Commit Graph

16188 Commits

Author SHA1 Message Date
Hauke Mehrtens
eb15634541 OpenWrt v19.07.0: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-01-06 22:41:02 +01:00
Hauke Mehrtens
aca39acedf OpenWrt v19.07.0: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-01-06 22:40:58 +01:00
Hauke Mehrtens
f58705b77e dnsmasq: Fix potential dnsmasq crash with TCP
This is a backport from the dnsmasq master which should fix a bug which
could cause a crash in dnsmasq.

I saw the following crashes in my log:
[522413.117215] do_page_fault(): sending SIGSEGV to dnsmasq for invalid read access from 2a001450
[522413.124464] epc = 004197f1 in dnsmasq[400000+23000]
[522413.129459] ra  = 004197ef in dnsmasq[400000+23000]
This is happening in blockdata_write() when block->next is
dereferenced, but I am not sure if this is related to this problem or if
this is a different problem. I am unable to reproduce this problem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 414d054138)
2020-01-06 17:46:00 +01:00
Maxim Storchak
abb0665bec ca-certificates: provide ca-certs by both ca-certificates and ca-bundle
- both packages provide ca-certs
- make ca-bundle the default provider

This should allow easy transition between these two forms of CA certificates storage

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
(cherry picked from commit dd299805ad)
2020-01-05 20:05:33 +01:00
Petr Štetiar
a5653ec87e package: remove accidentally added symlink
In the commit f3439c4019 ("procd: update to version 2020-01-04") I've
somehow managed to add local testing symlink to the uledd package, so
removing it now.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-05 18:42:16 +01:00
Jo-Philipp Wich
6395ac4126 fstools: update to latest Git HEAD
823faa0 block: re-discover mtd devices on extroot mount retry

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 22a178e892)
2020-01-05 18:41:25 +01:00
Petr Štetiar
f3439c4019 procd: update to version 2020-01-04
Contains following changes:

 a5af33ce9a16 instance: strdup string attributes
 d2e8bf6ef7cf system: watchdog_set: fix misleading indentation
 9814807bd71c system: sysupgrade: fix possibly misleading error
 c7a2db3c1eb6 system: sysupgrade: rework firmware validation
 ea45c4a0f07c system: fix failing image validation due to EINTR
 4fde95506243 cmake: fix lookup of external libraries
 5ed190aae1b3 jail: remove accidentally added lines
 52c5c1980ba3 jail: set user and group inside jail
 3aa051b44177 system: sysupgrade: close input side of pipe before reading
 f47622e89c4d instance: Warn about unexpected number of parameters
 564ecdfd9cc4 instance: ujail: Fix allocated size for no_new_privs parameter
 7fb2e1dfa221 procd: simplify code in procd_inittab_run
 4a127c3c60af procd: replace exit(-1) with exit(EXIT_FAILURE)
 bc0a73eaad58 procd: add upgraded binary to .gitignore
 ba4c4dbbbd65 procd: add start-console support
 3e39fe539490 procd: shift arguments for askfirst only once
 5d6282906baf procd: skip respawn in case device disappeared
 d27949f12fd7 procd: guard fork_worker calls
 258aa04328a2 procd: Add cached and available to memory table
 8e9fb51fa66e procd: Switch to nanosleep
 c844ace9729a system: Fix possible integer overflows

Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-05 17:50:10 +01:00
Petr Štetiar
64c45d95d6 ubus: update to version 2019-12-27
Contains following changes:

 041c9d1c052b ubusd/libubus-io: fix socket descriptor passing
 8f2292478c57 ci: enable unit testing
 a1523d76b016 fix blob parsing vulnerability by using blob_parse_untrusted
 c60583743ccf ubus_monitor: workaround possibly false positive uses of memory after it is freed
 dac6c7c575ac ubusd_monitor: fix possible null pointer dereference
 060dfbb26da3 ubus_common: remove duplicate ARRAY_SIZE and add missing include
 c5f2053dfcfd workaround possibly false positive uses of memory after it is freed
 72be8e93f07d lua: ubus_lua_do_subscribe: fix copy&paste error
 a995b1e68129 lua: workaround false positive dereference of null pointer
 08f17c87a000 add fuzzer and cram based unit tests
 c413be9b376c refactor ubusd.c into reusable ubusd_library
 afd47189e864 examples: remove dead increments
 b2e544238672 add initial GitLab CI support
 058f4e9526ed libubus: fix incompatible pointer types assigment
 d2e026a33df8 iron out all extra compiler warnings
 5d7ca8309d0a ubusd/libubus-io: fix variable sized struct position warning
 d61282db5640 ubusd: fix comparison of integers of different signs
 90fb16234c22 cmake: enable extra compiler checks
 2e051f628996 ubus: Support static builds
 588baa3cd784 ubusd: retry sending messages on EINTR
 76ea27a62774 libubus: attempt to receive data before calling poll
 4daab27d004f libubus: do not abort recv_retry before completing a message

and bumps ABI_VERSION to 20191227.

Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-05 17:50:10 +01:00
Petr Štetiar
04fd5e22b2 libubox: update to version 2019-12-28
Contains following changes:

 cd75136b1342 blobmsg: fix wrong payload len passed from blobmsg_check_array
 eb7eb6393d47 blobmsg: fix array out of bounds GCC 10 warning
 86f6a5b8d1f1 blobmsg: reuse blobmsg_namelen in blobmsg_data
 586ce031eaa0 tests: fuzz: fuzz _len variants of checking methods
 b0e21553ae8c blobmsg: add _len variants for all attribute checking methods
 cd3059796a57 Replace use of blobmsg_check_attr by blobmsg_check_attr_len
 143303149c8b Ensure blob_attr length check does not perform out of bounds reads
 f2b2ee441adb blobmsg: fix heap buffer overflow in blobmsg_parse
 4dfd24ed88c4 blobmsg: make blobmsg_len and blobmsg_data_len return unsigned value
 2df6d35e3299 tests: add test cases for blobmsg parsing
 8a34788b46c4 test: fuzz: add blobmsg_check_attr crashes
 478597b9f9ae blob: fix OOB access in blob_check_type
 325418a7a3c0 tests: use blob_parse_untrusted variant
 0b24e24b93e1 blob: introduce blob_parse_untrusted
 6d27336e4a8b blob: refactor attr parsing into separate function
 833d25797b16 test: fuzz: add blob_parse crashes
 09ee90f8d6ed tests: add test cases for blob parsing
 436d6363a10b tests: add libFuzzer based tests
 bf680707acfd tests: add unit tests covered with Clang sanitizers
 f804578847de cmake: add more hardening compiler flags
 46f8268b4b5b blobmsg/ulog: fix format string compiler warnings
 eb216a952407 cmake: use extra compiler warnings only on gcc6+
 07413cce72e1 tests: jshn: add more test cases
 26586dae43a8 jshn: fix missing usage for -p and -o arguments
 8e832a771d3a jshn: fix off by one in jshn_parse_file
 cb698e35409b jshn: jshn_parse: fix leaks of memory pointed to by 'obj'
 c42f11cc7c0f jshn: main: fix leak of memory pointed to by 'vars'
 93848ec96dc5 jshn: refactor main into smaller pieces
 9b6ede0e5312 avl: guard against theoretical null pointer dereference
 c008294a8323 blobmsg_json: fix possible uninitialized struct member
 0003ea9c45cc base64: fix possible null pointer dereference
 8baeeea1f52d add assert.h component
 b0a5cd8a28bf add cram based unit tests
 1fefb7c4d7f9 add initial GitLab CI support
 c955464d7a9b enable extra compiler checks
 6228df9de91d iron out all extra compiler warnings

and bumps ABI_VERSION to 20191228.

Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-05 17:50:10 +01:00
Petr Štetiar
bf99f79200 base-files: sysupgrade: exit if the firmware download failed
Sysupgrade process shouldn't continue if the firmware image couldn't be
downloaded.

Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020940.html
Reported-by: Petr Novák <petrn@me.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit cf3da66d2c)
2020-01-05 17:50:10 +01:00
Klaus Kudielka
3140d38042 base-files: upgrade: add case to export_bootdevice
The factory uboot of the Turris Omnia boots with "root=b301", and we
instruct new users to sysupgrade from there (e.g. method 1, step 7).
Currently, this will fail with "Unable to determine upgrade device".
Add a new case to export_bootdevice, which parses the hex argument.

Ref: https://github.com/openwrt/openwrt/pull/2340#issuecomment-561317688
Fixes: 2e5a0b81ec ("mvebu: sysupgrade: sdcard: keep user added partitons")
Reviewed-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 3a4f587c46)
2020-01-05 16:41:35 +01:00
Eneas U de Queiroz
3fc47dd443 wolfssl: bump to 4.3.0-stable
This update fixes many bugs, and six security vulnerabilities, including
CVE-2019-18840.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit d5ede68f8b)
2020-01-04 23:04:24 +01:00
David Bauer
f8543adb14 mt76: update to the latest openwrt-19.07 version
8a78567 mt76: fix compilation warning in mt76_eeprom_override()

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-01-04 22:02:22 +01:00
David Bauer
bce5342fb6 mt76: fix incorrect firmware path
The mt76 driver does load the firmware for the MT7615 chip from
/lib/firmware/mediatek instead of /lib/firmware. The driver loads the
firmware from this path since mt76 commit
ea3ab68c7589 ("mt76: mt7615: fix mt7615 firmware path definitions").

Fixes: a2e2c40b5e ("mt76: update to the latest openwrt-19.07 version")

Reported-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Stijn Segers <foss@volatilesystems.org>
2020-01-04 12:40:04 +01:00
David Bauer
a2e2c40b5e mt76: update to the latest openwrt-19.07 version
330e832 mt76: mt76x0: fix default mac address overwrite
f97c33e mt76: mt7603: fix input validation issues for powersave-filtered frames
875f6d7 mt76: mt7615: increase MCU command timeout
abd7d86 mt76: clear skb pointers from rx aggregation reorder buffer during cleanup
96c7b07 mt76: eeprom: add support for big endian eeprom partition
19c8e20 mt76: fix possible undetected invalid MAC address
df64c56 mt76: Off by one in mt76_calc_rx_airtime()
1702b24 mt76: mt7603: reset STA_CCA counter setting the channel
383a631 mt76: mt76x0u: do not reset radio on resume
2dcfbdd mt76: disable bh in mt76_dma_rx_poll
947d20d mt76: fix rx dma ring descriptor state on reset
f3348f5 mt7615: replace sta_state callback with sta_add/sta_remove
faf5e6f mt76: mt7615: read {tx,rx} mask from eeprom
db78ee0 mt76: move mt76_get_antenna in mt76_core module
7121e16 mt76: fix possible out-of-bound access in mt7615_fill_txs/mt7603_fill_txs
5dfb0ec mt76: mt7615: disable radar pattern detector during scanning
e2f90ad mt76: move interface_modes definition in mt76_core module
cfdb751 mt76: mt7615: add ibss support
e0731a8 mt76: move SUPPORTS_REORDERING_BUFFER hw property in mt76_register_device
a85c06c mt76: use mt76_dev in mt76_is_{mmio,usb}
ea19cd7 mt76: Remove set but not used variable 'idx'
3cbaf81 mt76: mt76u: rely on a dedicated stats workqueue
20f0589 mt76: mt76u: rely on usb_interface instead of usb_dev
f2be00b mt76: dma: fix buffer unmap with non-linear skbs
c14d656 mt76: mt76x2e: disable pcie_aspm by default
58e1e96 mt76: mt7615: remove unneeded semicolon
c93a2d1 mt76: mt76x02u: update ewma pkt len in mt76x02u_tx_prepare_skb
1987b74 mt76: mt76x0: remove 350ms delay in mt76x0_phy_calibrate
50b1e9b mt76: refactor cc_lock locking scheme
d868638 mt76: remove obsolete .add_buf() from struct mt76_queue_ops
dc14ac6 mt7615: remove vif sta from poll list on interface remove
2a0a191 mt7603: remove vif sta from poll list on interface remove
d3a5895 mt76: fix a-mpdu boundary detection issue for airtime reporting
391e148 mt76: add sanity check for a-mpdu rx wcid index
01642d8 mt76: mt76x02: fix use-after-free in tx status code handling airtime
c11a4ad mt76: mt76x0: eeprom: add support for MAC address from OF
d94cc81 mt76: drop rcu read lock in mt76_rx_aggr_stop
7d8764d mt76: avoid enabling interrupt if NAPI poll is still pending
5b02a07 mt76: add missing locking around ampdu action
71c2ef0 mt76: fix aggregation stop issue
6f7d0f5 mt76: fix use-after-free bug in airtime fairness code
8f22de0 mt76: do not use devm API for led classdev
e7199f9 mt76: enable airtime fairness
81f2be0 mt76: mt7615: track tx/rx airtime for airtime fairness
2579122 mt76: mt7615: introduce mt7615_mac_wtbl_update routine
d91f7c1 mt76: mt7615: fix survey channel busy time
028071d mt76: mt7615: report tx_time, bss_rx and busy time to mac80211
0e5050e mt76: mt76x02: track approximate tx airtime for airtime fairness and survey
3429cc7 mt76: mt76x02: move MT_CH_TIME_CFG init to mt76x02_mac_cc_reset
de118bb mt76: unify channel survey update code
fdf0163 mt76: mt7603: switch to a different counter for survey busy time
ee31030 mt76: mt7603: track tx airtime for airtime fairness and survey
f34b1ae mt76: track rx airtime for airtime fairness and survey
a1d6891 mt76: store current channel survey_state in struct mt76_dev
b042987 mt76: rename mt76_driver_ops txwi_flags to drv_flags and include tx aligned4
2027763 mt76: report rx a-mpdu subframe status
1ddcadb mt76: mt7603: remove q_rx field from struct mt7603_dev
ea3ab68 mt76: mt7615: fix mt7615 firmware path definitions
081926a mt76: mt7603: collect aggregation stats
696c0fc mt76: mt7615: collect aggregation stats
23e8aed mt76: move aggr_stats array in mt76_dev
1118b5e mt76: mt7615: add queue entry in debugfs
fbc59e6 mt76: move queue debugfs entry to driver specific code
0b01ace mt76: mt76x02u: move mt76x02u_mac_start in mt76x02-usb module
c394887 mt76: mt76x0u: reset counter starting the device
0355b7a mt76: mt76x2: move mt76x02_mac_reset_counters in mt76x02_mac_start
f3792b5 mt76: mt76x02: move mac_reset_counter in mt76x02_lib module
63e8152 mt76: mt7615: enable SCS by default
b140512 mt76: mt76x0e: make array mt76x0_chan_map static const, makes object smaller
a20c20b mt76: usb: add lockdep_assert_held in __mt76u_vendor_request
0308d75 mt76: remove empty flag in mt76_txq_schedule_list
0efbc5d mt76: use cancel_delayed_work_sync in mt76_rx_aggr_shutdown
9c5df3c mt76: remove aggr_work field from struct mt76_wcid
8739f87 mt76: mt7615: fix control frame rx in monitor mode
e07407a mt7603: fix build with CONFIG_KERNEL_DYNAMIC_DEBUG=y
c7f8214 mt76: mt7615: add support to read temperature from mcu
6797378 mt76: mt7615: introduce mt7615_txwi_to_txp utility routine
496c78e mt76: mt76x0: remove unneeded return value on set channel
1d2acd5 mt76: mt76x0: remove redundant chandef copy
0167bfa mt76: make mt76_rx_convert static

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-01-03 17:52:35 +01:00
David Bauer
ad4b939bd0 rt2x00: add throughput LED trigger
This adds a (currently missing) throughput LED trigger for the rt2x00
driver. Previously, LED triggers had to be assigned to the netdev, which
was limited to a single VAP.

Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Christoph Krapp <achterin@googlemail.com>
(cherry picked from commit 985ec835ae)
2019-12-30 15:17:32 +01:00
Felix Fietkau
91dde4291c mac80211: fix build without CONFIG_PCI
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit fa37dbbc43)
2019-12-29 09:08:09 +01:00
Felix Fietkau
30301dfcf0 mac80211: add patch to include local BSS rx time in survey information
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 6a3739dc42)
2019-12-28 21:11:02 +01:00
Felix Fietkau
da7dde8993 mac80211: add pcie apsm backport changes
Required for newer versions of mt76

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit d64daf7026)
2019-12-28 20:40:58 +01:00
Hauke Mehrtens
36057763fa ath10k-firmware: Add kmod-ath10k-ct-smallbuffers to depends
Only select ath10k-ct-regular when smallbuffers version was not
selected.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 80f06cb601)
2019-12-24 01:04:14 +01:00
Paul Fertser
450b306e54 kernel: ath10k-ct: provide a build variant for small RAM devices
According to many bugreports [0][1][2] the default ath10k-ct kernel
module is unusable on devices with just 64 MiB RAM or with 128 MiB and
dual ath10k cards. The target boards boot but eventually oom-killer
starts to interfere with normal operation, so the current state is
effectively broken.

Since the two patches in question have a performance impact (and
possibly some other unexpected side-effects) a dedicated build variant
is added so that users of the low RAM devices can still benefit from all
the ath10k-ct advantages.

According to testing [3] results, the issue can be experienced even with
"a 256MB device with three radios". Measured performance impact of
implementing small buffers was lowering "the maximum 5 GHz throughput on
an IPQ40xx device without RPS/XPS optimizations from 494/432 Mbit/s for
TCP transfers (download/upload) to 438/343 Mbit/s"

The patches were apparently inspired by QSDK tweaks used by ODMs for the
affected devices.

[0] http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020573.html
[1] https://github.com/openwrt/openwrt/pull/1077
[2] https://bugs.openwrt.org/index.php?do=details&task_id=2664
[3] https://github.com/freifunk-gluon/gluon/pull/1440#issue-195607701

Signed-off-by: Paul Fertser <fercerpav@gmail.com>
[Remove double CONFIG_ATH10K-CT_LEDS entry]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1ac627024d)
2019-12-24 01:03:47 +01:00
Jo-Philipp Wich
e50d44d985 fstools: update to latest git HEAD
b4e25d5 libblkid-tiny: fix symbol collision with full libblkid

Fixes: FS#2691, FS#2692
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 5f4244150f)
2019-12-23 07:33:55 +01:00
Rafał Miłecki
6a151d6558 fstools: update to latest git HEAD
111a43f libblkid-tiny: vfat: Change parsing label in special cases
f43a1aa libblkid-tiny: vfat: Fix reading labels which starts with byte 0x05
157924d libblkid-tiny: add blkid_probe_set_id_label() stub
0c5761f libblkid-tiny: use separated buffer for each block device read
b82c5c1 libblkid-tiny: add functions for allocating & freeing probe struct
12851d6 blockd: don't flush devices list on "hotplug" call
5ea47fe blockd: fix vlist memory corruption

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4ebc9dc9c4)
2019-12-23 07:33:55 +01:00
Yousong Zhou
43c5927312 fstools: bump to version 2019-11-03
2f2a09a block: mount_device: err log only when mp deviates from spec
da4edc1 block: mount_device: skip extroot earlier
32c3126 block: mount_action: handle mount/umount deps
fb0700f block: support hierarchical mount/umount
1212b5b block: umount: skip / unless -a is given
eda8b3f block: use fsck.fat instead of dosfsck
d05276d libblkid-tiny: ntfs: fix use-after-free

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit e4af39d563)
2019-12-23 07:33:55 +01:00
Hauke Mehrtens
f7779d64ba fstools: update to latest Git HEAD
4327ed4 mkdev: Avoid out of bounds read
9b3eb63 libblkid-tiny: use blkid_probe_set_utf8label for label set
c9d0462 libblkid-tiny: adds blkid_probe_set_utf8label support

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 541a321070)
2019-12-23 07:33:55 +01:00
Yousong Zhou
ab7386bd67 libubox: bump to version 2019-10-29
It contains a single change to vlist.h header file: "vlist: add more
macros for loop iteration".  This is needed for newer version of fstools

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 51e7624776)
2019-12-23 07:23:05 +01:00
Roman Yeryomin
c34499a6e4 libubox: update to latest git HEAD
eb30a03 libubox, jshn: add option to write output to a file

Signed-off-by: Roman Yeryomin <roman@advem.lv>
(cherry picked from commit c0e7ec91a0)
2019-12-23 07:23:05 +01:00
Sungbo Eo
7203a58d7b kernel: remove LINUX_4_9 dependency of kmod-dax
This patch resolves recursive dependency warning on a feed package:

$ make defconfig
Collecting package info: done
tmp/.config-package.in:104721:error: recursive dependency detected!
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:104721:symbol PACKAGE_nfs-kernel-server depends on NFS_KERNEL_SERVER_V4
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
feeds/packages/net/nfs-kernel-server/Config.in:4:symbol NFS_KERNEL_SERVER_V4 depends on PACKAGE_nfs-kernel-server
#
# configuration written to .config
#

19.07 branch uses kernel 4.14 only, so CONFIG_LINUX_4_9 symbol is not
needed anyway.

Ref: https://github.com/openwrt/packages/issues/10490

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2019-12-23 00:32:12 +01:00
Sungbo Eo
4fba5dc103 kernel: fix *-gpio-custom module unloading
Unloading and reloading the modules fails, as platform_device_put() does not
release resources fully.

root@OpenWrt:/# insmod i2c-gpio-custom bus0=0,18,0,5
[  196.860620] Custom GPIO-based I2C driver version 0.1.1
[  196.871162] ------------[ cut here ]------------
[  196.880517] WARNING: CPU: 0 PID: 1365 at fs/sysfs/dir.c:31 0x80112158
[  196.893431] sysfs: cannot create duplicate filename '/devices/platform/i2c-gpio.0'
...
[  197.513200] kobject_add_internal failed for i2c-gpio.0 with -EEXIST, don't try to register things with the same name in the same directory.

This patch fixes it by replacing platform_device_put() to
platform_device_unregister().

Fixes: da77408537 ("i2c-gpio-custom: minor bugfix")
Fixes: 3bc81edc70 ("package: fix w1-gpio-custom package (closes #6770)")

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit a22b7a60d9)
2019-12-23 00:31:55 +01:00
Bjørn Mork
6351205d73 adb: fix for SuperSpeed devices
The USB descriptor parsing in adb fails to detect SuperSpeed devices
because of the SuperSpeed Endpoint Companion Descriptor.  This
cherry-picks the upstream fix for the problem.

Unfortunately there never were a release with this fix before the
conversion to C++, so upgrading to a newer version isn't an option.

This makes adb work with SuperSpeed devices like the Sierra Wireless
EM7565.  Tested and verified.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
(cherry picked from commit d034a1f457)
2019-12-23 00:31:29 +01:00
Jo-Philipp Wich
18107f4481 uhttpd: reset PKG_RELEASE
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 97af1fc979)
2019-12-22 23:04:37 +01:00
Jo-Philipp Wich
414ea30927 uhttpd: update to latest Git HEAD
5f9ae57 client: fix invalid data access through invalid content-length values

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f34f9a414d)
2019-12-22 22:51:08 +01:00
Rafał Miłecki
2c16044ccf mac80211: brcm: add support for BCM4359 SDIO chipset
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 17e2246eca)
2019-12-19 12:16:37 +01:00
Rafał Miłecki
c0f2905fa9 mac80211: brcm: backport 5.5 and 5.6 kernel patches
This update doesn't include:
3b1e0a7bdfee brcmfmac: add support for SAE authentication offload
be898fed355e brcmfmac: send port authorized event for FT-802.1X
due to nl80211 dependencies.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c3aa33bf70)
2019-12-19 10:31:36 +01:00
Hans Dedecker
1f1867dd9b odhcpd: optimize syslog priority values
e53fec8 treewide: optimize syslog priority values

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-12-16 21:17:23 +01:00
Koen Vandeputte
0bb4733e67 ath10k-firmware: update Candela Tech firmware images
The release notes since last time for wave-1:

  *  November 29, 2019:  Fix IBSS merge issue, related to TSF id leakage bug in firmware code.
                         Thanks for Ahmed Zaki @ Mage-Networks for helping to diagnose and test.

The release notes since last time for wave-2:

  *  December 6, 2019:  Fix 160Mhz problem caused by logic that did not take into account the fact that
                        160Mhz has only 1/2 of the NSS of lower bandwidths in the rate table.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 30109782df3c74becd60dd13216346e1ea2fcc96)
2019-12-10 09:53:30 +01:00
Santiago Piccinini
d2d12346e8 mac80211: unify setup of iw htmode for mesh and adhoc
This also fixes mac80211_prepare_vif iw set channel in monitor or
mesh mode.

Signed-off-by: Santiago Piccinini <spiccinini@altermundi.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: fixed commit message]
(cherry picked from commit c7fb12beb1)
2019-11-30 20:20:54 +01:00
Daniel Golle
06bf1a9b67 ucert: update to latest git HEAD
e4bd927 cast ucert_argv to proper type when passing to execv

Fixes warnings:

warning: passing argument 2 of 'execv' from incompatible pointer type
[-Wincompatible-pointer-types]
  254 |       execv(usign_argv[0], usign_argv)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9c272dd3e4)
2019-11-30 20:20:54 +01:00
Hauke Mehrtens
d74526c1c5 OpenWrt v19.07.0-rc2: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-30 19:40:51 +01:00
Hauke Mehrtens
628e996928 OpenWrt v19.07.0-rc2: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-30 19:40:45 +01:00
Satadru Pramanik
cde70954ef busybox: add glibc dependency for vi regex option
Build with musl libc fails with BUSYBOX_DEFAULT_FEATURE_VI_REGEX_SEARCH
enabled. Enabling BusyBox's vi regex search option depends upon GNU
regex.  Musl libc does not support GNU regex[1].

So this patch adds explicit dependency on GNU libc and while at it
remove the FIXME comment.

1. https://wiki.musl-libc.org/functional-differences-from-glibc.html

Ref: https://dev.archive.openwrt.org/ticket/21741.html
Ref: https://forum.openwrt.org/t/busybox-not-compiling/
Ref: https://github.com/openwrt/packages/issues/4453
Signed-off-by: Satadru Pramanik <satadru@umich.edu>
[commit subject/description tweaks, From: fix, USE_GLIBC fix, removed comments]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f1410902e6)
2019-11-30 00:58:44 +01:00
Hauke Mehrtens
a4d798e8dd usign: Activate LTO compile option
This decreases the size of the usign application by 16% on MIPS BE.

old:
24,597 /usr/bin/usign

new:
20,501 /usr/bin/usign

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6ffd8a8f92)
2019-11-30 00:18:50 +01:00
Hauke Mehrtens
1fc05c3115 swconfig: Activate LTO compile option
This decreases the size of the swconfig application by 25% on MIPS BE.

old:
16,916 /sbin/swconfig

new:
12,565 /sbin/swconfig

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e926681387)
2019-11-30 00:18:45 +01:00
Hauke Mehrtens
5cb845ebfe mtd: Activate LTO compile option
This decreases the size of the mtd application by 25% on MIPS BE.

old:
20,597 /sbin/mtd

new:
16,421 /sbin/mtd

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1eb34b7287)
2019-11-30 00:18:40 +01:00
Piotr Dymacz
1859391e9e uboot-envtools: ath79: add support for YunCore XD4200 and A782
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit 5d2a900163)
2019-11-26 18:17:46 +01:00
Sungbo Eo
a2d9de21b8 base-files: config_generate: split macaddr with multiple ifaces
netifd does not handle network.@device[x].name properly if it
contains multiple ifaces separated by spaces. Due to this, board.d
lan_mac setup does not work if multiple ifaces are set to LAN by
ucidef_set_interface_lan.

To fix this, create a device node for each member iface when
running config_generate instead. Those are named based on the
member ifname:

  ucidef_set_interface_lan "eth0 eth1.1"
  ucidef_set_interface_macaddr "lan" "yy:yy:yy:yy:yy:01"

will return

  config device 'lan_eth0_dev'
        option name 'eth0'
        option macaddr 'yy:yy:yy:yy:yy:01'

  config device 'lan_eth1_1_dev'
        option name 'eth1.1'
        option macaddr 'yy:yy:yy:yy:yy:01'

ref: https://github.com/openwrt/openwrt/pull/2542

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[always use new scheme, extend description, change commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 298814e6be)
2019-11-26 17:01:12 +01:00
Piotr Dymacz
a0897f8a46 uboot-envtools: ramips: add support for ALFA Network Quad-E4G
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit 10bcf1eb40)
2019-11-24 21:47:27 +01:00
Piotr Dymacz
939dfe61ed uboot-envtools: ramips: add support for ALFA Network R36M-E4G
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit 3cfea3a321)
2019-11-24 21:45:33 +01:00
Sebastian Kemper
b177b180bb mac80211: add default value for noscan
Commit b3d8b3a introduced a new test:

[ -n "$noscan" -a "$noscan" -gt 0 ] && hostapd_noscan=1

But if length of "$noscan" is zero (noscan is not set) this doesn't stop
the shell to evaluate the rest of the test.

root@hank2:~# [ -n "$noscan" -a "$noscan" -gt 0 ]
ash: out of range
root@hank2:~#

So when radios are brought up this shows in the log:

Sat Nov 23 10:51:38 2019 daemon.info procd: - init complete -
Sat Nov 23 10:52:24 2019 daemon.notice netifd: radio1 (1243): sh: out of range
Sat Nov 23 10:52:25 2019 user.notice firewall: Reloading firewall due to ifup of wan (eth0.2)
Sat Nov 23 10:52:25 2019 daemon.notice netifd: radio0 (1242): sh: out of range
Sat Nov 23 10:52:26 2019 authpriv.info dropbear[1536]: Not backgrounding

This commit sets noscan to 0 if unset and removes the gratuitous length
check, preventing the warning.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit 28d84331f4)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-23 11:30:34 +01:00
Hauke Mehrtens
e68d589e7b e2fsprogs: Fix CVE-2019-5094 in libsupport
This adds the following patch from debian:
https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=debian/stable&id=09fe1fd2a1f9efc3091b4fc61f1876d0785956a8
libsupport: add checks to prevent buffer overrun bugs in quota code

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 0062aad8ec)
2019-11-22 22:54:28 +01:00
David Bauer
6160f773fe
ipq40xx: add support for AVM FRITZ!Repeater 1200
Hardware
--------
SoC:   Qualcomm IPQ4019
RAM:   256M DDR3
FLASH: 128M NAND
WiFi:  2T2R IPQ4019 bgn
       2T2R IPQ4019 a/n/ac
ETH:   Atheros AR8033 RGMII PHY
BTN:   1x Connect (WPS)
LED:   Power (green/red/yellow)

Installation
------------

1. Grab the uboot for the Device from the 'u-boot-fritz1200'
   subdirectory. Place it in the same directory as the 'eva_ramboot.py'
   script. It is located in the 'scripts/flashing' subdirectory of the
   OpenWRT tree.

2. Assign yourself the IP address 192.168.178.10/24. Connect your
   Computer to one of the boxes LAN ports.

3. Connect Power to the Box. As soon as the LAN port of your computer
   shows link, load the U-Boot to the box using following command.

   > ./eva_ramboot.py --offset 0x85000000 192.168.178.1 uboot-fritz1200.bin

4. The U-Boot will now start. Now assign yourself the IP address
   192.168.1.70/24. Copy the OpenWRT initramfs (!) image to a TFTP
   server root directory and rename it to 'FRITZ1200.bin'.

5. The Box will now boot OpenWRT from RAM. This can take up to two
   minutes.

6. Copy the U-Boot and the OpenWRT sysupgrade (!) image to the Box using
   scp. SSH into the Box and first write the Bootloader to both previous
   kernel partitions.

   > mtd write /path/to/uboot-fritz1200.bin uboot0
   > mtd write /path/to/uboot-fritz1200.bin uboot1

7. Remove the AVM filesystem partitions to make room for our kernel +
   rootfs + overlayfs.

   > ubirmvol /dev/ubi0 --name=avm_filesys_0
   > ubirmvol /dev/ubi0 --name=avm_filesys_1

8. Flash OpenWRT peristently using sysupgrade.

   > sysupgrade -n /path/to/openwrt-sysupgrade.bin

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 7f187229a8)
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2019-11-22 22:32:58 +01:00
David Bauer
63b1e8f8d2
ipq-wifi: add AVM FRITZ!Repeater 1200 bdf
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit c0f4078164)
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2019-11-22 22:32:53 +01:00
David Bauer
496489ea95
uboot-fritz4040: update to latest HEAD
f92be9d add support for AVM FRITZ!Repeater 1200
d651302 enable support for Atheros AR8033 PHY
e4c857c add machtype override hack

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 36f43b61a7)
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2019-11-22 22:32:48 +01:00
Hauke Mehrtens
e30ca0d90a mac80211: update to version 4.19.85
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-11-22 20:33:19 +01:00
Jo-Philipp Wich
b0adf79c9e firewall: update to latest Git HEAD
8174814 utils: persist effective extra_src and extra_dest options in state file
72a486f zones: fix emitting match rules for zones with only "extra" options

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 482114d3f7)
2019-11-22 18:59:39 +01:00
Hans Dedecker
b416195927 firewall: update to latest git HEAD
daed0cf utils: fix resource leak

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 27bf8abe69)
2019-11-22 18:59:35 +01:00
Petr Štetiar
538ca42dda wireless-regdb: fix build when python2 from package feeds exists
wireless-regdb fails to build if there is python2 installed from package
feeds, as staging_dir/hostpkg/bin/python is python2 and
staging_dir/hostpkg/bin takes precedence over staging_dir/host/bin
(proper place with python -> python3 symlink) which leads to the build
failure of wireless-regdb, so this patch makes it explicit which python
should be used.

Reported-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Russell Senior <russell@personaltelco.net>
Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b6bae4a2c9)
2019-11-22 01:10:48 +01:00
Kevin Darbyshire-Bryant
2751c5c752 wireless-regdb: fix patch fuzz
Refresh patches to tidy up some fuzz warnings

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 12840674d0)
2019-11-22 01:10:48 +01:00
John Crispin
d6ecadb05c wireless-regdb: fix Makefile indentation
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 8562e77953)
2019-11-22 01:10:48 +01:00
Petr Štetiar
0a4071b550 wireless-regdb: set PKGARCH:=all
As it's an architecture-independent binary file.

Ref: https://github.com/openwrt/openwrt/pull/1521#issuecomment-514687053
Suggested-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 57d1c05ec9)
2019-11-22 01:10:48 +01:00
Petr Štetiar
e8d528af7e wireless-regdb: prefer python provided by make variable
Usage of predefined make variables is preferred.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d3853d17a3)
2019-11-22 01:10:48 +01:00
Hauke Mehrtens
53d8de0207 wireless-regdb: Make it build with python2
This backports a patch to build it work with python2 in addition to
python3.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d3a8a62692)
2019-11-22 01:10:32 +01:00
Zachary Riedlshah
f2ef9b4fea wireless-regdb: update to 2019.06.03
Fixes build issues on a python3 host (issues with the print statement
formatting in the current build).

Includes 100-regdb-write-firmware-file-format-version-code-20.patch and
other fixes.

Closes bugs.openwrt.org/index.php?do=details&task_id=1605.

Uses the tarball as requested.

Signed-off-by: Zachary Riedlshah <git@zacharyrs.me>
(cherry picked from commit ef3f868da0)
2019-11-22 01:08:28 +01:00
Koen Vandeputte
75d11f665c mac80211: backport upstream fixes
This potentially fixes some issues seen on IBSS
when interfaces go out of range and then re-appear.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-11-19 15:02:22 +01:00
Hauke Mehrtens
17d8e47d35 mac80211: Adapt to changes to skb_get_hash_perturb()
The skb_get_hash_perturb() function now takes a siphash_key_t instead of
an u32. This was changed in commit 55667441c84f ("net/flow_dissector:
switch to siphash"). Use the correct type in the fq header file
depending on the kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit eaa047179a)
2019-11-18 21:37:40 +01:00
Rafał Miłecki
67957cd807 mac80211: brcmfmac: fix PCIe reset crash and WARNING
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit cde8c2f2fb)
2019-11-18 15:13:15 +01:00
Sungbo Eo
2117f632e3 kernel: fix typo in fb-sys-fops autoload
AutoLoad parameter must match the exact kernel module name. Fix it.

Fixes: 125f1ce9ad ("kernel: video: add DRM core and IMX DRM support for HDMI/LVDS")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 6990510aca)
2019-11-14 23:00:00 +01:00
Kyle Copperfield
a6e7f68c7f hostapd: add IEEE 802.11k support
Enables radio resource management to be reported by hostapd to clients.

Ref: https://github.com/lede-project/source/pull/1430
Co-developed-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
[removed the DMARC crap]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 87f9292300)
2019-11-14 20:59:58 +01:00
Hauke Mehrtens
f6111dbeed hostapd: Add mesh support for wpad full
This increases the size of the binary slightly:

old:
427722 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
431696 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk

new:
442109 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
445997 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 49cc712b44)
2019-11-14 20:59:58 +01:00
Hauke Mehrtens
0e85b638f7 hostapd: use getrandom syscall
hostapd will not use the getrandom() syscall and as a fallback use
/dev/random, the syscall is supported since Linux 3.17 and in the musl,
glibc and uclibc version used by OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 998686364d)
2019-11-14 20:59:58 +01:00
Hauke Mehrtens
81908622a9 hostapd: Remove unneeded patch
All the content of this function is proceeded by IEEE8021X_EAPOL no code
accesses the ssid variable outside of this ifdef.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 0d86bf518a)
2019-11-14 20:59:58 +01:00
Hauke Mehrtens
90a0daf4fe hostapd: use config option CONFIG_NO_LINUX_PACKET_SOCKET_WAR
Instead of patching the workaround away, just use the config option.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 9b4a27455c)
2019-11-14 20:59:58 +01:00
Hauke Mehrtens
5e8d1b52da hostapd: Update to version 2.9 (2019-08-08)
The size of the ipkgs increase a bit (between 0.7% and 1.1%):

old 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk

new 2019-08-08 (2.9):
290217 wpad-basic_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
258745 wpad-mini_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
431732 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
427641 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 167028b750)
2019-11-14 20:59:58 +01:00
Hauke Mehrtens
80b58a9db6 hostapd: Update to version 2.8 (2019-04-21)
This also syncs the configuration files with the default configuration
files, but no extra options are activated or deactivated.

The mesh patches were partially merged into hostapd 2.8, the remaining
patches were extracted from patchwork and are now applied by OpenWrt.
The patches still have open questions which are not fixed by the author.
They were taken from this page:
https://patchwork.ozlabs.org/project/hostap/list/?series=62725&state=*

The changes in 007-mesh-apply-channel-attributes-before-running-Mesh.patch
where first applied to hostapd, but later reverted in hostapd commit
3e949655ccc5 because they caused memory leaks.

The size of the ipkgs increase a bit (between 1.3% and 2.3%):

old 2018-12-02 (2.7):
283337 wpad-basic_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
252857 wpad-mini_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
417473 wpad-openssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
415105 wpad-wolfssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk

new 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit 8af79550e6)
2019-11-14 20:59:58 +01:00
Jo-Philipp Wich
e1854815aa hostapd: mirror ieee80211w ap mode defaults in station mode
For AP mode, OpenWrt automatically sets ieee80211w to either 1 or 2, depending
on whether the encryption is set to sae-mixed, or sae/owe/eap suite-b.

Mirror the same defaults for client mode connections, in order to allow an
OpenWrt station to associate to an OpenWrt ap with SAE, OWE or Suite-B encryption
without the need to manually specify "option ieee80211w" on the station.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit abb4f4075e)
2019-11-14 20:59:58 +01:00
Jo-Philipp Wich
3e9b3d0ba9 hostapd: fix OWE settings in client mode
This changes fixes the generation of the wpa_supplicant client configuration
in WPA3 OWE client mode. Instead of incorrectly emitting key_mgmt=NONE, use
the proper key_mgmt=OWE setting instead.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 4209b28d23)
2019-11-14 20:59:58 +01:00
Leon M. George
eba68342f9 hostapd: declare struct wpa_bss early
wps_supplicant.h assumes that 'struct wpa_bss' is forward declared if
CONFIG_WPS is not defined.  With the later inclusion of
600-ubus_support, the issue manifests in warnings like these:

wps_supplicant.h:113:15: warning: 'struct wpa_bss' declared inside parameter list will not be visible outside of this definition or declaration
        struct wpa_bss *bss)
               ^~~~~~~

This patch forward declares 'struct wpa_bss' regardless.

Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f974f8213b)
2019-11-14 20:59:58 +01:00
Leon M. George
0fcf02d0a5 hostapd: revert signature change in patch
The original wpa_hexdump uses a 'void *' for the payload.  With patch
410-limit_debug_messages, the signature changes and compiler warnings
occur at various places.  One such warning is:

 wpa_debug.h:106:20: note: expected 'const u8 * {aka const unsigned char *}' but argument is of type 'struct wpa_eapol_key *'

Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit a123df2758)
2019-11-14 20:59:58 +01:00
Eneas U de Queiroz
047329273b hostapd: adjust removed wolfssl options
This edjusts the selection of recently removed wolfssl options which
have always been built into the library even in their abscence.
Also remove the selection of libwolfssl itself, allowing the library to
be built as a module.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 94d131332b)
2019-11-14 20:59:58 +01:00
Russell Senior
d5f509861e base-files: add /usr/share/libubox/jshn.sh to sysupgrade stage2
Discovered recent changes had broken sysupgrade for ar71xx mikrotik
rb-493g, traced the problem to missing /usr/share/libubox/jshn.sh after
switching to tmpfs.

Signed-off-by: Russell Senior <russell@personaltelco.net>
2019-11-14 14:09:07 +01:00
Michal Cieslakiewicz
d1fbaa3fbc ath79: update uboot-envtools for Netgear WNR routers
Boards added: WNR1000v2, WNR2000v3, WNR612v2, WNDR3700.

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
(cherry picked from commit d47b687006)
[removed WNR1000v2/WNR2000v3 since not supported in 19.07]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-11-12 16:23:45 +01:00
Michal Cieslakiewicz
c9e5979dbe ar71xx: update uboot-envtools for Netgear WNR routers
Boards added: WNR1000v2, WNR2000v3, WNR2200, WNR612v2, WNDR4300.
Boards changed: WNDR3700 (u-boot env size is 2 sectors not 1).

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
(cherry picked from commit 1105290049)
2019-11-12 16:15:52 +01:00
Zoltan HERPAI
5e1864da33 firmware: intel-microcode: bump to 20190918
* New upstream microcode datafile 20190918

      *Might* contain mitigations for INTEL-SA-00247 (RAMBleed), given
      the set of processors being updated.
  * Updated Microcodes:
      sig 0x000306d4, pf_mask 0xc0, 2019-06-13, rev 0x002e, size 19456
      sig 0x000306f4, pf_mask 0x80, 2019-06-17, rev 0x0016, size 18432
      sig 0x00040671, pf_mask 0x22, 2019-06-13, rev 0x0021, size 14336
      sig 0x000406f1, pf_mask 0xef, 2019-06-18, rev 0xb000038, size 30720
      sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
      sig 0x00050657, pf_mask 0xbf, 2019-08-12, rev 0x500002b, size 51200
      sig 0x00050662, pf_mask 0x10, 2019-06-17, rev 0x001c, size 32768
      sig 0x00050663, pf_mask 0x10, 2019-06-17, rev 0x7000019, size 24576
      sig 0x00050664, pf_mask 0x10, 2019-06-17, rev 0xf000017, size 24576
      sig 0x00050665, pf_mask 0x10, 2019-06-17, rev 0xe00000f, size 19456

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2019-11-11 10:09:39 +01:00
Zoltan HERPAI
8cd24d3256 firmware: intel-microcode: bump to 20190618
* Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
    CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
  * Updated Microcodes:
    sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432
    sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2019-11-11 10:09:35 +01:00
Zoltan HERPAI
a6b30f962c firmware: intel-microcode: bump to 20190514
* New Microcodes:
    sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224
    sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224
    sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224
    sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632
    sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608
    sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104
    sig 0x000806e9, pf_mask 0x10, 2018-10-18, rev 0x009e, size 98304
    sig 0x000806eb, pf_mask 0xd0, 2018-10-25, rev 0x00a4, size 99328
    sig 0x000806ec, pf_mask 0x94, 2019-02-12, rev 0x00b2, size 98304
    sig 0x000906ec, pf_mask 0x22, 2018-09-29, rev 0x00a2, size 98304
    sig 0x000906ed, pf_mask 0x22, 2019-02-04, rev 0x00b0, size 97280

  * Updated Microcodes:
    sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288
    sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336
    sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552
    sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456
    sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384
    sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408
    sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816
    sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432
    sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504
    sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600
    sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336
    sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352
    sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720
    sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768
    sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768
    sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576
    sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552
    sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456
    sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408
    sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360
    sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352
    sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264
    sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728
    sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304
    sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304
    sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280
    sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304
    sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
    sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280
  * Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
    CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2019-11-11 10:09:28 +01:00
Jo-Philipp Wich
42aa51a898 rpcd: update to latest Git HEAD
77ad0de plugin: avoid truncating numeric values

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit aa89bdcd04)
2019-11-10 21:36:48 +01:00
Eneas U de Queiroz
6cabbe9646 wolfssl: update to v4.2.0-stable
Many bugs were fixed--2 patches removed here.

This release of wolfSSL includes fixes for 5 security vulnerabilities,
including two CVEs with high/critical base scores:

- potential invalid read with TLS 1.3 PSK, including session tickets
- potential hang with ocspstaping2 (always enabled in openwrt)
- CVE-2019-15651: 1-byte overread when decoding certificate extensions
- CVE-2019-16748: 1-byte overread when checking certificate signatures
- DSA attack to recover DSA private keys

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit f4853f7cca)
2019-11-10 16:23:08 +01:00
Eneas U de Queiroz
9be3501dc3 wolfssl: allow building with hw-crytpo and AES-CCM
Hardware acceleration was disabled when AES-CCM was selected as a
workaround for a build failure.  This applies a couple of upstream
patches fixing this.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit ab19627ecc)
2019-11-10 16:23:08 +01:00
Jo-Philipp Wich
58db9bee0f ustream-ssl: update to latest Git HEAD
c9b6668 ustream-ssl: skip writing pending data if .eof is true after connect

Fixes: CVE-2019-5101, CVE-2019-5102
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 6f9157e6bd)
2019-11-10 16:23:07 +01:00
Hauke Mehrtens
2a09f43ae6 ustream-ssl: Update to latest git HEAD
465f8dc wolfssl: adjust to new API in v4.2.0
3b06c65 Update example certificate & key, fix typo
1c38fd8 wolfssl: enable CN validation
33308ee ustream-io-cyassl.c: fix client-mode connections
79d91aa Remove CyaSSL, WolfSSL < 3.10.4 support

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 57ff06405e)
2019-11-10 16:23:03 +01:00
Hauke Mehrtens
d3e11e8ad8 mac80211: Fix dependencies of kmod-rsi91x-usb
Instead of depending on kmod-usb2 make it depend on the normal USB
dependencies. This should hopefully fix some problems seen in the build
bot builds for powerpc_8540.

In addition also activate DRIVER_11N_SUPPORT support.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3ff3b044c0)
2019-11-09 20:42:11 +01:00
Hauke Mehrtens
69dcd89dcd strace: Fix build on PowerPC
This patch breaks building on PowerPC, like the mpc85xx_generic
target for me.

Fixes: FS#2585
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b01305c8d2)
2019-11-09 20:42:04 +01:00
Hauke Mehrtens
0803b62fc6 uboot-envtools: Add TARGET_LDFLAGS to fix PIE and RELRO
Forward the OpenWrt TARGET_LDFLAGS to the linker of the fw_printenv tool.
In addition also use the more standard make invocation script.
With this change the fw_printenv tool is built with PIE and Full RELRO
support when activated globally in OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
(cherry picked from commit b7b2be0b26)
2019-11-09 20:42:04 +01:00
Rosen Penev
963cee15e8 xfsprogs: Fix compilation with newer musl
Backported upstream patch.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 39035df71c)
2019-11-09 20:42:04 +01:00
Hans Dedecker
569bec190c curl: bump to 7.66.0
Refresh patches, for changes in version 7.66.0 see https://curl.haxx.se/changes.html#7_66_0

Fixes CVEs:
    CVE-2019-5481
    CVE-2019-5482

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 71cf4a272c)
2019-11-07 19:42:42 +01:00
David Bauer
2b4d9b6850 mac80211 ath9k: force QCA953x clock to 25MHz
The QCA953x only supports 25 MHz refclk, however some OEMs set an
invalid bootstrap value for the REF_CLK option, which would break the
clock detection in ath9k.

Force the QCA953x refclk to 25MHz in ath9k, as this is (according to the
datasheet) the only valid frequency.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 4c6fe32468)
2019-11-06 16:13:57 +01:00
Jo-Philipp Wich
112df2ac56 OpenWrt v19.07.0-rc1: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-06 09:08:44 +01:00
Jo-Philipp Wich
88bff692a5 OpenWrt v19.07.0-rc1: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-06 09:08:44 +01:00
Koen Vandeputte
d7ea380363 ath10k-firmware: update Candela Tech firmware images
The release notes since last time for wave-1:

  *  October 5,  2019:  Fix too-short msg caused by invalid use of PayloadLen in receive path.
                        This appears to resolve the issue of getting (and ignoring) too-short commands
                        when we detect loss of CE interrupts and go into polling mode.

  *  October 12, 2019:  Fix regression in IBSS mode that caused SWBA overrun issues.  Related to
                        regression added during the ct-station logic, specifically TSF allocation.
                        Thanks for Ahmed Zaki @ Mage-Networks for helping to diagnose and test.

  *  October 15, 2019:  Only send beacon tx completion events if we can detect CT driver is being
                        used (based on CT_STATS_OK flag being set).  This should help CT firmware work
                        better on stock driver.

The release notes since last time for wave-2:

  *  October 15, 2019:  Only send beacon tx completion events if we can detect CT driver is being
                        used (based on ATH10k_USE_TXCOMPL_TXRATE2 | ATH10k_USE_TXCOMPL_TXRATE1 flags being set).
                        This should help CT firmware work better on stock driver.

  *  October 31, 2019:  Compile out peer-ratecode-list-event.  ath10k driver ignores the event.

  *  November 1, 2019:  Fix rate-ctrl related crash when nss and other things were changed while
                        station stays associated.  See bug: https://github.com/greearb/ath10k-ct/issues/96

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit e716e93a2f7290086f49992c9980773c88100c3a)
2019-11-05 15:44:12 +01:00
Jo-Philipp Wich
c5d5cdb759 ustream-ssl: backport fix for CVE-2019-5101, CVE-2019-5102
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-05 15:09:47 +01:00
Daniel Golle
439ac8104b mac80211: rt2x00: backport upstream patches
Import patches from upstream to sync 19.07 with master:
 9f3e3323e996 rt2x00: allow to specify watchdog interval
 2034afe4db4a rt2800: add helpers for reading dma done index
 759c5b599cf4 rt2800: initial watchdog implementation
 09db3b000619 rt2800: add pre_reset_hw callback
 710e6cc1595e rt2800: do not nullify initialization vector data
 e403fa31ed71 rt2x00: add restart hw
 0f47aeeada2a rt2800: do not enable watchdog by default
 41a531ffa4c5 rt2x00usb: fix rx queue hang
 3b902fa811cf rt2x00usb: remove unnecessary rx flag checks
 1dc244064c47 rt2x00: no need to check return value of debugfs_create functions
 706f0182b1ad rt2800usb: Add new rt2800usb device PLANEX GW-USMicroN
 95844124385e rt2x00: clear IV's on start to fix AP mode regression
 567a9b766b47 rt2x00: do not set IEEE80211_TX_STAT_AMPDU_NO_BACK on tx status
 14d5e14c8a6c rt2x00: clear up IV's on key removal
 13fa451568ab Revert "rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band"
 --pending--  rt2800: remove errornous duplicate condition

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-05 10:54:05 +01:00
David Bauer
bee28adf6e hostapd: enable PMKSA and OK caching for WPA3-Personal
This enables PMKSA and opportunistic key caching by default for
WPA2/WPA3-Personal, WPA3-Personal and OWE auth types.
Otherwise, Apple devices won't connect to the WPA3 network.

This should not degrade security, as there's no external authentication
provider.

Tested with OCEDO Koala and iPhone 7 (iOS 13.1).

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 3034f8c3b8)
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-11-05 08:54:39 +01:00
Yousong Zhou
22c443c20c uboot-fritz4040: build with ipq40xx "generic" subtarget
Fixes: 853e4dd3 ("ipqx0xx: add Generic subtarget")
Ref: https://forum.openwrt.org/t/ipq40xx-snapshot-not-updated-since-22nd-august/44126
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 40e3f660c1)
2019-11-03 22:26:07 +01:00
Daniel Engberg
f051a967b8 libevent2: Update to 2.1.11
Update libevent to 2.1.11
Use CMake instead GNU Autotools
Backport following commits:
f05ba67193
..and partially
7201062f3e
to fix compilation

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit f351beedfd)
(resolves FS#2435)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-11-01 14:22:37 +00:00
Jo-Philipp Wich
466d499d03 rpcd: update to latest Git HEAD
d442d62 plugin: fix double free in finish callback
ee26d83 main: exec_self: make clang analyzer happy
90e40bd file: exec: properly free memory on error
9ecfada uci: free configs list memory on return
32fba36 exec: always call finish_cb to allow plugin to free up memory
ca3e2d5 plugin: do not free method name separately
02c6e1d exec: properly free memory on rpc_exec() error
cc50263 plugin: exec: properly free memory on parse error
bd0ed25 uci: reset uci_ptr flags when merging set operations
37aa919 plugin: fix leaking invoked method name for exec plugins

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c2675bb0ce)
2019-11-01 13:27:50 +01:00
Yousong Zhou
2436e521b4 kernel: mark kmod-usb-serial-wwan as hidden
The kconfig symbol is an invisible one since its introduction.  It is
not supposed to be enabled on its own.

Resolves FS#1821

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 4bf9bec361)
2019-10-30 12:46:44 +00:00
Felix Fietkau
c51a39d4a5 mac80211: add an improved moving average algorithm to minstrel
Improves rate control responsiveness and performance

Signed-off-by: Felix Fietkau <nbd@nbd.name>
[reworked to apply on 4.19.79 mac80211 + renumbered + refreshed]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-30 11:17:40 +01:00
David Bauer
0e7113e6ec ath10k-firmware: update wave 1 firmware to 10.2.4-1.0-00047
This fixes frequent crashes observed on a UniFi AC Mesh using OpenWrt
master and 19.07. 18.06 seems not affected from our testing.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 641a93f0f2)
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-27 18:13:33 +01:00
David Bauer
98da3c8cdb ath10k-firmware: retrieve wave 1 firmware from kvalo
This commit changes the source of the Wave 1 ath10k-firmware
from linux-firmware to Kall Valos ath10k-firmware repository.

This is necessary as the firmware selected in linux-firmware produces
frequent crashes in some circumstances.

This patch can be removed as soon as linux-firmware carries
10.2.4-1.0-00047 firmware.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit a3914783a3)
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-27 18:13:33 +01:00
Eneas U de Queiroz
cd1136e550 openssl: Add engine configuration to openssl.cnf
This adds engine configuration sections to openssl.cnf, with a commented
list of engines.  To enable an engine, all you have to do is uncomment
the engine line.

It also adds some useful comments to the devcrypto engine configuration
section.  Other engines currently don't have configuration commands.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit cebf024c4d)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-10-20 15:16:30 +02:00
DENG Qingfang
e5ab602c69 tcpdump: update to 4.9.3
Fixed CVEs:
	CVE-2017-16808
	CVE-2018-10103
	CVE-2018-10105
	CVE-2018-14461
	CVE-2018-14462
	CVE-2018-14463
	CVE-2018-14464
	CVE-2018-14465
	CVE-2018-14466
	CVE-2018-14467
	CVE-2018-14468
	CVE-2018-14469
	CVE-2018-14470
	CVE-2018-14879
	CVE-2018-14880
	CVE-2018-14881
	CVE-2018-14882
	CVE-2018-16227
	CVE-2018-16228
	CVE-2018-16229
	CVE-2018-16230
	CVE-2018-16300
	CVE-2018-16301
	CVE-2018-16451
	CVE-2018-16452
	CVE-2019-15166
	CVE-2019-15167

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit 394273c066)
2019-10-19 14:30:05 +02:00
DENG Qingfang
8e78bbb7bb libpcap: update to 1.9.1
Fixed CVEs:
	CVE-2018-16301
	CVE-2019-15161
	CVE-2019-15162
	CVE-2019-15163
	CVE-2019-15164
	CVE-2019-15165

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit 44f11353de)
2019-10-19 14:30:05 +02:00
Sungbo Eo
0f3c06b0a5 kernel: fix typos in video KernelPackage description
Fixes: 4b3d17b709 ("kernel: add kmod-fb-sys-ram")
Fixes: b774acb479 ("package/modules: add missing gspca video drivers for 2.6.32 (patch from #6595)")

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 9f73fad359)
2019-10-19 14:30:05 +02:00
Rosen Penev
5ad47b1ed8 uClibc++: Fix three bugs
The first allows usage of several functions in the std namespace, which
broke compilation of gddrescue specifically with uClibc-ng and uClibc++.

The second allows usage of long long with normal C++11, which is part of
the standard. Before, std=gnu++11 needed to be passsed to work around it.

As a result of the second patch, the pedantic patch can safely be removed.

Both patches are upstream backports.

Added -std=c++11 to CFLAGS to guarentee proper inclusion of long long.

Added another patch that fixes a typo with the long long support. Sent to
upstream.

Fixed up license information according to SPDX.

Small cleanups for consistency.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 6ab386c9bc)
2019-10-19 14:30:00 +02:00
Eneas U de Queiroz
82a3beac9d hostapd: adjust to removal of WOLFSSL_HAS_AES_GCM
WolfSSL is always built with AES-GCM support now.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit ee5a3f6d60)
2019-10-19 14:29:44 +02:00
Ali MJ Al-Nasrawy
b17c95bbdc trelay: fix deadlock on remove
Upon writing to "remove" file, debugfs_remove_recursive() blocks while
holding rtnl_lock. This is because debugfs' file_ops callbacks are
executed in debugfs_use_file_*() context which prevents file removal.

Fix this by only flagging the device for removal and then do the cleanup
in file_ops.release callback which is executed out of that context.

Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
(cherry picked from commit c2635b871d)
2019-10-19 14:29:44 +02:00
Ali MJ Al-Nasrawy
9784a470bb trelay: handle netdevice events correctly
Since v3.11, netdevice notification data are of type
"struct netdev_notifier_info". Handle it as such!

This should fix a critical bug in which devices are unable get released
because trelay does not release resources in response to UNREGISTER
event spamming the log with something like:

unregister_netdevice: waiting for eth0.1 to become free. Usage count = 1

Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
(cherry picked from commit 77cfc0739d)
2019-10-19 14:29:44 +02:00
leo chung
3b1d71ffd8 bzip2: add linker option LDFLAGS
if gcc not linker whith this LDFLAGS, "file libbz2.so.1.0.8" will
recognize as pie executable ELF file ( which should be shared object).

this because the file command version before 5.36 not recognize
correctly.

Signed-off-by: leo chung <gewalalb@gmail.com>
(cherry picked from commit 56ab58fb6c)
2019-10-19 14:29:44 +02:00
Hauke Mehrtens
cabd12d2e3 mac80211: Update to version 4.19.79
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-10-19 14:18:31 +02:00
Christian Franke
3468a4435a lantiq: Fix fw_cutter LzmaWrapper
The destination buffer size `d_len` is passed to `lzma_inflate` as a
pointer. Therefore, it needs to be dereferenced to compare its content.

Signed-off-by: Christian Franke <nobody@nowhere.ws>
(cherry picked from commit d544bc84a0)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-10-18 13:45:23 +02:00
Jo-Philipp Wich
c987955f82 rpcd: update to latest Git HEAD
95f0973 file: increase minimum read buffer size to 4096 bytes

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 2a603cfcfc)
2019-10-18 12:19:34 +02:00
Jo-Philipp Wich
d04c07003d rpcd: update to latest Git HEAD
e2a7bc4 iwinfo: add WPA3 support

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit d6a405280f)
2019-10-18 12:19:23 +02:00
Jo-Philipp Wich
5bd83825ad rpcd: update to latest Git HEAD
69eeb1b file: refactor message parsing and permission checking
f65527a iwinfo: expose all rate info fields in assoclist reply
7fec636 sys: fix symbol redeclaration
27c24c7 rpcd: sys: actually move timespec declaration
345363b file: add remove operation
604db20 rpcd: Switch to nanosleep

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 2f9f8769e3)
2019-10-18 12:19:08 +02:00
Jo-Philipp Wich
07dcbfa6e8 fwtool: do not omit final 16 byte when image does not contain signature
The fwutil command will interpret the final 16 byte of a given firmware
image files as "struct fwimage_trailer".

In case these bytes do look like a valid trailer, we must ensure that we
print them out along with the remainder of the image to not accidentally
truncate non-trailer-images by 16 bytes when they're piped through fwtool,
e.g. as part of an image verification command sequence.

Some command sequences pipe images through fwtool in order to strip any
possible metadata, certificate or signature trailers and do not expect
bare images without any of that metadata to get truncated as other non-
fwtool specific metadata is expected at the end of the file, e.g. an
information block with an md5sum in case of the combined image format.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 889b841048)
2019-10-17 17:08:09 +02:00
Jo-Philipp Wich
180bd75973 iwinfo: update to latest Git HEAD
07315b6 nl80211: handle hidden SSIDs in wpa_supplicant scan results
3ac846e lua: fix string description of mixed WPA3 modes

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit bc61458b73)
2019-10-16 16:51:03 +02:00
Koen Vandeputte
e8308747a1 gdb: bump to 8.3.1
GDB 8.3.1 brings the following fixes and enhancements over GDB 8.3:

PR c++/20020 (GDB segfault on printing objects)
PR gdb/24454 (nat/x86-linux-dregs.c failed assertion)
PR breakpoints/24541 (Incorrect evaluation of systemtap probes due to register being signed and probe expression assuming unsigned)
PR symtab/24545 (Symbol loading performance regression with cc1)
PR gdb/24592 (amd64->i386 linux syscall restart problem)
PR gdb/25009 (terminate called after throwing an instance of 'srchilite::ParserException')
PR gdb/25010 (Calls to error () can cause SIGTTOU to send gdb to the background)
PR breakpoints/25011 (Breakpoints on file reloads broken for PIE binaries)

This corrective release also brings the following testsuite fixes and
enhancements:

PR testsuite/25005 (gdb-caching-proc.exp takes a lot of time on skip_opencl_tests)
PR testsuite/25016 (Test-case failures for -pie)

GDB 8.3 includes the following changes and enhancements:

* Support for new native configurations (also available as a target configuration):
     - RISC-V GNU/Linux (riscv*-*-linux*)
     - RISC-V FreeBSD (riscv*-*-freebsd*)

* Support for new target configurations:
     - CSKY ELF (csky*-*-elf)
     - CSKY GNU/Linux (csky*-*-linux)
     - NXP S12Z ELF (s12z-*-elf)
     - OpenRISC GNU/Linux (or1k*-*-linux*)

* Native Windows debugging is only supported on Windows XP or later.

* The Python API in GDB now requires Python 2.6 or later.

* GDB now supports terminal styling for the CLI and TUI.
  Source highlighting is also supported by building GDB with GNU
  Highlight.

* Experimental support for compilation and injection of C++ source
  code into the inferior (requires GCC 7.1 or higher, built with
  libcp1.so).

* GDB and GDBserver now support IPv6 connections.

* Target description support on RISC-V targets.

* Various enhancements to several commands:
     - "frame", "select-frame" and "info frame" commands
     - "info functions", "info types", "info variables"
     - "info thread"
     - "info proc"
     - System call alias catchpoint support on FreeBSD
     - "target remote" support for Unix Domain sockets.

* Support for displaying all files opened by a process

* DWARF index cache: GDB can now automatically save indices of DWARF
  symbols on disk to speed up further loading of the same binaries.

* Various GDB/MI enhancements.

* GDBserver on PowerPC GNU/Linux now supports access to the PPR,
  DSCR, TAR, EBB/PMU, and HTM registers.

* Ada task switching support when debugging programs built with
  the Ravenscar profile added to aarch64-elf.

* GDB in batch mode now exits with status 1 if the last executed
  command failed.

* Support for building GDB with GCC's Undefined Behavior Sanitizer.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-15 16:13:06 +02:00
Jo-Philipp Wich
4c92859945 iwinfo: update to latest Git HEAD
a29b7d4 nl80211: align path to phy mapping logic with mac80211.sh

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 57b834281b)
2019-10-15 15:52:36 +02:00
Jo-Philipp Wich
e8dc69fcb0 iwinfo: update to latest Git HEAD
Contains following updates squashed from 3 bump commits in master:

02112f9 cli: fix reporting of mixed WPA2/WPA3 versions
7faeaea nl80211: properly detect WEP encryption in wpa_supp scan results
629b5ff nl80211: do not confuse open connections with WEP ones
3d47ddd nl80211: rework hostapd and wpa_supplicant wpa suite parsing
313e827 nl80211: keep awaiting wpa_supplicant scan results on busy response
a766751 nl80211: fix parsing of mixed wpa encryption in wpa_supp scan results
f096bfd utils: support parsing SAE and OWE key management suites from IEs
2a95086 nl80211: recognize SAE encrypted mesh

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-10-11 15:57:07 +02:00
Adrian Schmutzler
28d3afc8d6 base-files: use get_mac_binary() in mtd_get_mac_binary_ubi()
The actual retrieval of the MAC address in mtd_get_mac_binary_ubi()
is the same as in get_mac_binary(). Thus, use the latter function
in the former to reduce duplicate code.

This will also allow to benefit from the enhanced path check there
and bring mtd_get_mac_binary_ubi() more in line with the similar
mtd_get_mac_binary().

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 45600124fc)
2019-09-29 11:32:05 +02:00
David Bauer
c7cdbf29c0 uboot-fritz4040: update to 2019-09-07
572ff7f fritzcreator: actually add checksum spacer
6edce1a fritzcreator: replace obscure padding generation with something more portable
2ff189f add ASUS RT-AC58U "easy install" factory u-boot shim
b91f9c2 readd spi-nand support
486ae53 improve cmd_sysupgrade
b0933f1 replace sstrip with strip
882e48a do not include generated files into git
0c5aa5f fix bugs in ipq40xx_cdp.c

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit af63436d2d)
2019-09-25 22:50:52 +02:00
Koen Vandeputte
92953ae99f ath10k-ct: update to version 2019-09-09
5e8cd86f90da ath10k-ct: Backport ap-vlan code from 5.2 to 4.20 and 4.19 drivers.
0c518586bd7f ath10k-ct: Fix a few warning splats.

Adds AP VLAN.
Refreshed all patches.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-24 12:52:52 +02:00
Robert Marko
757fd85402 ath10k-firmware: update Candela Tech firmware images
This enables a feature flag in the wave-2 firmware wmi-services indicating it can send
software-encrypted raw frames.  This should in turn allow the AP-VLAN feature to work.

Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 7c930990af)
2019-09-24 12:52:52 +02:00
Eneas U de Queiroz
b610572a9b openssl: bump to 1.1.1d
This version fixes 3 low-severity vulnerabilities:

- CVE-2019-1547: ECDSA remote timing attack
- CVE-2019-1549: Fork Protection
- CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
		 CMS_decrypt_set1_pkey

Patches were refreshed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit d868d0a5d7)
2019-09-23 07:42:30 +02:00
Hauke Mehrtens
26c0bec13b hostapd: Fix AP mode PMF disconnection protection bypass
This fixes
* CVE-2019-16275 AP mode PMF disconnection protection bypass
https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a6981604b3)
2019-09-21 18:08:54 +02:00
Rosen Penev
dc076160f9 uClibc++: Remove faulty patch
This patch was originally added to fix compilation with v4l2rtspserver.
Turns out it was v4l2rtspserver that was broken, not uClibc++. This now
causes issues with a different package where the arguments are being
split.

Note that with this patch, shellcheck throws an error:

SC2068: Double quote array expansions to avoid re-splitting elements.

More: https://github.com/openwrt/packages/pull/9972#discussion_r324878373

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 977a8fc5fc)
2019-09-21 18:08:54 +02:00
Magnus Kroken
e105d03ee9 mbedtls: update to 2.16.3
Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch,
the issue has been fixed upstream.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit 49d96ffc5c)
2019-09-21 18:08:54 +02:00
Daniel Golle
44f32cd5e0 ltq-vdsl-fw: update firmware filename and download URL
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 4fc0a61ed3)
2019-09-21 15:14:51 +02:00
Alberto Bursi
e9c16e4e1f kernel: add module for Emulex OneConnect 10Gbit
add module to support Emulex OneConnect
common in 10Gbit SFP+ cards by Dell/HP/IBM
supports OneConnect OCe10xxx OCe11xxx OCe14xxx,
LightPulse LPe12xxx

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
(cherry picked from commit 827f47749b)
2019-09-21 08:41:49 +02:00
Jo-Philipp Wich
9cae5a8289 procd: fix invalid JSON filter expression in procd_running()
Since service and instance names may contain characters which are not allowed
in JSON path labels, such as dashes or spaces, change the filter expression
to array square bracket notation to properly match these cases as well.

Fixes: 2c3dd70741 ("procd: add procd_running() helper for checking running state")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c933b6d224)
2019-09-19 07:21:47 +02:00
Jo-Philipp Wich
c7e3ca59ab firewall: update to latest Git HEAD
383eb58 ubus: do not overwrite ipset name attribute
c26f890 firewall3: fix typo that affects ICMPv6 rules with numeric icmp_type
487bd0d utils: Fix string format message
4d0c703 firewall3: Fix some format string problems
8c404ef iptables.c: lock the xtables.lock
c1d3a4d utils: implement fw3_lock_path() & fw3_unlock_path()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[cherry picked and squashed from commits
 7db6559914,
 359bff6052,
 2cf209ce91,
 5ef9e4f107]
Ref: https://forum.openwrt.org/t/fw3-ipset-procd-objects/44044
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-18 10:59:17 +02:00
Rafał Miłecki
ad8b11213a procd: update to the latest git HEAD
62dc8c0 system: sysupgrade: send reply on error
2710c65 system: refuse sysupgrade with backup if it's unsupported

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 04e912d217)
2019-09-18 07:35:04 +02:00
Rafał Miłecki
bece406c2f mac80211: brcmfmac: backport the last 5.4 changes
This makes brcmfmac use the same wiphy after PCIe reset to help user
space handle corner cases (e.g. firmware crash).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f39f4b2f6d)
2019-09-16 08:42:00 +02:00
Rafał Miłecki
c53a0ed5e3 treewide: sysupgrade: use $UPGRADE_BACKUP to check for backup
Now that $UPGRADE_BACKUP is set conditionally there is no need to check
the $UPGRADE_OPT_SAVE_CONFIG anymore. All conditions can be simplified.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a858db3136)
2019-09-16 05:57:08 +02:00
Rafał Miłecki
f69b855a75 procd: update to the latest git HEAD
b8238df sysupgrade: support "backup" attribute

This update requires "sysupgrade" method callers to pass "backup"
attribute if $UPGRADE_BACKUP is used in the project.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9785a9121d)
2019-09-16 05:56:25 +02:00
Rafał Miłecki
47a5f5c7e7 base-files: sysupgrade: pass "backup" ubus attribute
This explicitly tells procd what backup file should be used during
sysupgrade (if any). It's much more generic this way compared to the
magic /tmp/sysupgrade.tgz file that had to be created before a call.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c5223b26a4)
2019-09-16 05:56:25 +02:00
Hans Dedecker
0da990b773 odhcpd: retry failed PD assignments on addrlist change
88d9ab6 dhcpv6: retry failed PD assignments on addrlist change

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-15 20:50:25 +02:00
David Bauer
e1cf17b3ba iwinfo: update to latest Git HEAD
a88fb42 iwinfo: add device id for Qualcomm Atheros QCA9886
1b69d86 iwinfo: add device id for Qualcomm Atheros QCA9887

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 7db2f1a71f)
2019-09-15 12:31:56 +02:00
Rafał Miłecki
78d0d13c86 base-files: validate firmware for compatibility with backup
This allows platform code to check if firmware image can be used with
preserving a backup. It may be used e.g. when installing vendor
firmwares that won't restore appended backup archive.

Suggested-by: Luis Araneda <luaraneda@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1c510fe298)
2019-09-12 14:30:18 +02:00
Rafał Miłecki
a717428828 treewide: use new procd sysupgrade $UPGRADE_BACKUP variable
It's a variable set by procd that should replace hardcoded
/tmp/sysupgrade.tgz.

This change requires the most recent procd with the commit 0f3c136
("sysupgrade: set UPGRADE_BACKUP env variable").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 641f6b6c26)
2019-09-12 13:27:29 +02:00
Rafał Miłecki
37caec2d5e treewide: don't hardcode "sysupgrade.tgz" file name
1) Add BACKUP_FILE and use it when copying an archive to be restored
   after sysupgrade (on the next preinit).
2) Use CONF_TAR for copying backup prepared by the /sbin/sysupgrade

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit bf39047872)
2019-09-12 13:25:27 +02:00