Commit Graph

45759 Commits

Author SHA1 Message Date
Jo-Philipp Wich
7e9d84ee4a opkg: update to latest Git HEAD
f2166a8 libopkg: implement lightweight package listing logic
cf4554d libopkg: support passing callbacks to feed parsing functions
2a0210f opkg-cl: don't read feeds on opkg update
b6f1967 libopkg: use xsystem() to spawn opkg-key
60b9af2 file_util.c: refactor and fix checksum_hex2bin()
206ebae file_util.c: fix possible bad memory access in file_read_line_alloc()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 79da9d78b9)
2020-05-07 22:55:05 +02:00
Jason A. Donenfeld
81f3f6540e wireguard: bump to 1.0.20200506
* compat: timeconst.h is a generated artifact

Before we were trying to check for timeconst.h by looking in the kernel
source directory. This isn't quite correct on configurations in which
the object directory is separate from the kernel source directory, for
example when using O="elsewhere" as a make option when building the
kernel. The correct fix is to use $(CURDIR), which should point to
where we want.

* compat: use bash instead of bc for HZ-->USEC calculation

This should make packaging somewhat easier, as bash is generally already
available (at least for dkms), whereas bc isn't provided by distros by
default in their build meta packages.

* socket: remove errant restriction on looping to self

It's already possible to create two different interfaces and loop
packets between them. This has always been possible with tunnels in the
kernel, and isn't specific to wireguard. Therefore, the networking stack
already needs to deal with that. At the very least, the packet winds up
exceeding the MTU and is discarded at that point. So, since this is
already something that happens, there's no need to forbid the not very
exceptional case of routing a packet back to the same interface; this
loop is no different than others, and we shouldn't special case it, but
rather rely on generic handling of loops in general. This also makes it
easier to do interesting things with wireguard such as onion routing.
At the same time, we add a selftest for this, ensuring that both onion
routing works and infinite routing loops do not crash the kernel. We
also add a test case for wireguard interfaces nesting packets and
sending traffic between each other, as well as the loop in this case
too. We make sure to send some throughput-heavy traffic for this use
case, to stress out any possible recursion issues with the locks around
workqueues.

* send: cond_resched() when processing tx ringbuffers

Users with pathological hardware reported CPU stalls on CONFIG_
PREEMPT_VOLUNTARY=y, because the ringbuffers would stay full, meaning
these workers would never terminate. That turned out not to be okay on
systems without forced preemption. This commit adds a cond_resched() to
the bottom of each loop iteration, so that these workers don't hog the
core. We don't do this on encryption/decryption because the compat
module here uses simd_relax, which already includes a call to schedule
in preempt_enable.

* selftests: initalize ipv6 members to NULL to squelch clang warning

This fixes a worthless warning from clang.

* send/receive: use explicit unlikely branch instead of implicit coalescing

Some code readibility cleanups.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit 4f6343ffe7)
2020-05-07 13:50:33 +02:00
Jason A. Donenfeld
b956f6bd13 wireguard: bump to 20191226
As announced on the mailing list, WireGuard will be in Linux 5.6. As a
result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is
moving to its own wireguard-tools repo. Meanwhile, the out-of-tree
kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux-
compat repo. Yesterday, releases were cut out of these repos, so this
commit bumps packages to match. Since wg(8) and the compat kernel module
are versioned and released separately, we create a wireguard-tools
Makefile to contain the source for the new tools repo. Later, when
OpenWRT moves permanently to Linux 5.6, we'll drop the original module
package, leaving only the tools. So this commit shuffles the build
definition around a bit but is basically the same idea as before.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit ea980fb9c6)
2020-05-07 13:49:49 +02:00
Hans Dedecker
c61fbdd087 odhcpd: fix PKG_SOURCE_DATE
Fixes: 5e8b50da15 (odhcpd : fix lan host reachibility due to identical RIO and PIO prefixes (FS#3056))

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-05-07 08:02:06 +02:00
Hans Dedecker
5e8b50da15 odhcpd: fix lan host reachibility due to identical RIO and PIO prefixes (FS#3056)
49e4949 router: fix Lan host reachibility due to identical RIO and PIO prefixes (FS#3056)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-05-06 21:22:10 +02:00
Jo-Philipp Wich
ac5d5d8d09 ustream-ssl: update to 19.07 Git HEAD
40b563b ustream-openssl: clear error stack before SSL_read/SSL_write
30cebb4 ustream-ssl: mbedtls: fix ssl client verification
77de09f ustream-ssl: mbedtls: fix net_sockets.h include warning

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-06 20:24:38 +02:00
Jo-Philipp Wich
a6caa8fad1 uhttpd: update to 19.07 Git HEAD
975dce2 client: allow keep-alive for POST requests
d062f85 file: poke ustream after starting deferred program

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-06 20:24:38 +02:00
Rafał Miłecki
3b9e4d6d4c fstools: update to the latest version
eec16e2 blockd: add optional "device" parameter to "info" ubus method
9ab936d block(d): always call hotplug.d "mount" scripts from blockd
4963db4 blockd: use uloop_process for calling /sbin/hotplug-call mount
cddd902 Truncate FAT filesystem label until 1st occurance of a blank (0x20)

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c3a43753b9)
2020-05-06 17:51:38 +02:00
Chuanhong Guo
d9244a1b5b generic: ar8216: fix unknown packet flooding for ar8229/ar8236
ar8229 and ar8236 don't allow unknown unicast/multicast frames and
broadcast frames to be flooded to cpu port. This isn't desired behavior
for swconfig as we treat it as a standalone switch.
Current code doesn't enable unicast frame flooding for ar8229 and uses
wrong setup for ar8236. This commit fixes both of them by enabling port
0 flooding for all unknown frames.

Fixes: FS#2848
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit 47f17b0662)
2020-05-06 09:06:17 +08:00
Jo-Philipp Wich
429e4490c4 libpcap: fix library packaging issues
Workaround a bug in patches/100-debian_shared_lib.patch - it attemptss to
extract the library major version from debian/changelog which does not exist
in the vanilla upstream tarball.

Create a fake changelog file for now to satisfy the version extraction
routine until we get around to properly augment the patch.

Fixes: FS#2970
Fixes: 96ee7c8bfd ("libpcap: Update shared-lib patch from Debian to fix linking problems")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-06 00:51:35 +02:00
Petr Štetiar
e678cb1595 kernel: bump 4.14 to 4.14.179
Runtime-tested on: qemu-x86-64
Compile-tested on: x86/64

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-05 22:08:01 +02:00
Rafał Miłecki
8fa4ed9ef7 fstools: update to the latest version
8b9e601 block: always use st_dev (device ID) of / when looking for root
37c9148 block: simplify check_extroot() a bit
d70774d block: add some basic extroot documentation
32db27d Revert "block: support hierarchical mount/umount"
0b93429 Revert "block: mount_action: handle mount/umount deps"

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9295ce7006)
2020-05-05 13:07:40 +02:00
Felix Fietkau
5c6dfb5bc0 fstools: update to the latest version
84965b92f635 blockd: print symlink error code and string message
62c578c22f9d blockd: report "target" path as "mount" for autofs available mounts
d1f1f2b38fa1 block: remove mount target file if it's a link
830441d790d6 blockd: remove symlink linkpath file if it's a dir or link
c80f7002114f libfstools/mtd: attempt to read from OOB data if empty space is found

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit b7d6e80fee)
2020-05-05 13:07:40 +02:00
Hauke Mehrtens
607809dcdc mac80211: Update to version 4.19.120
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-05 00:05:28 +02:00
Paul Spooren
96d280cc37 scripts/download: add sources CDN as first mirror
OpenWrt now has a CDN for sources at sources.cdn.openwrt.org which
mirrors sources.openwrt.org.

Downloading sources outside Europe or US (mainland) could
result in low throughput, extremely slowing down the first compilation of
the build system.

This patch adds sources.cdn.openwrt.org as the first mirror to offer
worldwide fast download speeds by default. If the CDN goes down for
whatever reason, the script jumps to the next available mirror and
downloads requested files as before (in regional varying speed).

Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit c737a9ee6a)
2020-05-05 00:05:28 +02:00
Hauke Mehrtens
55ccb04046 upgs: Remove extra _DEFAULT_SOURCE definition
This extra _DEFAULT_SOURCE definition results in a double definition
which is a compile error.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
ugps-2019-06-25-cd7eabcd/nmea.c:19: error: "_DEFAULT_SOURCE" redefined [-Werror]
 #define _DEFAULT_SOURCE

<command-line>: note: this is the location of the previous definition
cc1: all warnings being treated as errors

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 70a962ca6f)
2020-05-05 00:05:28 +02:00
Hauke Mehrtens
ee480c50c1 dante: Fix compile with glibc
When compiled with glibc the config_scan.c wants to use the
cpupolicy2numeric() function which is only available when
HAVE_SCHED_SETSCHEDULER is set. It looks like the wrong define was used here.

This fixes a build problem with glibc in combination with the force
ac_cv_func_sched_setscheduler=no in the OpenWrt CONFIGURE_VARS.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
/bin/ld: config_scan.o: in function `socks_yylex':
dante-1.4.1/sockd/config_scan.l:461: undefined reference to `cpupolicy2numeric'
collect2: error: ld returned 1 exit status
make[5]: *** [Makefile:522: sockd] Error 1

Fixes: aaf46a8fe2 ("dante: disable sched_getscheduler() - not implemented in musl")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit ce1798e915)
2020-05-05 00:05:28 +02:00
Yangbo Lu
5f0e25d966 perf: build with NO_LIBCAP=1
Build with NO_LIBCAP=1. This is to resolve build issue.

Package perf is missing dependencies for the following libraries:
libcap.so.2

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
(cherry picked from commit 80f128d2aa)
2020-05-05 00:05:28 +02:00
Linus Lüssing
005adba939 mac80211: ath10k: increase rx buffer size to 2048
Before, only frames with a maximum size of 1528 bytes could be
transmitted between two 802.11s nodes.

For batman-adv for instance, which adds its own header to each frame,
we typically need an MTU of at least 1532 bytes to be able to transmit
without fragmentation.

This patch now increases the maxmimum frame size from 1528 to 1656
bytes.

Tested with two ath10k devices in 802.11s mode, as well as with
batman-adv on top of 802.11s with forwarding disabled.

Fix originally found and developed by Ben Greear.

Link: https://github.com/greearb/ath10k-ct/issues/89
Link: 9e5ab25027
Cc: Ben Greear <greearb@candelatech.com>
Signed-off-by: Linus Lüssing <ll@simonwunderlich.de>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit 066ec97167)
2020-05-05 00:05:26 +02:00
Matt Merhar
0974d59b5f kernel: backport fix for non-regular inodes on f2fs
Upstream commit dda9f4b9ca ("f2fs: fix to skip verifying block address
for non-regular inode").

On 4.14, attempting to perform operations on a non-regular inode
residing on an f2fs filesystem, such rm-ing a device node, would fail
and lead to a warning / call trace in dmesg. This fix was already
applied to other kernels upstream - including 4.19, from which the patch
was taken.

More info at https://bugzilla.kernel.org/show_bug.cgi?id=202495.

Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
(cherry picked from commit ee500186a5)
2020-05-04 22:40:41 +02:00
Adrian Schmutzler
f40947a8c0 ath79: indicate boot/failsafe/upgrade for NanoBeam/Nanostation AC
Like for Ubiquiti PowerBeam 5AC Gen2, the highest RSSI LED can
be exploited to indicate boot/failsafe/upgrade for the NanoBeam AC
and Nanostation AC as well.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 80a094aaf3)
2020-05-04 21:31:04 +02:00
Adrian Schmutzler
65cf72d5d2 ath79: add SUPPORTED_DEVICES based on ar71xx for some devices
This adds some still-missing board names for old TP-Link devices
to ath79 SUPPORTED_DEVICES.

Fixes: FS#3017

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 522f6b7eee)
2020-05-04 21:25:38 +02:00
Petr Štetiar
f9ef0c5705 kernel: bump 4.14 to 4.14.178
Refreshed all patches and removed upstreamed:

 oxnas/001-irqchip-versatile-fpga-Handle-chained-IRQs-properly.patch
 oxnas/002-irqchip-versatile-fpga-Apply-clear-mask-earlier.patch

Fixes: CVE-2020-12114 and CVE-2020-11669

Runtime-tested on: qemu-x86-64
Compile-tested on: ath79/generic, x86/64, imx6

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-04 21:05:21 +02:00
Antonio Quartulli
2df0ea042d wpad-wolfssl: fix crypto_bignum_sub()
Backport patch from hostapd.git master that fixes copy/paste error in
crypto_bignum_sub() in crypto_wolfssl.c.

This missing fix was discovered while testing SAE over a mesh interface.

With this fix applied and wolfssl >3.14.4 mesh+SAE works fine with
wpad-mesh-wolfssl.

Cc: Sean Parkinson <sean@wolfssl.com>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 4b3b8ec81c)
2020-05-01 16:19:47 +01:00
Felix Fietkau
ec6cb33452 mac80211: backport fix for an no-ack tx status issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Tested-by: Jérôme Benoit <jerome.benoit@piment-noir.org> [WRT1900AC v1]
[added missing package version bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit e0ab33ea49)
2020-05-01 11:12:31 +02:00
Felix Fietkau
f141cdd200 hostapd: unconditionally enable ap/mesh for wpa-cli
Without this change, wpa-cli features depend on which wpad build variant was
used to build the wpa-cli package

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Tested-by: Jérôme Benoit <jerome.benoit@piment-noir.org> [WRT1900AC v1]
[added missing package version bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 03e9e4ba9e)
2020-05-01 11:12:31 +02:00
Petr Štetiar
54b6683390 wireless-regdb: backport three upstream fixes
Another release is overdue for quite some time, so I'm backporting three
fixes from upstream which I plan to backport into 19.07 as well.

Ref: FS#2880
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 76a0ddf130)
2020-05-01 11:12:31 +02:00
Petr Štetiar
55591e63bc curl: backport fix for CVE-2019-15601
On Windows, refuse paths that start with \\ ... as that might cause an
unexpected SMB connection to a given host name.

Ref: PR#2730
Ref: https://curl.haxx.se/docs/CVE-2019-15601.html
Suggested-by: Jerome Benoit <jerome.benoit@sap.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-01 11:12:31 +02:00
Pawel Dembicki
35ea808b97 uboot-kirkwood: fix ethernet and usb
Before 2019.01 version was introduced patch, which changes cache
routines: 93b283d4 ("ARM: CPU: arm926ejs: Consolidate cache
routines to common file"). Unfortunately that patch make ethernet
and usb in kirkwood broken.

This patch backport commit 599f7aa5 ("ARM: kirkwood: disable dcache
for Kirkwood boards"), which are fix for that problem.

Fixes: dc08514e6d ("uboot-kirkwood: update to 2019.01")

Run tested: pogoplugv4

Tested-by: Cezary Jackiewicz <cezary@eko.one.pl> [nsa310]
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-05-01 11:12:31 +02:00
Chuanhong Guo
5feb0df9bb ramips: remove memory node for ZBT MT7621 devices
It's known that ZBT sells 256M variants of these routers. As a result,
our images won't be able to boot on these routers.
This commit removes memory node for them. With previously backported
memory detection patch, kernel is able to detect memory size itself.

Fixes: FS#3053
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-04-28 11:02:56 +08:00
Sungbo Eo
b80a98ae7f ramips: remove unnecessary DEVICE_PACKAGES for Belkin F7C027
kmod-usb-dwc2 and kmod-usb-ledtrig-usbport are not target default packages, and
Belkin F7C027 does not have a USB port anyway. Just drop it.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 1dedad2a00)
2020-04-27 22:38:47 +02:00
Sungbo Eo
bfe652c5bd oxnas: move service file to correct place
This service file has been misplaced from the very beginning.

Fixes: dcc34574ef ("oxnas: bring in new oxnas target")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 01961f163d)
2020-04-27 22:38:34 +02:00
Kevin Darbyshire-Bryant
5b4e4a38d8 relayd: bump to version 2020-04-25
f4d759b dhcp.c: further improve validation

Further improve input validation for CVE-2020-11752

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 9e7d11f3e2)
2020-04-27 10:58:16 +01:00
Kevin Darbyshire-Bryant
4e5a29827f umdns: update to version 2020-04-25
cdac046 dns.c: fix input validation fix

Due to a slight foobar typo, failing to de-reference a pointer, previous
fix not quite as complete as it should have been.

Improve CVE-2020-11750 fix

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 9f7c8ed078)
2020-04-27 10:58:15 +01:00
Henrique de Moraes Holschuh
c2efc973d5 dnsmasq: fix dnssec+ntp chicken-and-egg workaround (FS#2574)
Fix the test for an enabled sysntp initscript in dnsmasq.init, and get
rid of "test -o" while at it.

Issue reproduced on openwrt-19.07 with the help of pool.ntp.br and an
RTC-less ath79 router.  dnssec-no-timecheck would be clearly missing
from /var/etc/dnsmasq.conf.* while the router was still a few days in
the past due to non-working DNSSEC + DNS-based NTP server config.

The fix was tested with the router in the "DNSSEC broken state": it
properly started dnsmasq in dnssec-no-timecheck mode, and eventually ntp
was able to resolve the server name to an IP address, and set the system
time.  DNSSEC was then enabled by SIGINT through the ntp hotplug hook,
as expected.

A missing system.ntp.enabled UCI node is required for the bug to show
up.  The reasons for why it would be missing in the first place were not
investigated.

Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(cherry picked from commit 556b8581a1)
2020-04-25 20:51:46 +02:00
Petr Štetiar
6c020577ae libpcap: fix build breakage with very high number of simultaneous jobs
Building libpcap with high number (64) of simultaneous jobs fails:

 In file included from ./fmtutils.c:42:0:
 ./ftmacros.h:106:0: warning: "_BSD_SOURCE" redefined
   #define _BSD_SOURCE

 <command-line>:0:0: note: this is the location of the previous definition
 ./gencode.c:67:10: fatal error: grammar.h: No such file or directory
  #include "grammar.h"
           ^~~~~~~~~~~
 compilation terminated.
 Makefile:99: recipe for target 'gencode_pic.o' failed

So fix this by less intrusive way by disabling the parallel builds for
this package.

Ref: FS#3010
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-25 13:59:19 +02:00
Petr Štetiar
efe837de84 openssl: bump to 1.1.1g
Fixes NULL dereference in SSL_check_chain() for TLS 1.3, marked with
high severity, assigned CVE-2020-1967.

Ref: https://www.openssl.org/news/secadv/20200421.txt
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 3773ae127a)
2020-04-21 23:05:20 +02:00
Kevin Darbyshire-Bryant
1df49d98e7 relayd: bump to version 2020-04-20
796da66 dhcp.c: improve input validation & length checks

Addresses CVE-2020-11752

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit be172e663f)
2020-04-20 11:34:43 +01:00
Kevin Darbyshire-Bryant
b71c7c261b umdns: update to version 2020-04-20
e74a3f9 dns.c: improve input validation

Addresses CVE-2020-11750

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 533da61ac6)
2020-04-20 11:34:13 +01:00
Kevin Darbyshire-Bryant
b6d8119c53 umdns: update to the version 2020-04-05
ab7a39a umdns: fix unused error
45c4953 dns: explicitly endian-convert all fields in header and question

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 22ae8bd50e)
(cherry picked from commit 17c4593e63f5847868f2c38185275199d37d379a)
2020-04-20 11:34:13 +01:00
Kevin Darbyshire-Bryant
ef3df27507 umdns: suppress address-of-packed-member warning
gcc 8 & 9 appear to be more picky with regards access alignment to
packed structures, leading to this warning in dns.c:

dns.c:261:2: error: converting a packed ‘struct dns_question’ pointer
(alignment 1) to a ‘uint16_t’ {aka ‘short unsigned int’} pointer
(alignment 2) may result in an unaligned pointer value
[-Werror=address-of-packed-member]

261 |  uint16_t *swap = (uint16_t *) q;

Work around what I think is a false positive by turning the warning off.
Not ideal, but not quite as not ideal as build failure.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 02640f0147)
(cherry picked from commit a10b6ec1c8cd6d14a3b76a2ec3d81442b85f7321)
2020-04-20 11:34:13 +01:00
Hans Dedecker
55312cc202 binutils: add ALTERNATIVES for strings (FS#3001)
Don't move strings anymore to /bin/strings to avoid clash with
busybox /usr/bin/strings but move it to /usr/bin/binutils-strings.
Use ALTERNATIVES support to install it as /usr/bin/strings

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 5f126c541a)
2020-04-18 13:12:42 +02:00
Magnus Kroken
3b6f079d8d mbedtls: update to 2.16.6
Security fixes for:
* CVE-2020-10932
* a potentially remotely exploitable buffer overread in a DTLS client
* bug in DTLS handling of new associations with the same parameters

Full release announement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit 02fcbe2f3d)
2020-04-18 00:18:13 +02:00
Tomasz Maciej Nowak
67ed408af2 mvebu: cortexa9: correct cpu subtype
Armada 370  processors have only 16 double-precision registers. The
change introduced by 8dcc108760 ("toolchain: ARM: Fix toolchain
compilation for gcc 8.x") switched accidentally the toolchain for mvebu
cortexa9 subtarget to cpu type with 32 double-precision registers. This
stems from gcc defaults which assume "vfpv3-d32" if only "vfpv3" as mfpu
is specified. That change resulted in unusable image, in which kernel
will kill userspace as soon as it causing "Illegal instruction".

Ref: https://forum.openwrt.org/t/gcc-was-broken-on-mvebu-armada-370-device-after-commit-on-2019-03-25/43272
Fixes: 8dcc108760 ("toolchain: ARM: Fix toolchain compilation for
gcc 8.x")
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(cherry picked from commit 2d61f8821c)
2020-04-18 00:18:13 +02:00
Tomasz Maciej Nowak
dee8fcfe9f tegra: correct cpu subtype
Tegra 2 processors have only 16 double-precision registers. The change
introduced by 8dcc108760 ("toolchain: ARM: Fix toolchain compilation
for gcc 8.x") switched accidentally the toolchain for tegra target to cpu
type with 32 double-precision registers. This stems from gcc defaults
which assume "vfpv3-d32" if only "vfpv3" as mfpu is specified. That
change resulted in unusable image, in which kernel will kill userspace as
soon as it causing "Illegal instruction".

Ref: https://forum.openwrt.org/t/gcc-was-broken-on-mvebu-armada-370-device-after-commit-on-2019-03-25/43272
Fixes: 8dcc108760 ("toolchain: ARM: Fix toolchain compilation for
gcc 8.x")
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(cherry picked from commit 43d1d88510)
2020-04-18 00:18:13 +02:00
Joel Johnson
d8e0b015e8 mvebu: backport ClearFog SPI enablement
Backport Device Tree change first added in kernel 4.19 to enable the SPI
device on ClearFog devices by default. This is tested and working in
snapshot builds with kernel 5.4+, include the change in future 19.07
patch releases.

Signed-off-by: Joel Johnson <mrjoel@lixil.net>
2020-04-18 00:18:13 +02:00
Koen Vandeputte
0232f57e1a kernel: bump 4.14 to 4.14.176
Refreshed all patches.

Remove upstreamed:
- 0001-net-thunderx-workaround-BGX-TX-Underflow-issue.patch
- 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch
- 003-ARM-dts-oxnas-Fix-clear-mask-property.patch

Fixes:
- CVE-2020-8647
- CVE-2020-8648 (potentially)
- CVE-2020-8649

Compile-tested on: cns3xxx, octeontx
Runtime-tested on: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-04-16 13:23:52 +02:00
Adrian Schmutzler
286c407c3d ath79: add SUPPORTED_DEVICES for TP-Link TL-WA901ND v2
This adds the board name from ar71xx to support upgrade without
-F for the TP-Link TL-WA901ND v2.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 508462a399)
2020-04-15 13:02:05 +02:00
Josef Schlehofer
02c6deab8c mbedtls: update to version 2.16.5
Changelog:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released

Security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 36af1967f5)
2020-04-13 21:14:29 +02:00
Adrian Schmutzler
01b624e28e Revert "ramips: disable ZyXel Keenetic by default"
This reverts commit c38074de92.

Since ZyXEL Keenetic has actually 8 MiB flash as fixed in the
previous patch, we can re-enable it.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-12 13:46:34 +02:00