Commit Graph

42377 Commits

Author SHA1 Message Date
Koen Vandeputte
0a9147be6a kernel: bump 4.14 to 4.14.154
Refreshed all patches.

Altered patches:
- 902-debloat_proc.patch
- 040-dmaengine-qcom-bam-Process-multiple-pending-descript.patch

Remove upstreamed:
- 303-spi-nor-enable-4B-opcodes-for-mx66l51235l.patch

New symbols:
X86_INTEL_MPX
X86_INTEL_MEMORY_PROTECTION_KEYS
X86_INTEL_TSX_MODE_OFF
X86_INTEL_TSX_MODE_ON
X86_INTEL_TSX_MODE_AUTO
SGL_ALLOC

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-11-19 15:03:17 +01:00
Koen Vandeputte
b9e685eed5 kernel: bump 4.9 to 4.9.202
Refreshed all patches.

Altered patches:
- 902-debloat_proc.patch
- 817-usb-support-layerscape.patch

New symbols:
X86_INTEL_MEMORY_PROTECTION_KEYS
X86_INTEL_TSX_MODE_OFF
X86_INTEL_TSX_MODE_ON
X86_INTEL_TSX_MODE_AUTO

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-11-19 15:03:17 +01:00
Tomislav Požega
8179ac3dc1 ar71xx: fix WLAN LED names for Archer C7
Update WLAN LED colour identifier for both interfaces on Archer C7

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
(cherry picked from commit 65762cdd22)
[backported to 18.06]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-11-19 00:10:43 +01:00
Tomislav Požega
6962c1e495 ar71xx: fix system LED names on Archer C5/C7
Move system LED board definitions of Archer C5/C7 to reflect
actual system LED colour used

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
(cherry picked from commit a73934fc9a)
2019-11-19 00:10:43 +01:00
Rafał Miłecki
e6a7eacfea mac80211: brcmfmac: fix PCIe reset crash and WARNING
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit cde8c2f2fb)
2019-11-18 15:23:56 +01:00
Christian Lamparter
f65330d27d ramips: assign correct key-code to wps buttons
The two ASUS WL-330N and WL-330N3G had the reset keycode
assigned to the WPS button. This patch changes both devices
to use KEY_WPS_BUTTON in the hopes that this fixes unwanted
restarts/ unexpected behavior from the users point of view.

[dropped RG21S]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit ad65d9d7b2)
2019-11-17 02:49:52 +01:00
Petr Štetiar
ab6addc95d ramips: rt3833: fix build breakage
Commit 60f41c6c9e ("ramips: add usb-ledtrig-usbport to DEVICE_PACKAGES
of CY-SWR1100") added stray | during backport which caused build
breakage on the buildbots:

 bash: -c: line 0: syntax error near unexpected token `|'
 bash: -c: line 0: `echo kmod-usb-core kmod-usb-ledtrig-usbport kmod-usb-ohci kmod-usb2 swconfig | | mkhash md5 | head -c 8'

Fixes: 60f41c6c9e ("ramips: add usb-ledtrig-usbport to DEVICE_PACKAGES of CY-SWR1100")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit a1ff175dbf)
2019-11-15 11:48:03 +01:00
Sungbo Eo
f503bc3d25 ramips: add usb-ledtrig-usbport to DEVICE_PACKAGES of CY-SWR1100
CY-SWR1100 has a USB LED but kmod-usb-ledtrig-usbport is missing
in default images. This commit adds it.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[changed commit title, backported to 19.07]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 261c746631)
2019-11-14 23:24:48 +01:00
Sungbo Eo
506bfaa126 ramips: fix MAC address setup for Samsung CY-SWR1100
Ethernet MAC address setup has been broken since c3e420f28c. Restore
original setting.

Fixes: c3e420f28c ("ramips: Add support for D-Link DCH-M225")

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 7231c1edd9)
[backported due to base-files split]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-11-14 23:24:34 +01:00
Adrian Schmutzler
c89437e398 gitignore: ignore patches in OpenWrt root directory
This will have GIT ignore patches in root directory, as created
when using "git format-patch".

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 2c54135598)
2019-11-14 18:26:06 +01:00
南浦月
ea8f7d74ba ar71xx: fix tl-wdr3320-v2 upgrade
Fix the error that tl-wdr3320-v2 can't upgrade firmware via web
interface by using magic_ver="0200" for this device.

Signed-off-by: 南浦月 <nanpuyue@gmail.com>
[commit message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 0ff2385a92)
2019-11-12 16:31:41 +01:00
Michal Cieslakiewicz
79fd7593a2 ar71xx: update uboot-envtools for Netgear WNR routers
Boards added: WNR1000v2, WNR2000v3, WNR2200, WNR612v2, WNDR4300.
Boards changed: WNDR3700 (u-boot env size is 2 sectors not 1).

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
(cherry picked from commit 1105290049)
2019-11-12 16:31:09 +01:00
Koen Vandeputte
3d3a933315 kernel: bump 4.14 to 4.14.152
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-11-12 10:33:42 +01:00
Koen Vandeputte
862a885103 kernel: bump 4.9 to 4.9.199
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-11-12 10:33:42 +01:00
Petr Štetiar
05c858ff6a sdk: fix GCC and Python dangling symlinks
Force prereq again in SDK in order to fix GCC and Python dangling
symlinks:

 staging_dir/host/bin/g++ -> /builder/ath79_generic/ccache_cxx.sh
 staging_dir/host/bin/gcc -> /builder/ath79_generic/ccache_cc.sh
 staging_dir/host/bin/python -> /usr/bin/python3.5
 staging_dir/host/bin/python3 -> /usr/bin/python3.5

Ref: FS#2424
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 200f2666fb)
2019-11-09 08:31:04 +01:00
Etienne Champetier
c1d19b37d5 build: cleanup possibly dangling Python 3 host symlink
When switching from master branch to 19.07 or older, we need to ensure
that Python symlink in staging bin directory points to Python 2.

We can't rely completly just on SetupHostCommand as its executed only in
cases when the $(STAGING_DIR_HOST)/bin/python doesn't already exist, so
we need to remove it before running SetupHostCommand.

This is a cherry-pick of 3b68fb57c9
with python3 instead of python2

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 799de7c641)
2019-11-09 08:27:58 +01:00
Etienne Champetier
dfd8c3bfdc build: fixup python SetupHostCommand to use python2
Here is a way to break your build env without this patch:
1) have python point to python3, and no python2
2) start the build, SetupHostCommand will create a symlink
./staging_dir/host/bin/python -> /usr/bin/python
3) build fails on scons because it can't find any python2
4) install python2 and restart the build
5) the build fails on wireless-regdb compile because python is python3 instead of python

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 785d4f3efd)
2019-11-09 08:26:14 +01:00
Jo-Philipp Wich
69bc68b46b OpenWrt v18.06.5: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-08 20:32:31 +01:00
Jo-Philipp Wich
5e4533cdd4 OpenWrt v18.06.5: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-08 20:32:24 +01:00
Jo-Philipp Wich
9d401013fc ustream-ssl: backport fix for CVE-2019-5101, CVE-2019-5102
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c5d5cdb759)
2019-11-05 15:12:18 +01:00
Koen Vandeputte
e70772311d kernel: bump 4.14 to 4.14.151
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-31 09:18:43 +01:00
Koen Vandeputte
cdc2937edd kernel: bump 4.9 to 4.9.198
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-31 09:18:43 +01:00
Petr Štetiar
f024b4c83d scripts/ubinize-image.sh: fix buildbot breakage
New Docker based buildslaves install just bare minimum of packages, thus
not having bsdmainutils package installed which provides `hexdump`
utility, leading to the following build breakage on buildbots:

 ubinize-image.sh: 12: /builder/scripts/ubinize-image.sh: hexdump: not found

So this patch simply replaces `hexdump` with `od` utility provided by
coreutils package, which should be likely available.

Co-authored-by: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit c6d41c320c)
2019-10-31 09:00:13 +01:00
Yousong Zhou
700f66ae95 kernel: mark kmod-usb-serial-wwan as hidden
The kconfig symbol is an invisible one since its introduction.  It is
not supposed to be enabled on its own.

Resolves FS#1821

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 4bf9bec361)
2019-10-30 12:47:17 +00:00
Koen Vandeputte
c4a2e5102d kernel: add missing symbol
Discovered during layerscape compile-testing

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-30 11:21:46 +01:00
Koen Vandeputte
61df1285ce kernel: bump 4.14 to 4.14.150
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-30 11:21:46 +01:00
Koen Vandeputte
51431de30d kernel: bump 4.9 to 4.9.197
Refreshed all patches.

Altered patches:
- 804-crypto-support-layerscape.patch

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Compiling target layerscape before this patch shows that it's broken.
Fixing it is out-of-scope for bumping the kernel and will
be done in a later patch.

The altered patch is a sample change which leaves the target
exactly as it was before this bump.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-30 11:21:46 +01:00
Daniel F. Dickinson
0880275d5e brcm2708: Add feature flag rootfs-part
Even with squashfs brcm2708 requires ROOTFS_PART_SIZE because the overlay
exists as a loopback device on the space not used by squashfs in the root
partition. Also for ext4 (the other fs option) ROOTFS_PART_SIZE is required,
so use feature flag rootfs-part to enable it.

Fixes FS#2166

Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
(cherry picked from commit 3bb44f4299)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-30 02:38:02 +00:00
Yousong Zhou
b2fba59f10 iptables: bump PKG_RELEASE
Package content changed with the previous two cherry-picks

  dff0b2104d kernel: netfilter: Add nf_tproxy_ipv{4,6} and nf_socket_ipv{4,6}
  a2fe698a40 kernel: Added required dependencies for socket match.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-24 10:41:07 +00:00
Oldřich Jedlička
a2fe698a40 kernel: Added required dependencies for socket match.
This applies to kernel 4.10 and newer.

See 8db4c5be88

The above commit added to kernel 4.10 added new dependency
for building the NETFILTER_XT_MATCH_SOCKET (xt_socket.ko)
module. The NF_SOCKET_IPVx options (both of them) need to
be enabled in order to build the NETFILTER_XT_MATCH_SOCKET
module. Without the change the module is not built.

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
(cherry picked from commit 66e875a070)
(required for fixing FS#2531)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-24 10:30:02 +00:00
Hauke Mehrtens
dff0b2104d kernel: netfilter: Add nf_tproxy_ipv{4,6} and nf_socket_ipv{4,6}
The nf_socket.ko module was split in commit 8db4c5be88f ("netfilter:
move socket lookup infrastructure to nf_socket_ipv{4,6}.c") into a
common, n IPv4 and an IPv6 part.
The nf_tproxy.ko module was split in commit 45ca4e0cf27 ("netfilter:
Libify xt_TPROXY") into a common, an IPv4 and an IPv6 part.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 89806545cc)
(required for fixing FS#2531)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-24 10:28:51 +00:00
DENG Qingfang
3b8db97a52 tcpdump: update to 4.9.3
Fixed CVEs:
	CVE-2017-16808
	CVE-2018-10103
	CVE-2018-10105
	CVE-2018-14461
	CVE-2018-14462
	CVE-2018-14463
	CVE-2018-14464
	CVE-2018-14465
	CVE-2018-14466
	CVE-2018-14467
	CVE-2018-14468
	CVE-2018-14469
	CVE-2018-14470
	CVE-2018-14879
	CVE-2018-14880
	CVE-2018-14881
	CVE-2018-14882
	CVE-2018-16227
	CVE-2018-16228
	CVE-2018-16229
	CVE-2018-16230
	CVE-2018-16300
	CVE-2018-16301
	CVE-2018-16451
	CVE-2018-16452
	CVE-2019-15166
	CVE-2019-15167

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit 394273c066)
2019-10-19 15:26:35 +02:00
DENG Qingfang
96a87b90ef libpcap: update to 1.9.1
Fixed CVEs:
	CVE-2018-16301
	CVE-2019-15161
	CVE-2019-15162
	CVE-2019-15163
	CVE-2019-15164
	CVE-2019-15165

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit 44f11353de)
2019-10-19 15:26:19 +02:00
Syrone Wong
a857fc2ded libpcap: update to 1.9.0
001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch dropped due to upstream
002-Add-missing-compiler_state_t-parameter.patch dropped due to upstream

202-protocol_api.patch dropped due to implemented upstream by another way
upstream commit: 55c690f6f8
and renamed via: 697b1f7e9b

ead is the only user who use the protocol api, we have to use the new api since libpcap 1.9.0

Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
2019-10-19 15:25:45 +02:00
Koen Vandeputte
31181fa062 kernel: bump 4.14 to 4.14.149
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-15 16:14:13 +02:00
Koen Vandeputte
9628612abe kernel: bump 4.14 to 4.14.148
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-08 15:53:15 +02:00
Koen Vandeputte
1737131c9d kernel: bump 4.9 to 4.9.196
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-08 15:53:15 +02:00
Koen Vandeputte
778243b3b4 kernel: bump 4.14 to 4.14.147
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Compile-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-08 12:46:02 +02:00
Koen Vandeputte
d513f28351 kernel: bump 4.9 to 4.9.195
Refreshed all patches.

Altered patches:
- 403-mtd_fix_cfi_cmdset_0002_status_check.patch

Compile-tested on: ar71xx
Compile-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-08 12:46:02 +02:00
Christian Lamparter
6f1a71c2d0 apm821xx: fix fan control on highest step
This patch removes a typo (extra "0") so that the 'cpu-alert6'
step is triggered once the system reaches 85°C.

Note: Unless the WNDR4700 is placed in an hot oven, the
hardware-monitor will never reach this value.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-09-28 14:36:00 +02:00
Rafał Miłecki
491e839262 brcm47xx: sysupgrade: fix device model detection
$(board_name) was providing content on "boardtype" (and optionally
"boardnum") NVRAM values. That function requires & expects more specific
and detailed model name extracted from the /proc/cpuinfo.

Fixes: f12a32630f ("treewide: use the generic board_name function")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-26 06:54:31 +02:00
Koen Vandeputte
4acc0db480 kernel: bump 4.14 to 4.14.146
Refreshed all patches.

Fixes:
- CVE-2019-14814
- CVE-2019-14815
- CVE-2019-14816
- CVE-2019-14821

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-24 12:53:40 +02:00
Koen Vandeputte
3699327da3 kernel: bump 4.9 to 4.9.194
Refreshed all patches.

Fixes:
- CVE-2019-14814
- CVE-2019-14815
- CVE-2019-14816
- CVE-2019-14821

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-24 12:53:40 +02:00
Hauke Mehrtens
45a2c0f309 hostapd: Fix AP mode PMF disconnection protection bypass
This fixes
* CVE-2019-16275 AP mode PMF disconnection protection bypass
https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a6981604b3)
2019-09-21 21:16:22 +02:00
Hauke Mehrtens
e289a4133c hostapd: SAE/EAP-pwd side-channel attack update
Fixes this security problem:
* SAE/EAP-pwd side-channel attack update
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7bed9bf10f)
2019-09-21 21:16:07 +02:00
Magnus Kroken
a63edb4691 mbedtls: update to 2.16.3
Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch,
the issue has been fixed upstream.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit 49d96ffc5c)
2019-09-21 21:11:21 +02:00
Josef Schlehofer
2698157d54 mbedtls: Update to version 2.16.2
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
(cherry picked from commit a2f54f6d5d)
2019-09-21 21:10:44 +02:00
Eneas U de Queiroz
952bafa03c openssl: bump to 1.0.2t, add maintainer
This version fixes 3 low-severity vulnerabilities:

- CVE-2019-1547: ECDSA remote timing attack
- CVE-2019-1549: Fork Protection
- CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
                 CMS_decrypt_set1_pkey

Patches were refreshed, and Eneas U de Queiroz added as maintainer.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-20 20:50:07 +02:00
Koen Vandeputte
7e1db8f27c kernel: bump 4.14 to 4.14.145
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-20 15:52:54 +02:00
Koen Vandeputte
d32cf52674 kernel: bump 4.14 to 4.14.144
Refreshed all patches.

Fixes:
- CVE-2019-15030

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-20 13:17:20 +02:00