Commit Graph

50572 Commits

Author SHA1 Message Date
Moritz Warning
3f5109f538 arc770: set device vendor and model variables
This fixes the profiles.json output.

Signed-off-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit d00bbd9de0)
2021-05-26 23:36:40 +02:00
David Bauer
bb8fd58a23 build: avoid generating JSON info on missing image
Previously, build would fail for targets containing devices with not
initramfs image (such as mpc85xx-p1010). Only generate the JSON image
info for the initramfs image when we have one to avoid breaking the
builds.

Fixes commit d3140d0529 ("build/json: generate json file for initramfs")

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 512229ce49)
2021-05-26 23:36:40 +02:00
Moritz Warning
4419c3dcd3 build/json: generate json file for initramfs
The initramfs images are missing from the profiles.json files.

Signed-off-by: Moritz Warning <moritzwarning@web.de>
[fix code by exporting device variables]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit d3140d0529)
2021-05-26 23:36:40 +02:00
Rafał Miłecki
bab7a1120c netifd: update to the latest master
899c2a4 interface: support "device" attribute and deprecate "ifname"
62e3cb5 scripts/netifd-wireless.sh: add support for specifying the operating band

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 5fe549836f)
2021-05-26 08:32:54 +02:00
Rafał Miłecki
83d07db2f2 netifd: update to the latest master
config: fix ifname->ports compat rename

Fixes: 829b5c2ba3 ("netifd: update to the latest version")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit cea6631cdf)
2021-05-26 08:32:54 +02:00
Felix Fietkau
e78ef58431 netifd: update to the latest version
02dd2f2df7cb fix unannotated fall-through warnings
3052f2f67686 extdev: remove unused function
2a97fd006c3b device: add support for configuring devices with external auth handler
87e469be0c08 wireless: fix memory corruption bug when using vlans/station entries in the config
7277764bf817 bridge: rename "ifname" attribute to "ports"

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 829b5c2ba3)
2021-05-26 08:32:54 +02:00
Felix Fietkau
834167b42e libubox: update to the latest version
870acee325fe tests: cram: test_base64: fix failing tests
4d8995e91d56 tests: cram: test_base64: really fix failing tests
551d75b5662c libubox: tests: add more blobmsg/json test cases
a0dbcf8b8f96 tests: add blob-buffer overflow test
b36a3a90098d blob: fix exceeding maximum buffer length
b8abed749423 utils.h: add fallthrough macro
b14c4688612c json_script: fix unannotated fall-through warning

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 04d21604fd)
2021-05-26 08:32:54 +02:00
Leon M. George
ef14916947 netifd: read udhcpc user scripts from directory
Placeholder DHCP user scripts were added recently.

These files make package-based installations of such scripts more difficult.
Pull user callbacks from directories instead to allow packages and users to
install co-existing scripts more easily.

References:
130118f7a netifd: add a udhcpc.user placeholder script

Signed-off-by: Leon M. George <leon@georgemail.eu>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(cherry picked from commit 467c32600c)
2021-05-26 08:32:54 +02:00
Hauke Mehrtens
f3a0f906b5 netifd: update to Git version 2021-04-03
f8899b9 netifd: bridge: set default value for igmp_snoop
327da98 netifd: add possibility to switch off route config

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b974293efa)
2021-05-26 08:32:54 +02:00
Daniel Golle
252660bf3b netifd: update to git HEAD
09632d4 device: remove left-over comment
 b22f83d handler: add mechanism to generate external device handler stubs
 80bf9d7 extdev: add support for external device handlers
 44c0f40 system-linux: reorder sysctl functions
 c84f3b0 system-linux: add device options used by wpad

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit e62ace0ecf)
2021-05-26 08:32:54 +02:00
Rui Salvaterra
5b16484b0d netifd: add a udhcpc.user placeholder script
Document the existence of this feature. This allows the user to execute a script
at each DHCPv4 event. This is useful, for example, as an ad-hoc way to update a
DDNS entry when (and only when) required.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit 130118f7aa)
2021-05-26 08:32:53 +02:00
Daniel Golle
21a3599a9a libubox: update to git HEAD
2e52c7e libubox: fix BLOBMSG_CAST_INT64 (do not override BLOBMSG_TYPE_DOUBLE)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit c82cc4407a)
2021-05-26 08:32:53 +02:00
Rafał Miłecki
d9603bbd3e base-files: use "ports" array in board.json network for bridges
Bridge aggregates multiple ports so use a more accurate name ("ports")
and format (array) for storing them in board.json.

Example:

"network": {
	"lan": {
		"ports": [
			"lan1",
			"lan2",
			"lan3",
			"lan4"
		],
		"protocol": "static"
	},
	"wan": {
		"ifname": "wan",
		"protocol": "dhcp"
	}
}

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit d42640e389)
2021-05-24 10:36:28 +02:00
Hauke Mehrtens
abc2fff80f treewide: Mark packages nonshared if they depend on @TARGET_
This marks all packages which depend on a target with @TARGET nonshared.
If they are not marked nonshared they would be build by the SDK build
and if this happens with a different SDK, then the SDK from the target
the package depends on, the package would not be added to the index.

This should fix the image builder for some of these packages.

This should fix the image builder at least for bcm27xx/bcm2710 and
bcm4908/generic.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1903233f2b)
2021-05-24 00:39:26 +02:00
Ruslan Isaev
a162fe9a96 fakeroot: Alpine linux libc.musl build error fix
Prevent build error on Alpine Linux host:
libfakeroot.c error: conflicting types for 'id_t'
Error relocating openwrt/staging_dir/host/lib/libfakeroot.so: SEND_GET_XATTR: symbol not found

Signed-off-by: Ruslan Isaev <legale.legale@gmail.com>
(cherry picked from commit 7a70f78fb7)
2021-05-23 16:10:59 +02:00
Matt Merhar
0b0e97853a kernel-defaults: fix external kernel build when user_headers is missing
Use an 'if' so the absence of $(LINUX_DIR)/user_headers doesn't make the
line evaluate to false and cause the build to fail.

Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
(cherry picked from commit cc76e34c10)
2021-05-23 16:10:59 +02:00
Robert Marko
d5ea756c3e mvebu: 5.4 fix DVFS caused random boot crashes
5.10.37 and 5.4.119 introduced a lot of DVFS changes for Armada 37xx from 5.13 kernel.

Unfortunately commit:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/cpufreq/armada-37xx-cpufreq.c?h=v5.10.37&id=a13b110e7c9e0dc2edcc7a19d4255fc88abd83cc

This patch actually corrects the things so that 1 or 1.2GHz models would actually get scaled to their native frequency.

However, due to a AVS setting voltages too low this will cause random crashes on 1.2GHz models.

So, until a new safe for everybody voltage is agreed on
lets revert the patch.

Fixes: 9d21ecc ("kernel: bump 5.4 to 5.4.119")
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit 080a0b74e3)
2021-05-23 16:10:59 +02:00
David Adair
a52842a8d0 ccache: Build with ENABLE_DOCUMENTATION=OFF
This adjusts the Makefile to use the new option to turn off the
doc builds. It will not cause any problems except a warning
about unused options if combined with a ccache source missing
the upstream patch.

Since a config setting is required to re-enable the doc build this
is equivalent to unconditionally disabling the docs if the config
setting is not created.

Signed-off-by: David Adair <djabhead@aol.com>
(cherry picked from commit 2d15468323)
2021-05-23 16:10:59 +02:00
DENG Qingfang
1a2ebb88f5 generic: mt7530: fix EEE patch
The higher 16-bit of EEE register was overwritten by mistake, fix that.

Fixes: 5b9ba4a93e ("generic: mt7530: support adjusting EEE")
Signed-off-by: DENG Qingfang <dqfext@gmail.com>
(cherry picked from commit 8d1567ba61)
2021-05-23 16:10:59 +02:00
Daniel González Cabanelas
4dcddedfd2 kernel: backport "mvmdio avoid error message for optional IRQ"
Rid of kernel error message:
  [    0.780828] orion-mdio d0072004.mdio: IRQ index 0 not found

on Marvell targets backporting the kernel commit fa2632f74e57

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
(cherry picked from commit d683175236)
2021-05-23 16:10:59 +02:00
Hauke Mehrtens
7a39781403 bcm63xx: Remove patch already applied upstream
The patch 434-nand-brcmnand-fix-OOB-R-W-with-Hamming-ECC.patch is
integrated in the kernel update 5.4.119 and not needed any more.

Fixes: 9d21eccc6b ("kernel: bump 5.4 to 5.4.119")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-23 16:10:41 +02:00
Baptiste Jonglez
bbbc01ede5 uclient: update to Git version 2021-05-14
6a6011d uclient-http: set eof mark when content-length is 0
19571e4 tests: fix help usage test for uclient built with sanitizer
c5fc04b tests: fix help usage test

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
(cherry picked from commit 1ec6fc4dcb)
2021-05-17 23:03:13 +02:00
Hauke Mehrtens
bc2225fe73 uclient: update to Git version 2021-04-03
83efca2 tests: fix possibly longer start of HTTP server
64e00d6 uclient-fetch: document missing options

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1371910b76)
2021-05-17 23:03:13 +02:00
Baptiste Jonglez
b62fa7453a busybox: disable PREFER_IPV4_ADDRESS
PREFER_IPV4_ADDRESS is broken on IPv6-only hosts, as it causes busybox
utilities (ping, traceroute, ntpd) to forcibly use the A record instead of
the AAAA record when resolving a DNS name.  This obviously fails when
there is no IPv4 connectivity.  Since IPv6-only hosts or routers will only
become more common over time, disable PREFER_IPV4_ADDRESS to support this
use-case.

As a side-effect, disabling PREFER_IPV4_ADDRESS changes the default
resolution behaviour of busybox utilities on dual-stack hosts.  Busybox
utilities now simply use the order given by getaddrinfo(), so they will
now prefer IPv6 addresses when resolving a name with both A and AAAA
records if there is IPv6 connectivity.  This is in line with RFC 6724.

PREFER_IPV4_ADDRESS was likely intended to work around naive
implementations of getaddrinfo() that could return AAAA records first,
even on an IPv4-only host.  But both musl (since 1.1.3) and glibc
correctly implement RFC 6724 for getaddrinfo() and check connectivity to
determine the correct order in which to return records.  On IPv4-only
hosts, getaddrinfo() will return A records first, so there is no need for
the PREFER_IPV4_ADDRESS hack.

See also: https://bugs.busybox.net/show_bug.cgi?id=12381

Fixes: FS#84
Fixes: FS#2608
References: https://github.com/openwrt/openwrt/pull/4167
Signed-off-by: Alexander Traud <pabstraud@compuserve.com>
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
(cherry picked from commit 7fea9d9f5d)
2021-05-17 23:03:13 +02:00
Hauke Mehrtens
003fbfbf94 openwrt-keyring: Only copy sign key for 21.02
Instead of adding all public signature keys from the openwrt-keyring
repository only add the key which is used to sign the OpenWrt 21.02 feeds.

If one of the other keys would be compromised this would not affect
users of 21.02 release builds.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-17 19:13:43 +02:00
Piotr Dymacz
f9b0215e28 ramips: fix SUPPORTED_DEVICES for ALFA Network devices
Vendor firmware expects model name without manufacturer name inside
'supported_devices' part of metadata. This allows direct upgrade to
OpenWrt from vendor's GUI.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit cf3f1f82ea)
2021-05-17 00:02:14 +02:00
Daniel Golle
dee89d42ed procd: update to git HEAD
2be57ed cosmetics: provide compatible system info on Aarch64
 37eed13 system: expose if system was booted from initramfs

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from commit 5f1bd95278)
2021-05-16 19:05:43 +02:00
Felix Fietkau
43e4ba5863 mt76: update to the latest version
Includes fix for CVE-2020-24588

186af01047b2 mt76: mt7921: introduce MCU_EVENT_LP_INFO event parsing
93b5c28c97d5 mt76: mt7921: add rcu section in mt7921_mcu_tx_rate_report
a8e89c5a1d1f mt76: testmode: add support to send larger packet
a0cc9a9e3877 mt76: mt7915: rework mt7915_tm_set_tx_len()
c8b96630324e mt76: mt7915: fix rate setting of tx descriptor in testmode
22fd2958c42a mt76: mt7615: fix memleak when mt7615_unregister_device()
7401e0db3143 mt76: mt7915: fix memleak when mt7915_unregister_device()
c3656268b3f6 mt76: mt7915: only free skbs after mt7915_dma_reset() when reset happens
0ce955b04ba8 mt76: mt7615: only free skbs after mt7615_dma_reset() when reset happens
b03d1e62acf7 mt76: mt7615: use ieee80211_free_txskb() in mt7615_tx_token_put()
5ac02e22fb03 mt76: flush tx status queue on DMA reset
c71f609b398a mt76: sync with upstream changes
23ecadd4af77 mt76: mt7615: fix hardware error recovery for mt7663
57a899ee3c3c mt76: mt7615: fix entering driver-own state on mt7663
42a2dddb706b mt76: mt7615: load ROM patch before checking patch semaphore status
cf0e406af84a mt76: mt7915: add support for applying pre-calibration data
459940ccbc58 mt76: mt7921: move hw configuration in mt7921_register_device
0a094b11f3c0 mt76: improve mcu error logging
bf536832e37d mt76: mt7921: run mt7921_mcu_fw_log_2_host holding mt76 mutex
7616f4f78163 mt76: mt7921: add wifisys reset support in debugfs
e620bd881ef5 mt76: mt7921: abort uncompleted scan by wifi reset
e8dacf59ab1c mt76: mt7915: rework the flow of txpower setting
c8c78e577236 mt76: mt7915: directly read per-rate tx power from registers
1622bf4f8705 mt76: mt7921: add mt7921_dma_cleanup in mt7921_unregister_device
ef96fafad8a9 mt76: Convert to DEFINE_SHOW_ATTRIBUTE
90e4bfea2948 mt76: mt7921: do not use 0 as NULL pointer
0a139d7f5966 mt76: connac: move mcu_update_arp_filter in mt76_connac module
de26c73ce3c2 mt76: mt7921: remove leftover function declaration
1c0b6cb4f942 mt76: mt7921: fix a race between mt7921_mcu_drv_pmctrl and mt7921_mcu_fw_pmctrl
2923e3e2b8e4 mt76: mt7663: fix a race between mt7615_mcu_drv_pmctrl and mt7615_mcu_fw_pmctrl
74d0fdaa7a99 mt76: connac: introduce wake counter for fw_pmctrl synchronization
28c87e09a5ea mt76: mt7921: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx path
36f664edc7db mt76: mt7663: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx path
51b3d1a9a2b7 mt76: dma: add the capability to define a custom rx napi poll routine
4f1339c9fb72 mt76: mt7921: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx/rx napi
1bc5e67a60be mt76: mt7663: rely on mt76_connac_pm_ref/mt76_connac_pm_unref in tx/rx napi
325f7b451c03 mt76: connac: unschedule ps_work in mt76_connac_pm_wake
12115052a02f mt76: connac: check wake refcount in mcu_fw_pmctrl
e5d28e3cef66 mt76: connac: remove MT76_STATE_PM in mac_tx_free
475112a3cdcc mt76: mt7921: get rid of useless MT76_STATE_PM in mt7921_mac_work
112998f32d85 mt76: connac: alaways wake the device before scanning
4334f3e2fc43 mt76: mt7615: rely on pm refcounting in mt7615_led_set_config
0562380659ad mt76: connac: do not run mt76_txq_schedule_all directly
acfa78df5708 mt76: connac: use waitqueue for runtime-pm
ca74a4cd0722 mt76: remove MT76_STATE_PM in tx path
0c2d3e74852e mt76: mt7921: add awake and doze time accounting
45e0eefffe9f mt76: mt7921: enable sw interrupts
fd2ff641166f mt76: mt7615: Fix a dereference of pointer sta before it is null checked
7e2521468767 mt76: mt7921: move mt7921_dma_reset in dma.c
c9dd6b1fa171 mt76: mt7921: introduce mt7921_wpdma_reset utility routine
2ac7c7e9c568 mt76: mt7921: introduce mt7921_dma_{enable,disable} utilities
662a89f2b9d1 mt76: mt7921: introduce mt7921_wpdma_reinit_cond utility routine
614efe9e9180 mt76: connac: introduce mt76_connac_mcu_set_deep_sleep utility
0dbb16ef39d8 mt76: mt7921: enable deep sleep when the device suspends
3c19f569cc70 mt76: mt7921: fix possible invalid register access
ade1f5aad4c6 mt76: move token_lock, token and token_count in mt76_dev
8d5c456be1ff mt76: move token utilities in mt76 common module
fb04d9df5e52 mt76: mt7915: do not read rf value from efuse in flash mode
2126b2176336 mt76: mt7921: get rid of mcu_reset function pointer
d325b7eff1b1 mt76: mt7921: improve doze opportunity
2ae25c7e547e mt76: mt7663: add awake and doze time accounting
349bbb9d6f13 mt76: connac: unschedule mac_work before going to sleep
98a235004dea mt76: mt7921: mt7921_stop should put device in fw_own state
63d80b9ab251 mt76: mt7921: introduce mt7921_mcu_sta_add routine
3c5bf837fdbd mt76: mt7615: fix a precision vs width bug in printk
ded14da5eacc mt76: mt7915: fix a precision vs width bug in printk
aaf0d254f9ea mt76: mt7921: fix a precision vs width bug in printk
757af5c67d32 mt76: move mt76_token_init in mt76_alloc_device
ed41ed73a495 mt76: mt7921: reinit wpdma during drv_own if necessary
92fb81e085c6 mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report
53d915a23bc9 mt76: connac: do not schedule wake_work if the runtime-pm is disabled
23fe1bdcf15a mt76: connac: do not schedule mac_work if the device is not running
e5b19336c58e mt76: mt7615: do not set MT76_STATE_PM at bootstrap
0fc2136a61dd mt76_connac_mcu: move mt76_connac_mcu_update_arp_filter outside of CONFIG_PM
e693f3e23e06 mt76: mt7915: add MSI support
5231e7300fa4 mt7915: disable ASPM
554b50dabf54 mt76: connac: fix uninitialized HT A-MPDU setting field in STA_REC_PHY
43b9c0a838bb mt76: mt7921: fix max aggregation subframes setting
5a387a0a3004 mt76: mt7921: enable rx hw de-amsdu
c8cbcb87be07 mt76: connac: add missing configuration in mt76_connac_mcu_wtbl_hdr_trans_tlv
55921e57b380 mt76: mt7921: enable rx header traslation offload
01441f67d8b2 mt76: mt7921: enable rx csum offload
c9ab76dd93a0 mt76: mt7915: move mt7915_queue_rx_skb to mac.c
caedb4c4ee41 mt76: mt7615: fix fixed-rate tx status reporting
c6ae95d43e6d mt76: improve tx status codepath
27d468d094e6 mt76: mt7915: rework tx rate reporting
3b4ca5b09e2c mt76: mt7615: avoid use of ieee80211_tx_info_clear_status
e1f07d7f1cb9 mt76: mt7603: avoid use of ieee80211_tx_info_clear_status
18513ba5fbc2 mt76: mt7915: add support for tx status reporting
35f189cf81b2 mt76: mt7915: fix uninitialized variable in MSI error handling
9e928ac1ea9b mt76: dma: use ieee80211_tx_status_ext to free packets when tx fails
628eee9c386c mt76: fill queue entry wcid for all skbs with a station
a9bc4d94b7a1 mt76: intialize tx queue entry wcid to 0xffff by default
998ca8af7d17 mt76: mt7915: fix tssi indication field of DBDC NICs
7dd24b3cfacf mt76: mt7915: fix a signedness bug in mt7915_mcu_apply_tx_dpd()
535025d65d8d mt76: mt7915: cleanup mt7915_mcu_sta_rate_ctrl_tlv()
ff8bbe22dd87 mt76: mt7915: add .set_bitrate_mask() callback
c7dd54a22e30 mt76: connac: skip wtbl reset on sta disconnect
3511fd430356 mt76: validate rx A-MSDU subframes
aedc3145de6e mt76: fix possible NULL pointer dereference in mt76_tx
5c2baab92cd0 mt76: mt7615: fix NULL pointer dereference in tx_prepare_skb()
af21659ee834 mt76: mt76x0: use dev_debug instead of dev_err for hw_rf_ctrl
e423c16f16f7 mt76: mt7615: free irq if mt7615_mmio_probe fails
f2d0da8da9b7 mt76: mt7663: enable hw rx header translation
d2713a5d9de9 mt76: mt7921: fix mt7921_wfsys_reset sequence
ce5f32d84f33 mt76: mt7921: Don't alter Rx path classifier
8ab8c7747197 mt76: connac: fw_own rely on all packet memory all being free
a747b0bb4956 mt76: mt7921: enable deep sleep at runtime
2e6e999509b1 mt76: mt7921: add deep sleep control to runtime-pm knob
30bcb2338ce2 mt76: connac: fix WoW with disconnetion and bitmap pattern
56518f4a126e mt76: mt7921: consider the invalid value for to_rssi
e969ab10a034 mt76: mt7921: add back connection monitor support
28b162366d09 mt76: fix calling mt76_get_of_eeprom with an offset for pre-cal data
9d736545bb5a mt76: mt7915: disable pre-calibration support for now

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit f62aa9e781)
2021-05-16 08:48:22 +02:00
Felix Fietkau
5869423d21 mac80211: backport upstream fixes for FragAttacks
From the patch series description:

Several security issues in the 802.11 implementations were found by
Mathy Vanhoef (New York University Abu Dhabi), who has published all
the details at

	https://papers.mathyvanhoef.com/usenix2021.pdf

Specifically, the following CVEs were assigned:

 * CVE-2020-24586 - Fragmentation cache not cleared on reconnection
 * CVE-2020-24587 - Reassembling fragments encrypted under different
                    keys
 * CVE-2020-24588 - Accepting non-SPP A-MSDU frames, which leads to
                    payload being parsed as an L2 frame under an
                    A-MSDU bit toggling attack
 * CVE-2020-26139 - Forwarding EAPOL from unauthenticated sender
 * CVE-2020-26140 - Accepting plaintext data frames in protected
                    networks
 * CVE-2020-26141 - Not verifying TKIP MIC of fragmented frames
 * CVE-2020-26142 - Processing fragmented frames as full frames
 * CVE-2020-26143 - Accepting fragmented plaintext frames in
                    protected networks
 * CVE-2020-26144 - Always accepting unencrypted A-MSDU frames that
                    start with RFC1042 header with EAPOL ethertype
 * CVE-2020-26145 - Accepting plaintext broadcast fragments as full
                    frames
 * CVE-2020-26146 - Reassembling encrypted fragments with non-consecutive
                    packet numbers
 * CVE-2020-26147 - Reassembling mixed encrypted/plaintext fragments

In general, the scope of these attacks is that they may allow an
attacker to
 * inject L2 frames that they can more or less control (depending on the
   vulnerability and attack method) into an otherwise protected network;
 * exfiltrate (some) network data under certain conditions, this is
   specific to the fragmentation issues.

A subset of these issues is known to apply to the Linux IEEE 802.11
implementation (mac80211). Where it is affected, the attached patches
fix the issues, even if not all of them reference the exact CVE IDs.

In addition, driver and/or firmware updates may be necessary, as well
as potentially more fixes to mac80211, depending on how drivers are
using it.

Specifically, for Intel devices, firmware needs to be updated to the
most recently released versions (which was done without any reference
to the security issues) to address some of the vulnerabilities.

To have a single set of patches, I'm also including patches for the
ath10k and ath11k drivers here.

We currently don't have information about how other drivers are, if
at all, affected.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-05-16 08:48:22 +02:00
Hauke Mehrtens
9d21eccc6b kernel: bump 5.4 to 5.4.119
Removed because in upstream
  generic/backport-5.4/050-gro-fix-napi_gro_frags-Fast-GRO-breakage-due-to-IP-a.patch
  ath79/patches-5.4/0050-spi-ath79-remove-spi-master-setup-and-cleanup-assign.patch
  ramips/patches-5.4/999-fix-pci-init-mt7620.patch

Manually rebased
  ath79/patches-5.4/0033-spi-ath79-drop-pdata-support.patch

All others updated automatically.

Compile-tested on: x86/64, ath79/generic
Runtime-tested on: x86/64, ath79/generic

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-15 19:32:20 +02:00
Hauke Mehrtens
c287500a65 mvebu: Remove patch only needed for kernel 5.10
Kernel 5.10 is not supported by OpenWrt 21.02, remove this patch.

Fixes: d530ff37bf ("mvebu: armada 370: dts: fix the crypto engine")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-14 23:36:47 +02:00
Nick Hainke
0e49178f93 busybox: update to 1.33.1
Remove backports:
- 001-backport1330fix-ash-make-strdup-copy.patch
- 002-backport1330fix-traceroute.patch
- 005-backport-CVE-2021-28831.patch

Remove upstreamed:
- 010-fix-wrong-variable.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
[don't use $(AUTORELEASE) for now]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 6713fe030f)
2021-05-14 23:36:47 +02:00
Hauke Mehrtens
f49d4aebe2 kernel: Activate FORTIFY_SOURCE for MIPS kernel 5.4
CONFIG_FORTIFY_SOURCE=y is already set in the generic kernel
configuration, but it is not working for MIPS on kernel 5.4, support for
MIPS was only added with kernel 5.5, other architectures like aarch64
support FORTIFY_SOURCE already since some time.

This patch adds support for FORTIFY_SOURCE to MIPS with kernel 5.4,
kernel 5.10 already supports this and needs no changes.

This backports one patch from kernel 5.5 and one fix from 5.8 to make
fortify source also work on our kernel 5.4.

The changes are not compatible with the
306-mips_mem_functions_performance.patch patch which was also removed
with kernel 5.10, probably because of the same problems. I think it is
not needed anyway as the compiler should automatically optimize the
calls to memset(), memcpy() and memmove() even when not explicitly
telling the compiler to use the build in variant.

This increases the size of an uncompressed kernel by less than 1 KB.

Acked-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 9ffa2f8193)
2021-05-14 23:32:22 +02:00
Rui Salvaterra
c99f037493 mac80211/rtl: backport a rtl8192cu AP mode fix
Running USB devices in AP mode is never a good idea. That said, fix the TIM
issue in rtl8192cu [1], allowing these devices to "work" in AP mode.

[1] https://patchwork.kernel.org/project/linux-wireless/patch/20210419065956.6085-1-pkshih@realtek.com/

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit eeda8652f1)
2021-05-14 23:32:22 +02:00
Hans Dedecker
25d81e9c76 glibc: update to latest 2.33 HEAD (bug 27744)
3f5080aedd nptl: Do not build nptl/tst-pthread-gdb-attach as PIE
36783141cf nptl: Check for compatible GDB in nptl/tst-pthread-gdb-attach
ea299b62e8 nptl_db: Support different libpthread/ld.so load orders (bug 27744)
162df872f0 x86: tst-cpu-features-supports.c: Update AMX check

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 2fc20886ec)
2021-05-14 23:32:22 +02:00
Shiji Yang
ceeaf0b63d ramips: fix mac addresses of Youku YK1
MAC addresses read from official firmware

        value       location
Wlan    xx 71 de    factory@0x04
Lan     xx 71 dd    factory@0x28
Wan     xx 71 df    factory@0x2e
Label   xx 71 dd    factory@0x28

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
[fix sorting in 02_network, redact commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit e57e460dc7)
2021-05-14 23:32:22 +02:00
Baptiste Jonglez
f001bd226c ipq40xx: fix hard_config partition size on MikroTik hAP-ac2
The routerbootparts driver dynamically discovers the location of MikroTik
partitions, but it cannot determine their size (except by extending them
up to the start of the next discovered partition).

The hard_config partition has a default size of 0x1000 in the driver,
while it actually takes 0x2000 on the hAP-ac2.  Set the correct size in
the hAP-ac2 DTS.

On most devices, this isn't a problem as the actual data fits in 0x1000
bytes.  However, some devices have larger data that doesn't fit in 0x1000
bytes.  In any case, all devices seen so far have enough space for a
0x2000 hard_config partition before the start of the dtb_config partition.
With the current 0x1000 size:

0x00000000e000-0x00000000f000 : "hard_config"
0x000000010000-0x000000017bbc : "dtb_config"

With this patch extending the size to 0x2000:

0x00000000e000-0x000000010000 : "hard_config"
0x000000010000-0x000000017bbc : "dtb_config"

Other ipq40xx boards may need the same fix but it needs testing.

References: https://forum.openwrt.org/t/support-for-mikrotik-hap-ac2/23333/324
Acked-by: Thibaut VARÈNE <hacks@slashdirt.org>
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
(cherry picked from commit 979f406366)
2021-05-14 22:52:40 +02:00
Sven Roederer
930e9c0621 sdk: unset BINARY_FOLDER and DOWNLOAD_FOLDER in final archives
Using these config-options to customize the folders used at build-time makes these
folder settings appear in generated archive. This causes the SDK to be not
portable, as it's going to use the build-time folders on the new systems.
The errors vary from passing the build, disk out-of-space to permission denied.

The build-time settings of these folders are passed into the archive via Config.build.
The expected behavior is that the SDK acts after unpacking like these settings have
their defaults, using intree folders. So just filter these folders out when running
convert-config.pl to create Config.build.

This addresses the same issue that's fixed in the previous commit for the imagebuilder.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
(cherry picked from commit 1e4b191ac8)
2021-05-14 22:52:40 +02:00
Sven Roederer
f25dc53723 imagebuilder: unset BINARY_FOLDER and DOWNLOAD_FOLDER in final archive
Using these config-options to customize the folders used at build-time
makes these folder settings appear in generated archive. This causes the
imagebuilder to be not portable, as it's going to use the build-time folders
on the new systems. Errors look like:

  mkdir: cannot create directory '/mnt/build': Permission denied
  Makefile:116: recipe for target '_call_image' failed
  make[2]: *** [_call_image] Error 1
  Makefile:241: recipe for target 'image' failed
  make[1]: *** [image] Error 2

The build-time settings of these folders are passed into the archives via
.config file.
The expected behavior is that after unpacking the imagebuilder acts like
these settings have their defaults, using intree folders. So unset the
build-time settings.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
(cherry picked from commit 6967903b01)
2021-05-14 22:52:40 +02:00
Perry Melange
c6ce0411e1 busybox: add SRV support to nslookup_lede.c patch
Add support for querying and parsing SRV DNS records to nslookup_lede.c

This patch is based on http://lists.busybox.net/pipermail/busybox/2019-June/087359.html

Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
[reword subject, bump PKG_RELEASE]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 3a359398f0)
2021-05-14 00:13:45 +02:00
Jo-Philipp Wich
faf9528a23 base-files: shinit: properly handle dashes in service names
Fixes: FS#3801
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 75ea878d1b)
2021-05-12 12:45:38 +02:00
Thibaut VARÈNE
2f0ab93799 generic: platform/mikrotik: release mtd device after use
The code uses get_mtd_device_nm() which must be followed by a call to
put_mtd_device() once the handle is no longer used.

This fixes spurious shutdown console messages such as:
[ 2256.334562] Removing MTD device #7 (soft_config) with use count 1

Reported-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(cherry picked from commit 4e385a27d6)
2021-05-12 10:14:33 +02:00
Thomas Richard
4d9f3ae2bb uqmi: fix network registration loop
With some debug in qmi.sh using following patch, some errors are visible
in the registration step
@@ -29,6 +29,7 @@ proto_qmi_init_config() {
 }

 proto_qmi_setup() {
+       set -x
        local interface="$1"
        local dataformat connstat plmn_mode mcc mnc
        local device apn auth username password pincode delay modes pdptype
@@ -224,6 +225,8 @@ proto_qmi_setup() {
                fi
        done

+       registration=$(uqmi -s -d "$device" --get-serving-system)
+
        [ -n "$modes" ] && uqmi -s -d "$device" --set-network-modes "$modes" > /dev/null 2>&1

        echo "Starting network $interface"

During the boot of the system, modem could not start automatically its
network registration.
netifd: wan (9235): + echo 'Waiting for network registration'
netifd: wan (9235): Waiting for network registration
netifd: wan (9235): + local 'registration_timeout=0'
netifd: wan (9235): + uqmi -s -d /dev/cdc-wdm1 --get-serving-system
netifd: wan (9235): + grep '"searching"'
netifd: wan (9235): + uqmi -s -d /dev/cdc-wdm1 --get-serving-system
netifd: wan (9235): + registration='{"registration":"not_registered","plmn_mcc":208,"plmn_mnc":20,"plmn_description":"","roaming":true}'
netifd: wan (9235): + '[' -n  ]
netifd: wan (9235): + echo 'Starting network wan'

As the while loop checks only "searching" pattern, uqmi.sh script quits
searching loop and continues whereas the modem is not registered

Other issue, after X seconds modem stops searching.
netifd: wan (9213): + uqmi -s -d /dev/cdc-wdm0 --get-serving-system
netifd: wan (9213): + grep '"searching"'
netifd: wan (9213): + '[' -e /dev/cdc-wdm0 ]
netifd: wan (9213): + '[' 3 -lt 0 -o 0 '=' 0 ]
netifd: wan (9213): + let registration_timeout++
netifd: wan (9213): + sleep 1
netifd: wan (9213): + uqmi -s -d /dev/cdc-wdm0 --get-serving-system
netifd: wan (9213): + grep '"searching"'
netifd: wan (9213): + uqmi -s -d /dev/cdc-wdm0 --get-serving-system
netifd: wan (9213): + registration='{"registration":"not_registered"}'
netifd: wan (9213): + '[' -n  ]
netifd: wan (9213): + echo 'Starting network wan'
netifd: wan (9213): Starting network wan

If registration_timeout is not expired, registration can be restarted

Signed-off-by: Thomas Richard <thomas.richard@kontron.com>
Tested-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 2eda042d55)
2021-05-11 19:56:20 +02:00
Rafał Miłecki
4b89b90d9f kernel: fix parsing fixed subpartitions
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ed4641e9f1)
2021-05-08 19:29:08 +02:00
Bas Mevissen
567ad2d434 Extend checks on build prerequisites for building OpenWRT core
OpenWRT requires a number of Perl modules to be installed. It wasn't checking on all of them.
This patch adds checks for Perl FindBin, File::Copy, File::Compare and Thread::Queue modules.

Failing to install these, will have the build break at some point. By adding these to the
prereq-build.mk script, they are checked on forehand.

Tested on a Fedora 33 and 34 (beta) that was freshly installed. Fedora appears to
break up Perl modules into small packages that need to be installed for the build to succeed.

Signed-off-by: Bas Mevissen <abuse@basmevissen.nl>
(cherry picked from commit f68c9474ac)
2021-05-08 12:45:55 +02:00
Hauke Mehrtens
04579a527a kernel: bump 5.4 to 5.4.117
All updated automatically.

Compile-tested on: x86/64, armvirt/32, ath79/generic
Runtime-tested on: x86/64, armvirt/32, ath79/generic

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-07 23:30:57 +02:00
Alex Henrie
10a535a90c tplink-safeloader: fix product_name of TP-Link AD7200
The stock firmware does not accept firmware with "Talon" in the name.

Tested on firmware version 1.0.10 Build 20160902 rel. 57400 which came
preinstalled, as well as latest firmware version 2.0.1 Build 20170103
rel.71053 flashed from
AD7200v1-up-ver2-0-1-P1[20170103-rel71053]_2017-01-04_10.08.28.bin.

Fixes: 1a775a4fd0 ("ipq806x: add support for TP-Link Talon AD7200")
Signed-off-by: Alex Henrie <alexhenrie24@gmail.com>
[added details about vendor firmware]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit dfef88b6ca)
2021-05-06 09:53:44 +02:00
Alan Swanson
d1a056f620 dnsmasq: Update to version 2.85
Fixes issue with merged DNS requests in 2.83/2.84 not being
retried on the firsts failed request causing lookup failures.

Also fixes the following security problem in dnsmasq:
* CVE-2021-3448:
  If specifiying the source address or interface to be used
  when contacting upstream name servers such as:
  server=8.8.8.8@1.2.3.4, server=8.8.8.8@1.2.3.4#66 and
  server=8.8.8.8@eth0 then all would use the same socket
  bound to the explicitly configured port. Now only
  server=8.8.8.8@1.2.3.4#66 will use the explicitly
  configured port and the others random source ports.

Remove upstreamed patches and update remaining patch.

Signed-off-by: Alan Swanson <reiver@improbability.net>
[refreshed old runtime support patch]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 3980daffa4)
2021-05-05 09:22:36 +01:00
Hauke Mehrtens
08cfc7a0d3 ltq-dsl-base: Make package nonshared to fix image builder
This package depends on the lantiq target and is only build for that
target. A normal package would be build by the SDK builder probably
under a different target and then this package will not be selected.
Mark it as nonshared to build it when the lantiq target gets build.

Fixes: FS#3773, FS#3774
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 454d514f46)
2021-05-04 22:29:38 +02:00
Hauke Mehrtens
ce41fc38ba mac80211: Update to version 5.10.34-1
The removed patches were applied upstream and are not needed anymore.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 17ac9849d3)
2021-05-04 22:29:34 +02:00