Commit Graph

42441 Commits

Author SHA1 Message Date
Koen Vandeputte
40b1e899ba kernel: bump 4.9 to 4.9.181
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-12 16:04:25 +02:00
Chen Minqiang
5dbac47426 kernel: re-add bridge allow reception on disabled port
The "bridge allow reception on disabled port" implementation
was broken after these commits:

b765f4be40 ("kernel: bump 4.14 to 4.14.114")
456f486b53 ("kernel: bump 4.9 to 4.9.171")

This leads to issues when for example WDS is used, tied to a bridge:

[ 96.503771] wlan1: send auth to d4:5f:25:eb:09:82 (try 1/3)
[ 96.517956] wlan1: authenticated
[ 96.526209] wlan1: associate with d4:5f:25:eb:09:82 (try 1/3)
[ 97.086156] wlan1: associate with d4:5f:25:eb:09:82 (try 2/3)
[ 97.200919] wlan1: RX AssocResp from d4:5f:25:eb:09:82 (capab=0x11 status=0 aid=1)
[ 97.208706] wlan1: associated
[ 101.312913] wlan1: deauthenticated from d4:5f:25:eb:09:82 (Reason: 2=PREV_AUTH_NOT_VALID)

It seems upstream introduced a new patch, [1]
so we have to reimplement these patches properly:

target/linux/generic/pending-4.9/150-bridge_allow_receiption_on_disabled_port.patch
target/linux/generic/pending-4.14/150-bridge_allow_receiption_on_disabled_port.patch

[1] https://lkml.org/lkml/2019/4/24/1228

Fixes: b765f4be40 ("kernel: bump 4.14 to 4.14.114")
Fixes: 456f486b53 ("kernel: bump 4.9 to 4.9.171")
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
[updated commit message and title]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-07 18:24:08 +02:00
Jo-Philipp Wich
5d27e87de7 rpcd: fix init script reload action
Drop the legacy start() and stop() procedures and define a proper
reload signal action instead.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f664d560df)
2019-06-06 11:29:15 +02:00
Koen Vandeputte
1867f10807 kernel: bump 4.14 to 4.14.123
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-03 17:01:20 +02:00
Koen Vandeputte
7fe1b4a4b2 kernel: bump 4.9 to 4.9.180
Refreshed all patches.

Compile-tested: ar71xx
Runtime-tested: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-03 17:01:20 +02:00
Koen Vandeputte
6563e494a0 kernel: bump 4.14 to 4.14.122
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-03 12:43:17 +02:00
Koen Vandeputte
e3408d09b0 kernel: bump 4.9 to 4.9.179
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-03 12:43:17 +02:00
Christian Lamparter
b2b1265a1d apm821xx: backport accepted linux-crypto patches
Rather than wait until the patches hit vanilla and
get backported via the stable kernel, this patch
patches the crypto4xx driver with the latest fixes
from the upstream linux-crypto tree.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-06-01 19:47:14 +02:00
Eneas U de Queiroz
6761961919 openssl: update to 1.0.2s
Highlights of this version:
- Change default RSA, DSA and DH size to 2048 bit
- Reject invalid EC point coordinates
  This avoids CVE-2019-9498 and CVE-2019-9499 in hostapd

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-06-01 15:50:20 +02:00
Hauke Mehrtens
9591155737 kernel: Fix arc kernel 4.14 build
This fixes a patch for the ARC architecture.

This was found by the build bot.

Fixes: 810ee3b84a ("kernel: bump 4.14 to 4.14.104")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-30 12:16:10 +02:00
Hauke Mehrtens
dc1b578a4c curl: Fix multiple security problems
This fixes the following security problems:
* CVE-2018-14618: NTLM password overflow via integer overflow
* CVE-2018-16839: SASL password overflow via integer overflow
* CVE-2018-16840: use-after-free in handle close
* CVE-2018-16842: warning message out-of-buffer read
* CVE-2019-3823:  SMTP end-of-response out-of-bounds read
* CVE-2019-3822:  NTLMv2 type-3 header stack buffer overflow
* CVE-2018-16890: NTLM type-2 out-of-bounds buffer read

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-30 12:15:20 +02:00
Hauke Mehrtens
40ed8389ef mbedtls: update to version 2.16.1
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-30 12:15:20 +02:00
Koen Vandeputte
7e07320dc4 kernel: bump 4.14 to 4.14.121
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-28 11:04:43 +02:00
Koen Vandeputte
054aecdf0b kernel: bump 4.9 to 4.9.178
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-28 11:04:43 +02:00
Hans Dedecker
e9a7344550 uci: fix heap use after free (FS#2288)
f199b96 uci: fix options list of section after type change

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-23 22:09:09 +02:00
Jonas Gorski
4b633affff brcm63xx: drop linux,part-probe usage where possible
It was present as 4.4 compatibility, but since we now use 4.9 or later
with the new upstream solution, we don't need it anymore.

This also fixes a serious regression introduced by ac9bcefa3b, which
changed the precedence of linux,part-probe and the new-type partitions
node compatible string, causing caldata partitions to be overwritten.

Fixes: ac9bcefa3b ("kernel: use V10 of mtd patchset adding support for "compatible" string")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit 7880a6f7fe)
2019-05-23 13:17:08 +02:00
Jonas Gorski
cfb72eed69 brcm63xx: drop own implementation of DT partitions in favour of upstream
The binding works the same, so we can just drop the revert and the patch.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit abb28bec25)
2019-05-23 13:17:02 +02:00
Koen Vandeputte
68a5e662c2 kernel: bump 4.14 to 4.14.120
Refreshed all patches.

Altered patches:
- 0067-generic-Mangle-bootloader-s-kernel-arguments.patch
- 006-mvebu-Mangle-bootloader-s-kernel-arguments.patch
- 996-generic-Mangle-bootloader-s-kernel-arguments.patch

Compile-tested on: cns3xxx, imx6, mvebu
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-21 09:48:48 +02:00
Koen Vandeputte
85294fc5e7 kernel: bump 4.9 to 4.9.177
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-21 09:48:48 +02:00
Koen Vandeputte
152755c9a2 kernel: bump 4.14 to 4.14.119
Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-21 09:48:48 +02:00
Koen Vandeputte
82e4b4250d kernel: bump 4.9 to 4.9.176
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-21 09:48:48 +02:00
Adrian Schmutzler
cf2aa873ea ar71xx: Fix network setup for TP-Link Archer C25 v1
Network for the Archer C25 v1 is set up without switch for no
obvious reason. The LED setup is even done switch-based.

This patch changes network setup so a switch is created.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-05-19 12:24:28 +02:00
Hauke Mehrtens
e6928e6b29 kernel: Fix arc kernel build
This fixes a patch for the ARC architecture.

This was found by the build bot.

Fixes: 5183df0dbf ("kernel: bump 4.9 to 4.9.161")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-17 22:04:21 +02:00
Hauke Mehrtens
3239f56136 uboot-fritz4040: Add host flags for host compiler
This adds the host staging directory to the include path to make it use
the zlib.h files from the staging include directory and also link
against the zlib version from the staging directory.

This fixes a compile problem when the zlib header were not installed on
the build host.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-17 22:03:25 +02:00
Hauke Mehrtens
b5ce5217e2 ramips: rt305x: Reduce size of a5-v11 image
The root file system of the a5-v11 image was too big and broke the
build, remove the USB modules from the default image to make it smaller.
This should fix the build again.

This was found by the build bot.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-17 22:01:49 +02:00
Koen Vandeputte
d3053b1bdc kernel: bump 4.14 to 4.14.118
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-15 11:28:40 +02:00
Koen Vandeputte
f053a8ce41 kernel: bump 4.9 to 4.9.175
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-15 11:28:40 +02:00
Koen Vandeputte
412d80cdb7 kernel: bump 4.14 to 4.14.115
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-06 12:44:26 +02:00
Koen Vandeputte
f105a9c35c kernel: bump 4.9 to 4.9.172
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-06 12:44:26 +02:00
Koen Vandeputte
4685bf1d2f kernel: bump 4.14 to 4.14.114
Refreshed all patches.

Altered patches:
- 150-bridge_allow_receiption_on_disabled_port.patch
- 201-extra_optimization.patch

Remove upstreamed:
- 022-0006-crypto-crypto4xx-properly-set-IV-after-de-and-encryp.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-02 13:00:26 +02:00
Koen Vandeputte
2faceb1a39 kernel: bump 4.9 to 4.9.171
Refreshed all patches.

Altered patches:
- 150-bridge_allow_receiption_on_disabled_port.patch
- 201-extra_optimization.patch

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-02 13:00:26 +02:00
Jo-Philipp Wich
e0505cc018 Revert "uhttpd: disable concurrent requests by default"
This reverts commit c6aa9ff388.

Further testing has revealed that we will need to allow concurrent
requests after all, especially for situations where CGI processes
initiate further HTTP requests to the local host.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f00a4ae6e0)
2019-04-24 10:38:53 +02:00
Ted Hess
24aefaec62 tools/pkg-config: Handle variable substitution of 'bindir' to redirect to STAGING_DIR/bin
Signed-off-by: Ted Hess <thess@kitschensync.net>
(cherry picked from commit 042d68a195)
2019-04-24 07:22:25 +02:00
Arthur Skowronek
aaa34526c4 tools/pkg-config: pass arguments at the end
Go for openwrt passes pkg-config arguments in the format of

        pkg-config --cflags -- pkg-name

which in turn will be passed down to the real pkg-config as something
like

        pkg-config.real --cflags -- pkg-name --define...

and causes the real pkg-config implementation to missinterpret the given
argument list.

This also helps to fix https://github.com/golang/go/issues/27940

Signed-off-by: Arthur Skowronek <arthur.skowronek@tuta.io>
(cherry picked from commit 5f2cb6d7dc)
2019-04-24 07:22:17 +02:00
Koen Vandeputte
3103bd54c5 kernel: bump 4.14 to 4.14.113
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-04-23 13:23:22 +02:00
Koen Vandeputte
a5c62c933b kernel: bump 4.9 to 4.9.170
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-04-23 13:23:22 +02:00
Koen Vandeputte
ac3b5f00e1 kernel: bump 4.14 to 4.14.112
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-04-22 21:16:53 +02:00
Koen Vandeputte
15a70d085d kernel: bump 4.9 to 4.9.169
Refreshed all patches.

New symbols:
- CONFIG_PPC_BARRIER_NOSPEC
- CONFIG_LDISC_AUTOLOAD

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-04-22 21:16:53 +02:00
Andreas Ziegler
e6e5435c5b
ar71xx: GL.iNet AR300M family: correct LED definitions
remove USB as this is no LED but power control
rename WiFi LED with correct color red (like in stock firmware)
set middle LED to be used for LAN link/activity

Signed-off-by: Andreas Ziegler <dev@andreas-ziegler.de>
(cherry picked from commit 53c46b504c)
2019-04-22 18:30:00 +02:00
Josef Schlehofer
ecfe0f1cc4 ca-certificates: update to version 20190110
- Tested on Turris MOX, OpenWrt master
- Removed PKG_BUILD_DIR
In build_dir there were two folders
ca-certificates and ca-certificates-20190110 and it failed as files
were in ca-certificates-20190110

Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
(cherry picked from commit f22c33b40c)
2019-04-20 13:03:40 +02:00
Rafał Miłecki
2d2e615dee mac80211: brcmfmac: really add early fw crash recovery
Previous commit backported USB fixes instead of firmware crash recovery
patches.

Fixes: 02aed76968 ("mac80211: brcmfmac: early work on FullMAC firmware crash recovery")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-04-18 12:37:10 +02:00
Rafał Miłecki
02aed76968 mac80211: brcmfmac: early work on FullMAC firmware crash recovery
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-04-18 11:48:21 +02:00
Petr Štetiar
1a6d7a651f lantiq: tdw89x0: Fix WLAN LED on TP-Link W8970 v1.2 (FS#2232)
This patch fixes disfunctional WLAN LED on TP-Link W8970. The LED was
reported working in the CC release[1], but doesn't work anymore in 18.06.2.

1. 420cb24d41

Tested-by: Damian Janarek <dzanar18@o2.pl>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-17 15:06:48 +02:00
Adrian Schmutzler
6ac061f319 ar71xx: Fix IMAGE_SIZE for TP-Link Archer C7 v5
IMAGE_SIZE for C7v5 is wrong in openwrt-18.06, looks like it
was just copied from C7v4. In master, this got fixed with the
introduction of dynamic partitioning in
7c78be1b74

However, this is not connected to the changes introduced there,
but also applies to the static partitioning in openwrt-18.06.
It appears to be simply wrong at the moment ...

Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-04-11 22:54:45 +02:00
Adrian Schmutzler
7268ebb1e4 ar71xx: Correct MAC address for WAN interface of Archer C7 v5
This device shares the network config with v4, thus the WAN MAC
also needs to be fixed the same way. However, the partition
where the MAC address resides has been changed.

Backport of commit 93d23aced2

Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-04-11 22:54:45 +02:00
Adrian Schmutzler
c7eb679047 ar71xx: Add "info" partition for TP-Link Archer C7 v5
This adds the "info" MTD partition, as it is specified in the
ath79 DTS:
https://github.com/openwrt/openwrt/blob/master/target/linux/ath79/dts/qca9563_tplink_archer-c7-v5.dts#L35

This is required to set the WAN MAC address, as it is build based
on the LAN MAC address, which in turn has to be read from the
"info" partition:
https://github.com/openwrt/openwrt/blob/master/target/linux/ath79/dts/qca9563_tplink_archer-x7-v5.dtsi#L184

Backport of commit 9aa8f87d27

Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-04-11 22:54:45 +02:00
Aubrey McIntosh, PhD
9c4fa1bb5b ar71xx: Remove ath10k packages from archer-c7-v1 (fixes FS#1743)
ath10k_pci driver crashes once loaded and causes boot loops on this
device as 5GHz radio QCA9880-AR1A shipped with this router is broken.
It's not possible to fix this problem in software, miniPCIe radio has to
be replaced.

We could've probably fixed crashing of the ath10k driver by reverting
following upstream commit:

 commit 1a7fecb766c83dace747f42b25bbb544b00a0163
 Author: Michal Kazior <michal.kazior@tieto.com>
 Date:   Sat Jan 24 12:14:48 2015 +0200

    ath10k: reset chip before reading chip_id in probe

but it's not worth the effort as it wouldn't make that 5GHz radio usable
anyway. So it seems more convenient to just remove the crashing driver
and provide bootable images, as I believe, that a router that is working
but degraded is better than a router that will not work.

For details please see discussions in PR[1] and in FS#1743[2].

1. https://github.com/openwrt/openwrt/pull/1349
2. https://bugs.openwrt.org/index.php?do=details&task_id=1743

Reviewed-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Aubrey McIntosh, PhD <aubrey.mcintosh@utexas.edu>
[subject and commit message tweaks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-11 22:22:10 +02:00
Koen Vandeputte
6c81f5fac6 kernel: bump 4.14 to 4.14.111
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-04-08 14:54:48 +02:00
Koen Vandeputte
aa0e6fc489 kernel: bump 4.9 to 4.9.168
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-04-08 14:54:48 +02:00
Koen Vandeputte
dad220a00c kernel: bump 4.14 to 4.14.110
Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-04-08 12:11:59 +02:00