/20200421.txt
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-21 22:59:56 +02:00
Petr Štetiar
faf668be35 kernel: bump 5.4 to 5.4.34
Refreshed patches.

Run tested: qemu-x86-64, apalis, a64-olinuxino
Build tested: x86/64, imx6, sunxi/a53

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-21 22:16:33 +02:00
Koen Vandeputte
8d9b36270b imx6: refresh kernel config
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-04-21 14:46:52 +02:00
Alexander Couzens
b77fd0d30b base-files: ensure VERBOSE is set
If not set, it shows the following error
sh: out of range

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2020-04-21 00:01:49 +02:00
Alexander Couzens
36f628910b lantiq/fritz 7312: set maximum speed to 100 mbit
The fritz 7312 does not support 1000 gbit. Advertising it makes it
worse. Some NIC will change to 1000 gibt and turn off and on again for
ever.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2020-04-21 00:01:49 +02:00
Hans Dedecker
4298f0878f ubus: update to latest git HEAD
171469e lua: avoid truncation of large numeric values

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-20 21:26:58 +02:00
Daniel Golle
be6543c539 x86: really remove packages already enabled in kconfig
This commit really removes packages in geode profiles already enabled
in kernel config.

Fixes: 9c23ecee57 ("x86: move packages selection to profiles")
Reported-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-20 19:24:18 +01:00
Tomasz Maciej Nowak
9c23ecee57 x86: move packages selection to profiles
This can be rather confusing for contributors, since there are three
layers in which they can be added. As for now there are none profiles
other than generic (exception: geos) let's move them to these profiles.
Being here this commit also removes packages in geode profiles already
enabled in kernel config.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2020-04-20 18:55:30 +01:00
Tomasz Maciej Nowak
eca6946447 x86: select kmod-button-hotplug by default
This package is useful by all subtargets, therefore move it to default
packages selection.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2020-04-20 18:55:30 +01:00
Tomasz Maciej Nowak
fd94d03ae6 x86: fix kmod-forcedeth package selection
There's no such package as forcedeth, threfore the driver is never
selected. Fix it by properly specifying package name.

Fixes: 35f208d ("x86: add nforce eth to default packages")
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2020-04-20 18:55:30 +01:00
Tomasz Maciej Nowak
282e7862b7 x86: image: drop dead code
These are remnants of old image generation code, which now serve no
purpose.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2020-04-20 18:55:30 +01:00
Petr Štetiar
97673d8771 uboot-rockchip: fix ident string
Commit 797506011695 ("uboot-rockchip: add new package") has added
`OpenWRT` ident string, fix it to proper `OpenWrt`.

Fixes: 797506011695 ("uboot-rockchip: add new package")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-20 16:44:17 +02:00
Tobias Mädel
6a05a85dcb rockchip: add support for Pine64 RockPro64
This adds the new rockchip target and support for RockPro64 RK3399

Flash:    16 MiB SPI NOR
RAM:      2 GiB/4 GiB LPDDR4
SoC:      RK3399
USB:      2x USB 2.0, 1x USB 3.0, 1x USB-C
Ethernet: 1x GbE
PCIe:     PCIe 2.0, 4 lanes
Storage:  eMMC or SD card
Optional SDIO wifi/bt module

The Pine64 RockPro64 is a single-board-computer with a 4x PCIe connector,
6 ARM64 cores (4 little, 2 big), plenty of RAM and storage.

By default the single Gigabit-Ethernet port is configured as the
LAN port.

Installation of the firware is possible by dd'ing the image
to an SD card or the eMMC flash.

Serial: 3v3 1500000 8n1

U-boot is build from the mainline tree and
integrated into the images. Required ATF to build u-boot
is downloaded from a CI build bot.

Signed-off-by: Tobias Mädel <t.maedel@alfeld.de>
Tested-by: Tobias Schramm <t.schramm@manjaro.org>
2020-04-20 16:37:56 +02:00
Tobias Mädel
7975060116 uboot-rockchip: add new package
This package is needed for the rockchip target.

Signed-off-by: Tobias Mädel <t.maedel@alfeld.de>
Tested-by: Tobias Schramm <t.schramm@manjaro.org>
2020-04-20 16:37:56 +02:00
Tobias Mädel
79d7109225 arm-trusted-firmware-rockchip: add new package
This is needed to build the uboot-rockchip, needed for the rockchip target

Signed-off-by: Tobias Mädel <t.maedel@alfeld.de>
Tested-by: Tobias Schramm <t.schramm@manjaro.org>
[replaced `mkdir -p` with INSTALL_DIR variable]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-20 16:37:56 +02:00
Pawel Dembicki
6cafea5c5e uboot-kirkwood: update to 2020.04
Update U-Boot to current 2020.04 release for kirkwood platform.

Catch up with upstream and move some configuration options from
the header files to the corresponding defconfig files.

Compile tested: all devices
Run tested: nsa310, pogoplugv4

Tested-by: Cezary Jackiewicz <cezary@eko.one.pl> [nsa310]
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-04-20 16:37:56 +02:00
DENG Qingfang
29a458b0ca kernel: netfilter.mk: fix kmod-ipt-nat6 installation on 5.4
xt_MASQUERADE.ko is picked up by both kmod-ipt-nat and kmod-ipt-nat6, causing
conflict
As kmod-ipt-nat6 already depends on kmod-ipt-nat, remove xt_MASQUERADE from it

Fixes: FS#2924
Fixes: 0fad8af85158 ("kernel: Include xt_MASQUERADE for kernel 5.2 and later")
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-04-20 15:07:17 +02:00
Kevin Darbyshire-Bryant
be172e663f relayd: bump to version 2020-04-20
796da66 dhcp.c: improve input validation & length checks

Addresses CVE-2020-11752

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-20 11:32:07 +01:00
Kevin Darbyshire-Bryant
533da61ac6 umdns: update to version 2020-04-20
e74a3f9 dns.c: improve input validation

Addresses CVE-2020-11750

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-20 11:32:07 +01:00
Pawel Dembicki
08f5cac6fb ramips: mt7621: add NETGEAR R7200 as DEVICE_ALT1
Netgear R7200 is another clone of Netgear R6700v2, introduced in:
6e80df5 ("ramips: add support for NETGEAR R6700v2/AC2400")

Reported-by: Joel Pinsker, github user @joelp64
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-04-20 11:13:39 +01:00
Daniel Golle
7e9b56fde2 procd: fix jail when running on glibc
d200b70 jail: include /etc/nsswitch.conf in jail for glibc.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-19 23:19:40 +01:00
David Bauer
8d9c1087e4 ath79: add support for AVM FRITZ!WLAN Repeater 450E
SOC:    Qualcomm QCA9556 (Scorpion) 560MHz MIPS74Kc
RAM:    64MB Zentel A3R12E40CBF DDR2
FLASH:  16MiB Winbond W25Q128 SPI NOR
WLAN1:  QCA9556 2.4 GHz 802.11b/g/n 3x3
INPUT:  WPS button
LED:    Power, WiFi, LAN, RSSI indicator
Serial: Header Next to Black metal shield
        Pinout is 3.3V - RX - TX - GND (Square Pad is 3.3V)
        The Serial setting is 115200-8-N-1.

Installation via EVA:
In the first seconds after Power is connected, the bootloader will
listen for FTP connections on 192.168.178.1. Firmware can be uploaded
like following:

  ftp> quote USER adam2
  ftp> quote PASS adam2
  ftp> binary
  ftp> debug
  ftp> passive
  ftp> quote MEDIA FLSH
  ftp> put openwrt-sysupgrade.bin mtd1

Note that this procedure might take up to two minutes.
You need to powercycle the device afterwards to boot OpenWRT.

Tested-by: Andreas Ziegler <dev@andreas-ziegler.de>
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-19 16:45:40 +02:00
Sungbo Eo
45e2b7763f ramips: replace pinctrl property names for ipTIME A1004ns
The pinctrl driver had been replaced with the upstream one in b756ea2a909a
("ramips: replace pinctrl property names"), but the initial A1004ns support
patch did not reflect the changes. This commit updates its pinctrl property
names.

Fixes: 9169482f640c ("ramips: add support for ipTIME A1004ns")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-04-19 13:47:23 +08:00
Hauke Mehrtens
a2cf87a7b1 toolchain: glibc: Define minimum support kernel version as 4.14
This will compile glibc in a way that it will only support kernel 4.14
and later. Compatibility code for older kernel versions will be removed.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:45 +02:00
Hauke Mehrtens
02c5019a35 toolchain: glibc: Update glibc to version 2.31
This updates glibc to the most recent version 2.31.

001-regex-read-overrun.patch was a backport from a more recent version
and is integrated in glibc 2.31.

050-Revert-Disallow-use-of-DES-encryption-functions-in-n.patch is needed
to add the DES crypto functions back again. They were removed in glibc
2.28, but we still use them in ppp.
musl lib also provides these DES crypto functions. Without them we would
have to link ppp against openssl or an other crypto library.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:45 +02:00
Hauke Mehrtens
ce1798e915 dante: Fix compile with glibc
When compiled with glibc the config_scan.c wants to use the
cpupolicy2numeric() function which is only available when
HAVE_SCHED_SETSCHEDULER is set. It looks like the wrong define was used here.

This fixes a build problem with glibc in combination with the force
ac_cv_func_sched_setscheduler=no in the OpenWrt CONFIGURE_VARS.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
/bin/ld: config_scan.o: in function `socks_yylex':
dante-1.4.1/sockd/config_scan.l:461: undefined reference to `cpupolicy2numeric'
collect2: error: ld returned 1 exit status
make[5]: *** [Makefile:522: sockd] Error 1

Fixes: aaf46a8fe23e ("dante: disable sched_getscheduler() - not implemented in musl")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:45 +02:00
Hauke Mehrtens
14c59a147c rbcfg: Add missing mode to open call
When open() is called with O_CREAT a 3. parameter has to be given with
the file system permissions of the new file.

Not giving this is an error, which results in a compile error with glibc.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
In file included from /include/fcntl.h:329,
                 from main.c:18:
In function 'open',
    inlined from 'rbcfg_update' at main.c:501:7:
/include/bits/fcntl2.h:50:4: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT or O_TMPFILE in second argument needs 3 arguments
    __open_missing_mode ();
    ^~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:45 +02:00
Hauke Mehrtens
70a962ca6f upgs: Remove extra _DEFAULT_SOURCE definition
This extra _DEFAULT_SOURCE definition results in a double definition
which is a compile error.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
ugps-2019-06-25-cd7eabcd/nmea.c:19: error: "_DEFAULT_SOURCE" redefined [-Werror]
 #define _DEFAULT_SOURCE

<command-line>: note: this is the location of the previous definition
cc1: all warnings being treated as errors

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:45 +02:00
Hauke Mehrtens
7637b84fde busybox: backport Remove stime() function calls
glibc 2.31 does not provide stime() any more, backport a fix from
current busybox master to avoid using this function.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:36 +02:00
Álvaro Fernández Rojas
d27e2c67ed bcm63xx: switch to 5.4 kernel
Seems stable after 6 days of testing on some of my devices.
Let's switch to 5.4 in order to get more feedback.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-04-18 20:58:38 +02:00
Magnus Kroken
d7e98bd7c5 openvpn: update to 2.4.9
This is primarily a maintenance release with bugfixes and improvements.
This release also fixes a security issue (CVE-2020-11810) which allows
disrupting service of a freshly connected client that has not yet
negotiated session keys. The vulnerability cannot be used to
inject or steal VPN traffic.

Release announcement:
https://openvpn.net/community-downloads/#heading-13812
Full list of changes:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-04-18 20:34:08 +02:00
Hans Dedecker
5f126c541a binutils: add ALTERNATIVES for strings (FS#3001)
Don't move strings anymore to /bin/strings to avoid clash with
busybox /usr/bin/strings but move it to /usr/bin/binutils-strings.
Use ALTERNATIVES support to install it as /usr/bin/strings

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-18 10:44:30 +02:00
Chuanhong Guo
19d9db5a96 ramips: mt7621: use lzma-loader for newifi d1/d2/thunder timecloud
These devices failed to properly extract kernel. enable lzma loader
for them.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-04-18 14:19:38 +08:00
Chuanhong Guo
1e5d014ba2 ramips: don't reuse KERNEL_DTB for lzma-loader
mt7621 overrides KERNEL_DTB to limit dictionary size, which isn't needed
for our lzma loader.
This saves 15KB on mt7621 devices using uimage-lzma-loader.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-04-18 13:40:31 +08:00
Chuanhong Guo
51c6b14092 ramips: mt7621: backport more pcie driver fixes
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-04-18 13:06:48 +08:00
Sungbo Eo
13a185bf8a ramips: increase spi-max-frequency for ipTIME mt7620 devices
This commit increases the hardware SPI frequency from 24.2MHz to 48.3MHz.

[    5.314163] m25p80 spi0.0: speed: 24166666/40000000, rate: 8, prescal: 2, loops: 226
[    5.076323] m25p80 spi0.0: speed: 48333333/50000000, rate: 4, prescal: 1, loops: 162

`time cat /dev/mtd2 >/dev/null` is reduced from 5.64s to 4.36s on A104ns,
and from 11.39s to 8.81s on A1004ns.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-04-18 12:35:54 +08:00
Sungbo Eo
9169482f64 ramips: add support for ipTIME A1004ns
ipTIME A1004ns is a 2.4/5GHz band AC750 router, based on MediaTek MT7620A.

Specifications:
- SoC: MT7620A
- RAM: DDR2 128MB
- Flash: SPI NOR 16MB
- WiFi:
  - 2.4GHz: SoC internal
  - 5GHz: MT7610EN
- Ethernet: 5x 10/100/1000Mbps
  - Switch: MT7530BU
- USB: 1x 2.0
- UART:
  - J2: 3.3V, TX, RX, GND (3.3V is the square pad) / 57600 8N1

Installation via web interface:
1.  Flash **initramfs** image through the stock web interface.
2.  Boot into OpenWrt and perform sysupgrade with sysupgrade image.

Revert to stock firmware:
1.  Perform sysupgrade with stock image.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-04-18 12:35:54 +08:00
René van Dorst
d682dcc939 ramips: mt7621: Ubiquiti ER-X-SFP: fix gpio numbers for POE enable gpios
With v5.4 kernel a new gpio driver is used.
GPIO numbering has changed so update 03_gpio_switches too.

Signed-off-by: René van Dorst <opensource@vdorst.com>
2020-04-18 11:59:41 +08:00
René van Dorst
2fac1322f7 ramips: mt7621: Ubiquiti ER-X: fix gpio number for POE enable gpio
With v5.4 kernel a new gpio driver is used.
GPIO numbering has changed so update 03_gpio_switches too.

Signed-off-by: René van Dorst <opensource@vdorst.com>
2020-04-18 11:59:41 +08:00
DENG Qingfang
d74fb0088c ramips: use all reserved space for HiWiFi HC5962
These stock partitons: "backup", "hw_panic", "overly", firmware_backup", "opt"
do not contain any device-specific data and can be used for /overlay, resulting in
121M space

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-04-18 11:52:12 +08:00
DENG Qingfang
7dc82528a2 ramips: increase HiWiFi HC5962 kernel partition to 4M
Increase kernel partition because 2M is insufficient for 5.4
Because the partition changes, previous version of OpenWrt cannot upgrade
to this version, and requires a new installation

Recovery to stock instruction:
1. Download stock firmware at
   http://ur.ikcd.net/HC5962-sysupgrade-20171221-b00a04d1.bin
2. Power off the router
3. Press and hold the reset button for 4~6 sec while power it back on
4. Connect a PC to router's LAN
5. Visit http://192.168.2.1 and upload the firmware

Then repeat the instruction in edae3479e64e to install OpenWrt

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-04-18 11:50:57 +08:00
Mantas Pucka
4745969ad7 generic: spi-nor: fix 4-byte opcode support for w25q256
There are 2 different chips (w25q256fv and w25q256jv) that share
the same JEDEC ID. Only w25q256jv fully supports 4-byte opcodes.
Use SFDP header version to differentiate between them.

Fixes broken reboot on 8devices Habanero since f0f35fdac

Signed-off-by: Mantas Pucka <mantas@8devices.com>
2020-04-18 11:37:06 +08:00
Magnus Kroken
02fcbe2f3d mbedtls: update to 2.16.6
Security fixes for:
* CVE-2020-10932
* a potentially remotely exploitable buffer overread in a DTLS client
* bug in DTLS handling of new associations with the same parameters

Full release announement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-04-17 23:43:01 +02:00
Petr Štetiar
23916bca61 kernel: bump 5.4 to 5.4.33
Refreshed patches, removed upstreamed patches:

 oxnas: 001-irqchip-versatile-fpga-Handle-chained-IRQs-properly.patch
 oxnas: 002-irqchip-versatile-fpga-Apply-clear-mask-earlier.patch

Run tested: qemu-x86-64, apalis
Build tested: x86/64, imx6, sunxi/a53

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-17 15:18:12 +02:00
Daniel Golle
0495324b9b mac80211: make sure existing iface belongs to correct (fullmac) phy
Some FullMAC cfg80211 wireless devices do not support virtual
interfaces, hence there is script logic to keep the existing network
device. Improve this to support renaming the interface if needed and
make sure the existing interface actually belongs to the right phy.
Change calls to 'iw' to avoid outputing warnings and errors to not
confuse users of such devices.

Also bump PKG_RELEASE which has been forgotten in the previous two
mac80211 changes.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-17 13:31:58 +01:00
David Bauer
edf812e25c ath79: remove stray pipe
Fixes: 8918c038f330 ("ath79: add support for AVM FRITZ!WLAN Repeater 1750E")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-17 14:15:09 +02:00
Lucian Cristian
16ad4de2c0 elfutils: aarch64 fix build on musl
aarch64_initreg.c: In function 'aarch64_set_initial_registers_tid':
aarch64_initreg.c:85:37: error: invalid operands to binary & (have 'long double' and 'unsigned int')
     dwarf_fregs[r] = fregs.vregs[r] & 0xFFFFFFFF;
                      ~~~~~~~~~~~~~~ ^

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2020-04-17 13:43:34 +02:00
Petr Štetiar
8e99bbda19 uboot-sunxi: bump to 2020.04 relase
Refreshed patches, removed upstreamed patch:

 260-configs-a64-olinuxino-emmc-add-eMMC-boot-part-config.patch

Boot tested on a64-olinuxino-emmc.

Cc: Zoltan HERPAI <wigyori@uid0.hu>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-17 13:43:34 +02:00
Petr Štetiar
260a225ba4 uboot-imx6: bump to 2020.04 release
Refreshed all patches, run tested on apalis.

Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Tim Harvey <tharvey@gateworks.com>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-17 13:43:34 +02:00
David Bauer
0f1b5ce2f5 mac80211: drop data frames without key on encrypted links
If we know that we have an encrypted link (based on having had
a key configured for TX in the past) then drop all data frames
in the key selection handler if there's no key anymore.

This fixes an issue with mac80211 internal TXQs - there we can
buffer frames for an encrypted link, but then if the key is no
longer there when they're dequeued, the frames are sent without
encryption. This happens if a station is disconnected while the
frames are still on the TXQ.

Detecting that a link should be encrypted based on a first key
having been configured for TX is fine as there are no use cases
for a connection going from with encryption to no encryption.
With extended key IDs, however, there is a case of having a key
configured for only decryption, so we can't just trigger this
behaviour on a key being configured.

Cc: stable@vger.kernel.org
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-17 13:27:40 +02:00