ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-01-04 21:14:21 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity
45,231 Commits 9 Branches 76 Tags 898 MiB
c38074de92
Commit Graph

16044 Commits

Author SHA1 Message Date
Piotr Dymacz
1859391e9e uboot-envtools: ath79: add support for YunCore XD4200 and A782 
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit 5d2a900163)
 2019-11-26 18:17:46 +01:00
Sungbo Eo
a2d9de21b8 base-files: config_generate: split macaddr with multiple ifaces 
netifd does not handle network.@device[x].name properly if it
contains multiple ifaces separated by spaces. Due to this, board.d
lan_mac setup does not work if multiple ifaces are set to LAN by
ucidef_set_interface_lan.

To fix this, create a device node for each member iface when
running config_generate instead. Those are named based on the
member ifname:

  ucidef_set_interface_lan "eth0 eth1.1"
  ucidef_set_interface_macaddr "lan" "yy:yy:yy:yy:yy:01"

will return

  config device 'lan_eth0_dev'
        option name 'eth0'
        option macaddr 'yy:yy:yy:yy:yy:01'

  config device 'lan_eth1_1_dev'
        option name 'eth1.1'
        option macaddr 'yy:yy:yy:yy:yy:01'

ref: https://github.com/openwrt/openwrt/pull/2542

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[always use new scheme, extend description, change commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 298814e6be)
 2019-11-26 17:01:12 +01:00
Piotr Dymacz
a0897f8a46 uboot-envtools: ramips: add support for ALFA Network Quad-E4G 
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit 10bcf1eb40)
 2019-11-24 21:47:27 +01:00
Piotr Dymacz
939dfe61ed uboot-envtools: ramips: add support for ALFA Network R36M-E4G 
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit 3cfea3a321)
 2019-11-24 21:45:33 +01:00
Sebastian Kemper
b177b180bb mac80211: add default value for noscan 
Commit b3d8b3a introduced a new test:

[ -n "$noscan" -a "$noscan" -gt 0 ] && hostapd_noscan=1

But if length of "$noscan" is zero (noscan is not set) this doesn't stop
the shell to evaluate the rest of the test.

root@hank2:~# [ -n "$noscan" -a "$noscan" -gt 0 ]
ash: out of range
root@hank2:~#

So when radios are brought up this shows in the log:

Sat Nov 23 10:51:38 2019 daemon.info procd: - init complete -
Sat Nov 23 10:52:24 2019 daemon.notice netifd: radio1 (1243): sh: out of range
Sat Nov 23 10:52:25 2019 user.notice firewall: Reloading firewall due to ifup of wan (eth0.2)
Sat Nov 23 10:52:25 2019 daemon.notice netifd: radio0 (1242): sh: out of range
Sat Nov 23 10:52:26 2019 authpriv.info dropbear[1536]: Not backgrounding

This commit sets noscan to 0 if unset and removes the gratuitous length
check, preventing the warning.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit 28d84331f4)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2019-11-23 11:30:34 +01:00
Hauke Mehrtens
e68d589e7b e2fsprogs: Fix CVE-2019-5094 in libsupport 
This adds the following patch from debian:
https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=debian/stable&id=09fe1fd2a1f9efc3091b4fc61f1876d0785956a8
libsupport: add checks to prevent buffer overrun bugs in quota code

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 0062aad8ec)
 2019-11-22 22:54:28 +01:00
David Bauer
6160f773fe
ipq40xx: add support for AVM FRITZ!Repeater 1200 
Hardware
--------
SoC:   Qualcomm IPQ4019
RAM:   256M DDR3
FLASH: 128M NAND
WiFi:  2T2R IPQ4019 bgn
       2T2R IPQ4019 a/n/ac
ETH:   Atheros AR8033 RGMII PHY
BTN:   1x Connect (WPS)
LED:   Power (green/red/yellow)

Installation
------------

1. Grab the uboot for the Device from the 'u-boot-fritz1200'
   subdirectory. Place it in the same directory as the 'eva_ramboot.py'
   script. It is located in the 'scripts/flashing' subdirectory of the
   OpenWRT tree.

2. Assign yourself the IP address 192.168.178.10/24. Connect your
   Computer to one of the boxes LAN ports.

3. Connect Power to the Box. As soon as the LAN port of your computer
   shows link, load the U-Boot to the box using following command.

   > ./eva_ramboot.py --offset 0x85000000 192.168.178.1 uboot-fritz1200.bin

4. The U-Boot will now start. Now assign yourself the IP address
   192.168.1.70/24. Copy the OpenWRT initramfs (!) image to a TFTP
   server root directory and rename it to 'FRITZ1200.bin'.

5. The Box will now boot OpenWRT from RAM. This can take up to two
   minutes.

6. Copy the U-Boot and the OpenWRT sysupgrade (!) image to the Box using
   scp. SSH into the Box and first write the Bootloader to both previous
   kernel partitions.

   > mtd write /path/to/uboot-fritz1200.bin uboot0
   > mtd write /path/to/uboot-fritz1200.bin uboot1

7. Remove the AVM filesystem partitions to make room for our kernel +
   rootfs + overlayfs.

   > ubirmvol /dev/ubi0 --name=avm_filesys_0
   > ubirmvol /dev/ubi0 --name=avm_filesys_1

8. Flash OpenWRT peristently using sysupgrade.

   > sysupgrade -n /path/to/openwrt-sysupgrade.bin

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 7f187229a8)
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
 2019-11-22 22:32:58 +01:00
David Bauer
63b1e8f8d2
ipq-wifi: add AVM FRITZ!Repeater 1200 bdf 
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit c0f4078164)
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
 2019-11-22 22:32:53 +01:00
David Bauer
496489ea95
uboot-fritz4040: update to latest HEAD 
f92be9d add support for AVM FRITZ!Repeater 1200
d651302 enable support for Atheros AR8033 PHY
e4c857c add machtype override hack

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 36f43b61a7)
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
 2019-11-22 22:32:48 +01:00
Hauke Mehrtens
e30ca0d90a mac80211: update to version 4.19.85 
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2019-11-22 20:33:19 +01:00
Jo-Philipp Wich
b0adf79c9e firewall: update to latest Git HEAD 
8174814 utils: persist effective extra_src and extra_dest options in state file
72a486f zones: fix emitting match rules for zones with only "extra" options

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 482114d3f7)
 2019-11-22 18:59:39 +01:00
Hans Dedecker
b416195927 firewall: update to latest git HEAD 
daed0cf utils: fix resource leak

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 27bf8abe69)
 2019-11-22 18:59:35 +01:00
Petr Štetiar
538ca42dda wireless-regdb: fix build when python2 from package feeds exists 
wireless-regdb fails to build if there is python2 installed from package
feeds, as staging_dir/hostpkg/bin/python is python2 and
staging_dir/hostpkg/bin takes precedence over staging_dir/host/bin
(proper place with python -> python3 symlink) which leads to the build
failure of wireless-regdb, so this patch makes it explicit which python
should be used.

Reported-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Russell Senior <russell@personaltelco.net>
Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b6bae4a2c9)
 2019-11-22 01:10:48 +01:00
Kevin Darbyshire-Bryant
2751c5c752 wireless-regdb: fix patch fuzz 
Refresh patches to tidy up some fuzz warnings

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 12840674d0)
 2019-11-22 01:10:48 +01:00
John Crispin
d6ecadb05c wireless-regdb: fix Makefile indentation 
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 8562e77953)
 2019-11-22 01:10:48 +01:00
Petr Štetiar
0a4071b550 wireless-regdb: set PKGARCH:=all 
As it's an architecture-independent binary file.

Ref: https://github.com/openwrt/openwrt/pull/1521#issuecomment-514687053
Suggested-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 57d1c05ec9)
 2019-11-22 01:10:48 +01:00
Petr Štetiar
e8d528af7e wireless-regdb: prefer python provided by make variable 
Usage of predefined make variables is preferred.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d3853d17a3)
 2019-11-22 01:10:48 +01:00
Hauke Mehrtens
53d8de0207 wireless-regdb: Make it build with python2 
This backports a patch to build it work with python2 in addition to
python3.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d3a8a62692)
 2019-11-22 01:10:32 +01:00
Zachary Riedlshah
f2ef9b4fea wireless-regdb: update to 2019.06.03 
Fixes build issues on a python3 host (issues with the print statement
formatting in the current build).

Includes 100-regdb-write-firmware-file-format-version-code-20.patch and
other fixes.

Closes bugs.openwrt.org/index.php?do=details&task_id=1605.

Uses the tarball as requested.

Signed-off-by: Zachary Riedlshah <git@zacharyrs.me>
(cherry picked from commit ef3f868da0)
 2019-11-22 01:08:28 +01:00
Koen Vandeputte
75d11f665c mac80211: backport upstream fixes 
This potentially fixes some issues seen on IBSS
when interfaces go out of range and then re-appear.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2019-11-19 15:02:22 +01:00
Hauke Mehrtens
17d8e47d35 mac80211: Adapt to changes to skb_get_hash_perturb() 
The skb_get_hash_perturb() function now takes a siphash_key_t instead of
an u32. This was changed in commit 55667441c84f ("net/flow_dissector:
switch to siphash"). Use the correct type in the fq header file
depending on the kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit eaa047179a)
 2019-11-18 21:37:40 +01:00
Rafał Miłecki
67957cd807 mac80211: brcmfmac: fix PCIe reset crash and WARNING 
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit cde8c2f2fb)
 2019-11-18 15:13:15 +01:00
Sungbo Eo
2117f632e3 kernel: fix typo in fb-sys-fops autoload 
AutoLoad parameter must match the exact kernel module name. Fix it.

Fixes: 125f1ce9ad ("kernel: video: add DRM core and IMX DRM support for HDMI/LVDS")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 6990510aca)
 2019-11-14 23:00:00 +01:00
Kyle Copperfield
a6e7f68c7f hostapd: add IEEE 802.11k support 
Enables radio resource management to be reported by hostapd to clients.

Ref: https://github.com/lede-project/source/pull/1430
Co-developed-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
[removed the DMARC crap]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 87f9292300)
 2019-11-14 20:59:58 +01:00
Hauke Mehrtens
f6111dbeed hostapd: Add mesh support for wpad full 
This increases the size of the binary slightly:

old:
427722 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
431696 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk

new:
442109 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
445997 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 49cc712b44)
 2019-11-14 20:59:58 +01:00
Hauke Mehrtens
0e85b638f7 hostapd: use getrandom syscall 
hostapd will not use the getrandom() syscall and as a fallback use
/dev/random, the syscall is supported since Linux 3.17 and in the musl,
glibc and uclibc version used by OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 998686364d)
 2019-11-14 20:59:58 +01:00
Hauke Mehrtens
81908622a9 hostapd: Remove unneeded patch 
All the content of this function is proceeded by IEEE8021X_EAPOL no code
accesses the ssid variable outside of this ifdef.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 0d86bf518a)
 2019-11-14 20:59:58 +01:00
Hauke Mehrtens
90a0daf4fe hostapd: use config option CONFIG_NO_LINUX_PACKET_SOCKET_WAR 
Instead of patching the workaround away, just use the config option.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 9b4a27455c)
 2019-11-14 20:59:58 +01:00
Hauke Mehrtens
5e8d1b52da hostapd: Update to version 2.9 (2019-08-08) 
The size of the ipkgs increase a bit (between 0.7% and 1.1%):

old 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk

new 2019-08-08 (2.9):
290217 wpad-basic_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
258745 wpad-mini_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
431732 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
427641 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 167028b750)
 2019-11-14 20:59:58 +01:00
Hauke Mehrtens
80b58a9db6 hostapd: Update to version 2.8 (2019-04-21) 
This also syncs the configuration files with the default configuration
files, but no extra options are activated or deactivated.

The mesh patches were partially merged into hostapd 2.8, the remaining
patches were extracted from patchwork and are now applied by OpenWrt.
The patches still have open questions which are not fixed by the author.
They were taken from this page:
https://patchwork.ozlabs.org/project/hostap/list/?series=62725&state=*

The changes in 007-mesh-apply-channel-attributes-before-running-Mesh.patch
where first applied to hostapd, but later reverted in hostapd commit
3e949655ccc5 because they caused memory leaks.

The size of the ipkgs increase a bit (between 1.3% and 2.3%):

old 2018-12-02 (2.7):
283337 wpad-basic_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
252857 wpad-mini_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
417473 wpad-openssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
415105 wpad-wolfssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk

new 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit 8af79550e6)
 2019-11-14 20:59:58 +01:00
Jo-Philipp Wich
e1854815aa hostapd: mirror ieee80211w ap mode defaults in station mode 
For AP mode, OpenWrt automatically sets ieee80211w to either 1 or 2, depending
on whether the encryption is set to sae-mixed, or sae/owe/eap suite-b.

Mirror the same defaults for client mode connections, in order to allow an
OpenWrt station to associate to an OpenWrt ap with SAE, OWE or Suite-B encryption
without the need to manually specify "option ieee80211w" on the station.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit abb4f4075e)
 2019-11-14 20:59:58 +01:00
Jo-Philipp Wich
3e9b3d0ba9 hostapd: fix OWE settings in client mode 
This changes fixes the generation of the wpa_supplicant client configuration
in WPA3 OWE client mode. Instead of incorrectly emitting key_mgmt=NONE, use
the proper key_mgmt=OWE setting instead.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 4209b28d23)
 2019-11-14 20:59:58 +01:00
Leon M. George
eba68342f9 hostapd: declare struct wpa_bss early 
wps_supplicant.h assumes that 'struct wpa_bss' is forward declared if
CONFIG_WPS is not defined.  With the later inclusion of
600-ubus_support, the issue manifests in warnings like these:

wps_supplicant.h:113:15: warning: 'struct wpa_bss' declared inside parameter list will not be visible outside of this definition or declaration
        struct wpa_bss *bss)
               ^~~~~~~

This patch forward declares 'struct wpa_bss' regardless.

Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f974f8213b)
 2019-11-14 20:59:58 +01:00
Leon M. George
0fcf02d0a5 hostapd: revert signature change in patch 
The original wpa_hexdump uses a 'void *' for the payload.  With patch
410-limit_debug_messages, the signature changes and compiler warnings
occur at various places.  One such warning is:

 wpa_debug.h:106:20: note: expected 'const u8 * {aka const unsigned char *}' but argument is of type 'struct wpa_eapol_key *'

Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit a123df2758)
 2019-11-14 20:59:58 +01:00
Eneas U de Queiroz
047329273b hostapd: adjust removed wolfssl options 
This edjusts the selection of recently removed wolfssl options which
have always been built into the library even in their abscence.
Also remove the selection of libwolfssl itself, allowing the library to
be built as a module.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 94d131332b)
 2019-11-14 20:59:58 +01:00
Russell Senior
d5f509861e base-files: add /usr/share/libubox/jshn.sh to sysupgrade stage2 
Discovered recent changes had broken sysupgrade for ar71xx mikrotik
rb-493g, traced the problem to missing /usr/share/libubox/jshn.sh after
switching to tmpfs.

Signed-off-by: Russell Senior <russell@personaltelco.net>
 2019-11-14 14:09:07 +01:00
Michal Cieslakiewicz
d1fbaa3fbc ath79: update uboot-envtools for Netgear WNR routers 
Boards added: WNR1000v2, WNR2000v3, WNR612v2, WNDR3700.

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
(cherry picked from commit d47b687006)
[removed WNR1000v2/WNR2000v3 since not supported in 19.07]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
 2019-11-12 16:23:45 +01:00
Michal Cieslakiewicz
c9e5979dbe ar71xx: update uboot-envtools for Netgear WNR routers 
Boards added: WNR1000v2, WNR2000v3, WNR2200, WNR612v2, WNDR4300.
Boards changed: WNDR3700 (u-boot env size is 2 sectors not 1).

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
(cherry picked from commit 1105290049)
 2019-11-12 16:15:52 +01:00
Zoltan HERPAI
5e1864da33 firmware: intel-microcode: bump to 20190918 
* New upstream microcode datafile 20190918

      *Might* contain mitigations for INTEL-SA-00247 (RAMBleed), given
      the set of processors being updated.
  * Updated Microcodes:
      sig 0x000306d4, pf_mask 0xc0, 2019-06-13, rev 0x002e, size 19456
      sig 0x000306f4, pf_mask 0x80, 2019-06-17, rev 0x0016, size 18432
      sig 0x00040671, pf_mask 0x22, 2019-06-13, rev 0x0021, size 14336
      sig 0x000406f1, pf_mask 0xef, 2019-06-18, rev 0xb000038, size 30720
      sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
      sig 0x00050657, pf_mask 0xbf, 2019-08-12, rev 0x500002b, size 51200
      sig 0x00050662, pf_mask 0x10, 2019-06-17, rev 0x001c, size 32768
      sig 0x00050663, pf_mask 0x10, 2019-06-17, rev 0x7000019, size 24576
      sig 0x00050664, pf_mask 0x10, 2019-06-17, rev 0xf000017, size 24576
      sig 0x00050665, pf_mask 0x10, 2019-06-17, rev 0xe00000f, size 19456

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
 2019-11-11 10:09:39 +01:00
Zoltan HERPAI
8cd24d3256 firmware: intel-microcode: bump to 20190618 
* Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
    CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
  * Updated Microcodes:
    sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432
    sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
 2019-11-11 10:09:35 +01:00
Zoltan HERPAI
a6b30f962c firmware: intel-microcode: bump to 20190514 
* New Microcodes:
    sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224
    sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224
    sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224
    sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632
    sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608
    sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104
    sig 0x000806e9, pf_mask 0x10, 2018-10-18, rev 0x009e, size 98304
    sig 0x000806eb, pf_mask 0xd0, 2018-10-25, rev 0x00a4, size 99328
    sig 0x000806ec, pf_mask 0x94, 2019-02-12, rev 0x00b2, size 98304
    sig 0x000906ec, pf_mask 0x22, 2018-09-29, rev 0x00a2, size 98304
    sig 0x000906ed, pf_mask 0x22, 2019-02-04, rev 0x00b0, size 97280

  * Updated Microcodes:
    sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288
    sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336
    sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552
    sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456
    sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384
    sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408
    sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816
    sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432
    sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504
    sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600
    sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336
    sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352
    sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720
    sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768
    sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768
    sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576
    sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552
    sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456
    sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408
    sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360
    sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352
    sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264
    sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728
    sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304
    sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304
    sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280
    sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304
    sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
    sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280
  * Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
    CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
 2019-11-11 10:09:28 +01:00
Jo-Philipp Wich
42aa51a898 rpcd: update to latest Git HEAD 
77ad0de plugin: avoid truncating numeric values

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit aa89bdcd04)
 2019-11-10 21:36:48 +01:00
Eneas U de Queiroz
6cabbe9646 wolfssl: update to v4.2.0-stable 
Many bugs were fixed--2 patches removed here.

This release of wolfSSL includes fixes for 5 security vulnerabilities,
including two CVEs with high/critical base scores:

- potential invalid read with TLS 1.3 PSK, including session tickets
- potential hang with ocspstaping2 (always enabled in openwrt)
- CVE-2019-15651: 1-byte overread when decoding certificate extensions
- CVE-2019-16748: 1-byte overread when checking certificate signatures
- DSA attack to recover DSA private keys

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit f4853f7cca)
 2019-11-10 16:23:08 +01:00
Eneas U de Queiroz
9be3501dc3 wolfssl: allow building with hw-crytpo and AES-CCM 
Hardware acceleration was disabled when AES-CCM was selected as a
workaround for a build failure.  This applies a couple of upstream
patches fixing this.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit ab19627ecc)
 2019-11-10 16:23:08 +01:00
Jo-Philipp Wich
58db9bee0f ustream-ssl: update to latest Git HEAD 
c9b6668 ustream-ssl: skip writing pending data if .eof is true after connect

Fixes: CVE-2019-5101, CVE-2019-5102
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 6f9157e6bd)
 2019-11-10 16:23:07 +01:00
Hauke Mehrtens
2a09f43ae6 ustream-ssl: Update to latest git HEAD 
465f8dc wolfssl: adjust to new API in v4.2.0
3b06c65 Update example certificate & key, fix typo
1c38fd8 wolfssl: enable CN validation
33308ee ustream-io-cyassl.c: fix client-mode connections
79d91aa Remove CyaSSL, WolfSSL < 3.10.4 support

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 57ff06405e)
 2019-11-10 16:23:03 +01:00
Hauke Mehrtens
d3e11e8ad8 mac80211: Fix dependencies of kmod-rsi91x-usb 
Instead of depending on kmod-usb2 make it depend on the normal USB
dependencies. This should hopefully fix some problems seen in the build
bot builds for powerpc_8540.

In addition also activate DRIVER_11N_SUPPORT support.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3ff3b044c0)
 2019-11-09 20:42:11 +01:00
Hauke Mehrtens
69dcd89dcd strace: Fix build on PowerPC 
This patch breaks building on PowerPC, like the mpc85xx_generic
target for me.

Fixes: FS#2585
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b01305c8d2)
 2019-11-09 20:42:04 +01:00
Hauke Mehrtens
0803b62fc6 uboot-envtools: Add TARGET_LDFLAGS to fix PIE and RELRO 
Forward the OpenWrt TARGET_LDFLAGS to the linker of the fw_printenv tool.
In addition also use the more standard make invocation script.
With this change the fw_printenv tool is built with PIE and Full RELRO
support when activated globally in OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
(cherry picked from commit b7b2be0b26)
 2019-11-09 20:42:04 +01:00
Rosen Penev
963cee15e8 xfsprogs: Fix compilation with newer musl 
Backported upstream patch.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 39035df71c)
 2019-11-09 20:42:04 +01:00