Commit Graph

42356 Commits

Author SHA1 Message Date
Hauke Mehrtens
b463a13881 hostapd: fix multiple security problems
This fixes the following security problems:
* CVE-2019-9494:  cache attack against SAE
* CVE-2019-9495:  cache attack against EAP-pwd
* CVE-2019-9496:  SAE confirm missing state validation in hostapd/AP
* CVE-2019-9497:  EAP-pwd server not checking for reflection attack)
* CVE-2019-9498:  EAP-pwd server missing commit validation for scalar/element
* CVE-2019-9499:  EAP-pwd peer missing commit validation for scalar/element
* CVE-2019-11555: EAP-pwd message reassembly issue with unexpected fragment

Most of these problems are not relevant for normal users, SAE is only
used in ieee80211s mesh mode and EAP-pwd is normally not activated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-06-21 10:29:23 +02:00
Matthias Schiffer
fc1dae5be7
brcm2708: Revert "staging: vc04_services: prevent integer overflow in create_pagelist()"
The bump to 4.9.181 broke build for bcm2708 and bcm2709. Revert the
offending patch.

The same revert is also queued for the next upstream 4.9.y release.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2019-06-20 23:46:01 +02:00
Linus Walleij
84aba5796e gemini: 4.14: Fix up DNS-313 compatible string
It's a simple typo in the DNS file, which was pretty serious.
No scripts were working properly. Fix it up.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[integrate into openwrt target]
2019-06-20 17:42:17 +02:00
Robinson Wu
9656f49ea0 base-files: fix uci led oneshot/timer trigger
This patch adds a missing type property which prevented
the creation of oneshot and timer led triggers when they
are specified in the /etc/board.d/01_leds files.

i.e.:

ucidef_set_led_timer "system" "system" "zhuotk:green:system" "1000" "1000"

Fixes: b06a286a48 ("base-files: cleanup led functions in uci-defaults.sh")
Signed-off-by: Robinson Wu <wurobinson@qq.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[also fix oneshot as well]
2019-06-20 17:41:42 +02:00
Koen Vandeputte
bd0c3988e7 kernel: bump 4.14 to 4.14.128
Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-20 15:51:03 +02:00
Koen Vandeputte
2999c342aa kernel: bump 4.14 to 4.14.127
Refreshed all patches.

Fixes:

- CVE-2019-11479
- CVE-2019-11478
- CVE-2019-11477

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-18 15:49:37 +02:00
Koen Vandeputte
9de2f4d4ce kernel: bump 4.9 to 4.9.182
Refreshed all patches.

Fixes:

- CVE-2019-11479
- CVE-2019-11478
- CVE-2019-11477

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-18 15:49:37 +02:00
Petr Štetiar
5fe809d718 Revert "ipq806x: fix EA8500 switch control"
There is a problem with the EA8500, the switch will not work after soft
reboot, the only way to get it working again is to power cycle it
manually.

There are probably several issues in the play, it's quite hard to fix it
without having access to the actual device, so I don't see any other
option now, then revert the offending commit.

Ref: PR#2047
Fixes: FS#2168 ("Switch no longer work after restart on Linksys EA8500")
Reported-by: Adam <424778940z@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-18 15:34:44 +02:00
Koen Vandeputte
e493230e84 kernel: bump 4.14 to 4.14.126
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-18 11:44:19 +02:00
George Amanakis
c449130bb2 mvebu: fixes commit f63a1caf22
err_free_stats has been deprecated. Replace with err_netdev.

Compile-tested on: mvebu
Runtime-tested on: mvebu

Fixes: f63a1caf22 ("kernel: bump 4.14 to 4.14.125")
Signed-off-by: George Amanakis <gamanakis@gmail.com>
[altered hashes]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-18 11:44:19 +02:00
Rafał Miłecki
6fa6f74e37 kernel: backport 4.18 patch adding DMI_PRODUCT_SKU
It's needed for applying some hardware quirks. This fixes:
drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c:60:20: error: 'DMI_PRODUCT_SKU' undeclared here (not in a function); did you mean 'DMI_PRODUCT_UUID'?
    DMI_EXACT_MATCH(DMI_PRODUCT_SKU, "T8"),

Fixes: 2cd234d96b ("mac80211: brcm: backport remaining brcmfmac 5.2 patches")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4d11c4c378)
2019-06-17 07:23:25 +02:00
Rafał Miłecki
2cd234d96b mac80211: brcmfmac: backport important fixes from kernel 5.2
1) Crash/Oops fixes
2) One-line patch for BCM43456 support
3) Fix communication with some specific FullMAC firmwares
4) Potential fix for "Invalid packet id" errors
5) Important helper for reporting FullMAC firmware crashes

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-06-16 21:51:50 +02:00
Mantas Pucka
85eda6f61e kernel: mt29f_spinand: fix memory leak during page program
Memory is allocated with devm_kzalloc() on every page program
and leaks until device is closed (which never happens).

Convert to kzalloc() and handle error paths manually.

Signed-off-by: Mantas Pucka <mantas@8devices.com>
2019-06-15 19:05:30 +02:00
Christian Lamparter
a0543d8e70 uboot-fritz4040: update PKG_MIRROR_HASH
the file on http://sources.openwrt.org/ has a different
PKG_MIRROR_HASH value.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-06-15 19:05:30 +02:00
Koen Vandeputte
f63a1caf22 kernel: bump 4.14 to 4.14.125
Refreshed all patches.

Altered patches:
- 403-net-mvneta-convert-to-phylink.patch
- 410-sfp-hack-allow-marvell-10G-phy-support-to-use-SFP.patch

Compile-tested on: cns3xxx, imx6, mvebu
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-12 16:04:25 +02:00
Koen Vandeputte
40b1e899ba kernel: bump 4.9 to 4.9.181
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-12 16:04:25 +02:00
Chen Minqiang
5dbac47426 kernel: re-add bridge allow reception on disabled port
The "bridge allow reception on disabled port" implementation
was broken after these commits:

b765f4be40 ("kernel: bump 4.14 to 4.14.114")
456f486b53 ("kernel: bump 4.9 to 4.9.171")

This leads to issues when for example WDS is used, tied to a bridge:

[ 96.503771] wlan1: send auth to d4:5f:25:eb:09:82 (try 1/3)
[ 96.517956] wlan1: authenticated
[ 96.526209] wlan1: associate with d4:5f:25:eb:09:82 (try 1/3)
[ 97.086156] wlan1: associate with d4:5f:25:eb:09:82 (try 2/3)
[ 97.200919] wlan1: RX AssocResp from d4:5f:25:eb:09:82 (capab=0x11 status=0 aid=1)
[ 97.208706] wlan1: associated
[ 101.312913] wlan1: deauthenticated from d4:5f:25:eb:09:82 (Reason: 2=PREV_AUTH_NOT_VALID)

It seems upstream introduced a new patch, [1]
so we have to reimplement these patches properly:

target/linux/generic/pending-4.9/150-bridge_allow_receiption_on_disabled_port.patch
target/linux/generic/pending-4.14/150-bridge_allow_receiption_on_disabled_port.patch

[1] https://lkml.org/lkml/2019/4/24/1228

Fixes: b765f4be40 ("kernel: bump 4.14 to 4.14.114")
Fixes: 456f486b53 ("kernel: bump 4.9 to 4.9.171")
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
[updated commit message and title]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-07 18:24:08 +02:00
Jo-Philipp Wich
5d27e87de7 rpcd: fix init script reload action
Drop the legacy start() and stop() procedures and define a proper
reload signal action instead.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f664d560df)
2019-06-06 11:29:15 +02:00
Koen Vandeputte
1867f10807 kernel: bump 4.14 to 4.14.123
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-03 17:01:20 +02:00
Koen Vandeputte
7fe1b4a4b2 kernel: bump 4.9 to 4.9.180
Refreshed all patches.

Compile-tested: ar71xx
Runtime-tested: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-03 17:01:20 +02:00
Koen Vandeputte
6563e494a0 kernel: bump 4.14 to 4.14.122
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-03 12:43:17 +02:00
Koen Vandeputte
e3408d09b0 kernel: bump 4.9 to 4.9.179
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-03 12:43:17 +02:00
Christian Lamparter
b2b1265a1d apm821xx: backport accepted linux-crypto patches
Rather than wait until the patches hit vanilla and
get backported via the stable kernel, this patch
patches the crypto4xx driver with the latest fixes
from the upstream linux-crypto tree.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-06-01 19:47:14 +02:00
Eneas U de Queiroz
6761961919 openssl: update to 1.0.2s
Highlights of this version:
- Change default RSA, DSA and DH size to 2048 bit
- Reject invalid EC point coordinates
  This avoids CVE-2019-9498 and CVE-2019-9499 in hostapd

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-06-01 15:50:20 +02:00
Hauke Mehrtens
9591155737 kernel: Fix arc kernel 4.14 build
This fixes a patch for the ARC architecture.

This was found by the build bot.

Fixes: 810ee3b84a ("kernel: bump 4.14 to 4.14.104")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-30 12:16:10 +02:00
Hauke Mehrtens
dc1b578a4c curl: Fix multiple security problems
This fixes the following security problems:
* CVE-2018-14618: NTLM password overflow via integer overflow
* CVE-2018-16839: SASL password overflow via integer overflow
* CVE-2018-16840: use-after-free in handle close
* CVE-2018-16842: warning message out-of-buffer read
* CVE-2019-3823:  SMTP end-of-response out-of-bounds read
* CVE-2019-3822:  NTLMv2 type-3 header stack buffer overflow
* CVE-2018-16890: NTLM type-2 out-of-bounds buffer read

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-30 12:15:20 +02:00
Hauke Mehrtens
40ed8389ef mbedtls: update to version 2.16.1
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-30 12:15:20 +02:00
Koen Vandeputte
7e07320dc4 kernel: bump 4.14 to 4.14.121
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-28 11:04:43 +02:00
Koen Vandeputte
054aecdf0b kernel: bump 4.9 to 4.9.178
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-28 11:04:43 +02:00
Hans Dedecker
e9a7344550 uci: fix heap use after free (FS#2288)
f199b96 uci: fix options list of section after type change

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-23 22:09:09 +02:00
Jonas Gorski
4b633affff brcm63xx: drop linux,part-probe usage where possible
It was present as 4.4 compatibility, but since we now use 4.9 or later
with the new upstream solution, we don't need it anymore.

This also fixes a serious regression introduced by ac9bcefa3b, which
changed the precedence of linux,part-probe and the new-type partitions
node compatible string, causing caldata partitions to be overwritten.

Fixes: ac9bcefa3b ("kernel: use V10 of mtd patchset adding support for "compatible" string")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit 7880a6f7fe)
2019-05-23 13:17:08 +02:00
Jonas Gorski
cfb72eed69 brcm63xx: drop own implementation of DT partitions in favour of upstream
The binding works the same, so we can just drop the revert and the patch.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit abb28bec25)
2019-05-23 13:17:02 +02:00
Koen Vandeputte
68a5e662c2 kernel: bump 4.14 to 4.14.120
Refreshed all patches.

Altered patches:
- 0067-generic-Mangle-bootloader-s-kernel-arguments.patch
- 006-mvebu-Mangle-bootloader-s-kernel-arguments.patch
- 996-generic-Mangle-bootloader-s-kernel-arguments.patch

Compile-tested on: cns3xxx, imx6, mvebu
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-21 09:48:48 +02:00
Koen Vandeputte
85294fc5e7 kernel: bump 4.9 to 4.9.177
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-21 09:48:48 +02:00
Koen Vandeputte
152755c9a2 kernel: bump 4.14 to 4.14.119
Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-21 09:48:48 +02:00
Koen Vandeputte
82e4b4250d kernel: bump 4.9 to 4.9.176
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-21 09:48:48 +02:00
Adrian Schmutzler
cf2aa873ea ar71xx: Fix network setup for TP-Link Archer C25 v1
Network for the Archer C25 v1 is set up without switch for no
obvious reason. The LED setup is even done switch-based.

This patch changes network setup so a switch is created.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-05-19 12:24:28 +02:00
Hauke Mehrtens
e6928e6b29 kernel: Fix arc kernel build
This fixes a patch for the ARC architecture.

This was found by the build bot.

Fixes: 5183df0dbf ("kernel: bump 4.9 to 4.9.161")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-17 22:04:21 +02:00
Hauke Mehrtens
3239f56136 uboot-fritz4040: Add host flags for host compiler
This adds the host staging directory to the include path to make it use
the zlib.h files from the staging include directory and also link
against the zlib version from the staging directory.

This fixes a compile problem when the zlib header were not installed on
the build host.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-17 22:03:25 +02:00
Hauke Mehrtens
b5ce5217e2 ramips: rt305x: Reduce size of a5-v11 image
The root file system of the a5-v11 image was too big and broke the
build, remove the USB modules from the default image to make it smaller.
This should fix the build again.

This was found by the build bot.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-17 22:01:49 +02:00
Koen Vandeputte
d3053b1bdc kernel: bump 4.14 to 4.14.118
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-15 11:28:40 +02:00
Koen Vandeputte
f053a8ce41 kernel: bump 4.9 to 4.9.175
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-15 11:28:40 +02:00
Koen Vandeputte
412d80cdb7 kernel: bump 4.14 to 4.14.115
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-06 12:44:26 +02:00
Koen Vandeputte
f105a9c35c kernel: bump 4.9 to 4.9.172
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-06 12:44:26 +02:00
Koen Vandeputte
4685bf1d2f kernel: bump 4.14 to 4.14.114
Refreshed all patches.

Altered patches:
- 150-bridge_allow_receiption_on_disabled_port.patch
- 201-extra_optimization.patch

Remove upstreamed:
- 022-0006-crypto-crypto4xx-properly-set-IV-after-de-and-encryp.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-02 13:00:26 +02:00
Koen Vandeputte
2faceb1a39 kernel: bump 4.9 to 4.9.171
Refreshed all patches.

Altered patches:
- 150-bridge_allow_receiption_on_disabled_port.patch
- 201-extra_optimization.patch

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-02 13:00:26 +02:00
Jo-Philipp Wich
e0505cc018 Revert "uhttpd: disable concurrent requests by default"
This reverts commit c6aa9ff388.

Further testing has revealed that we will need to allow concurrent
requests after all, especially for situations where CGI processes
initiate further HTTP requests to the local host.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f00a4ae6e0)
2019-04-24 10:38:53 +02:00
Ted Hess
24aefaec62 tools/pkg-config: Handle variable substitution of 'bindir' to redirect to STAGING_DIR/bin
Signed-off-by: Ted Hess <thess@kitschensync.net>
(cherry picked from commit 042d68a195)
2019-04-24 07:22:25 +02:00
Arthur Skowronek
aaa34526c4 tools/pkg-config: pass arguments at the end
Go for openwrt passes pkg-config arguments in the format of

        pkg-config --cflags -- pkg-name

which in turn will be passed down to the real pkg-config as something
like

        pkg-config.real --cflags -- pkg-name --define...

and causes the real pkg-config implementation to missinterpret the given
argument list.

This also helps to fix https://github.com/golang/go/issues/27940

Signed-off-by: Arthur Skowronek <arthur.skowronek@tuta.io>
(cherry picked from commit 5f2cb6d7dc)
2019-04-24 07:22:17 +02:00
Koen Vandeputte
3103bd54c5 kernel: bump 4.14 to 4.14.113
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-04-23 13:23:22 +02:00