Commit Graph

45323 Commits

Author SHA1 Message Date
David Bauer
c7cdbf29c0 uboot-fritz4040: update to 2019-09-07
572ff7f fritzcreator: actually add checksum spacer
6edce1a fritzcreator: replace obscure padding generation with something more portable
2ff189f add ASUS RT-AC58U "easy install" factory u-boot shim
b91f9c2 readd spi-nand support
486ae53 improve cmd_sysupgrade
b0933f1 replace sstrip with strip
882e48a do not include generated files into git
0c5aa5f fix bugs in ipq40xx_cdp.c

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit af63436d2d)
2019-09-25 22:50:52 +02:00
David Bauer
a48ed75d6c ipq40xx: abort ar40xx probe on missing PHYs
The ar40xx driver currently panics in case no QCA807x PHY has been
successfully probed. This happens when the external PHY is still
in reset when probing the ar40xx switch driver.

Note that this patch does not fix the root cause, ar40xx_probe now
simply fails instead of causing a kernel panic due to a nullpointer
dereference.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit e2c084cabc)
2019-09-25 22:50:24 +02:00
Koen Vandeputte
92953ae99f ath10k-ct: update to version 2019-09-09
5e8cd86f90da ath10k-ct: Backport ap-vlan code from 5.2 to 4.20 and 4.19 drivers.
0c518586bd7f ath10k-ct: Fix a few warning splats.

Adds AP VLAN.
Refreshed all patches.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-24 12:52:52 +02:00
Robert Marko
757fd85402 ath10k-firmware: update Candela Tech firmware images
This enables a feature flag in the wave-2 firmware wmi-services indicating it can send
software-encrypted raw frames.  This should in turn allow the AP-VLAN feature to work.

Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 7c930990af)
2019-09-24 12:52:52 +02:00
Koen Vandeputte
8a26f2a0a1 kernel: bump 4.14 to 4.14.146
Refreshed all patches.

Fixes:
- CVE-2019-14814
- CVE-2019-14815
- CVE-2019-14816
- CVE-2019-14821

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-24 12:52:52 +02:00
Etienne Champetier
d897b32139 kernel: add disable_eap_hack sysfs attribute
We are not sure if 640-bridge-only-accept-EAP-locally.patch is still needed
as a first step, add disable_eap_hack sysfs config to allow to disable it

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 7d542dc804)
2019-09-23 07:42:46 +02:00
Eneas U de Queiroz
b610572a9b openssl: bump to 1.1.1d
This version fixes 3 low-severity vulnerabilities:

- CVE-2019-1547: ECDSA remote timing attack
- CVE-2019-1549: Fork Protection
- CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
		 CMS_decrypt_set1_pkey

Patches were refreshed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit d868d0a5d7)
2019-09-23 07:42:30 +02:00
Adrian Schmutzler
0b9f3c28ef ath79: remove invalid uses of ath9k_patch_fw_mac_crc
Some ar9344-based devices are using ath9k_patch_fw_mac_crc, which
is meant to generate a checksum, for fixing their ath9k MAC
addresses.
However, those do not have a checksum field, and the calculated
checksum offset would be negative.

This patch will use ath9k_patch_fw_mac function for those devices.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit f8d8b3f85d)
2019-09-22 00:17:51 +02:00
Hauke Mehrtens
26c0bec13b hostapd: Fix AP mode PMF disconnection protection bypass
This fixes
* CVE-2019-16275 AP mode PMF disconnection protection bypass
https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a6981604b3)
2019-09-21 18:08:54 +02:00
Rosen Penev
dc076160f9 uClibc++: Remove faulty patch
This patch was originally added to fix compilation with v4l2rtspserver.
Turns out it was v4l2rtspserver that was broken, not uClibc++. This now
causes issues with a different package where the arguments are being
split.

Note that with this patch, shellcheck throws an error:

SC2068: Double quote array expansions to avoid re-splitting elements.

More: https://github.com/openwrt/packages/pull/9972#discussion_r324878373

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 977a8fc5fc)
2019-09-21 18:08:54 +02:00
Magnus Kroken
e105d03ee9 mbedtls: update to 2.16.3
Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch,
the issue has been fixed upstream.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit 49d96ffc5c)
2019-09-21 18:08:54 +02:00
Daniel Golle
44f32cd5e0 ltq-vdsl-fw: update firmware filename and download URL
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 4fc0a61ed3)
2019-09-21 15:14:51 +02:00
Alberto Bursi
e9c16e4e1f kernel: add module for Emulex OneConnect 10Gbit
add module to support Emulex OneConnect
common in 10Gbit SFP+ cards by Dell/HP/IBM
supports OneConnect OCe10xxx OCe11xxx OCe14xxx,
LightPulse LPe12xxx

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
(cherry picked from commit 827f47749b)
2019-09-21 08:41:49 +02:00
Koen Vandeputte
cd96cdaa60 kernel: bump 4.14 to 4.14.145
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-20 15:52:25 +02:00
Koen Vandeputte
d14aa19904 kernel: bump 4.14 to 4.14.144
Refreshed all patches.

Altered patches:
- 816-pcie-support-layerscape.patch

Fixes:
- CVE-2019-15030

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-20 13:16:45 +02:00
Jo-Philipp Wich
9cae5a8289 procd: fix invalid JSON filter expression in procd_running()
Since service and instance names may contain characters which are not allowed
in JSON path labels, such as dashes or spaces, change the filter expression
to array square bracket notation to properly match these cases as well.

Fixes: 2c3dd70741 ("procd: add procd_running() helper for checking running state")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c933b6d224)
2019-09-19 07:21:47 +02:00
Jo-Philipp Wich
c7e3ca59ab firewall: update to latest Git HEAD
383eb58 ubus: do not overwrite ipset name attribute
c26f890 firewall3: fix typo that affects ICMPv6 rules with numeric icmp_type
487bd0d utils: Fix string format message
4d0c703 firewall3: Fix some format string problems
8c404ef iptables.c: lock the xtables.lock
c1d3a4d utils: implement fw3_lock_path() & fw3_unlock_path()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[cherry picked and squashed from commits
 7db6559914,
 359bff6052,
 2cf209ce91,
 5ef9e4f107]
Ref: https://forum.openwrt.org/t/fw3-ipset-procd-objects/44044
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-18 10:59:17 +02:00
Rafał Miłecki
ad8b11213a procd: update to the latest git HEAD
62dc8c0 system: sysupgrade: send reply on error
2710c65 system: refuse sysupgrade with backup if it's unsupported

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 04e912d217)
2019-09-18 07:35:04 +02:00
David Bauer
250d57ac29 ramips: add factory image for NETGEAR R6220
This adds an easy-installation factory image for the NETGEAR R6220
router. The factory image can either be flashed via the vendor Web-UI or
the bootloader using nmrpflash.

Tested with NETGEAR V1.1.0.86 firmware.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 607dfdf211)
2019-09-16 21:43:39 +02:00
Dan Haab
11644ec8e1 brcm47xx: sysupgrade: support Luxul firmware format
Allow flashing Luxul devices using vendor firmware format.

Signed-off-by: Dan Haab <dan.haab@legrand.com>
(cherry picked from commit 95240c4933)
2019-09-16 21:38:41 +02:00
Dan Haab
f15441384c bcm53xx: sysupgrade: support Luxul firmware format
Allow flashing Luxul devices using vendor firmware format. The next step
will be building proper images once they are conirmed to work.

Signed-off-by: Dan Haab <dan.haab@legrand.com>
(cherry picked from commit bc5db7364d)
2019-09-16 16:02:26 +02:00
Rafał Miłecki
bece406c2f mac80211: brcmfmac: backport the last 5.4 changes
This makes brcmfmac use the same wiphy after PCIe reset to help user
space handle corner cases (e.g. firmware crash).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f39f4b2f6d)
2019-09-16 08:42:00 +02:00
Rafał Miłecki
efa2db42b2 ar71xx: fix typo in platform_do_upgrade_compex()
Fixes: a717428828 ("treewide: use new procd sysupgrade $UPGRADE_BACKUP variable")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 63d611390c)
2019-09-16 07:01:42 +02:00
Rafał Miłecki
c53a0ed5e3 treewide: sysupgrade: use $UPGRADE_BACKUP to check for backup
Now that $UPGRADE_BACKUP is set conditionally there is no need to check
the $UPGRADE_OPT_SAVE_CONFIG anymore. All conditions can be simplified.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a858db3136)
2019-09-16 05:57:08 +02:00
Rafał Miłecki
f69b855a75 procd: update to the latest git HEAD
b8238df sysupgrade: support "backup" attribute

This update requires "sysupgrade" method callers to pass "backup"
attribute if $UPGRADE_BACKUP is used in the project.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9785a9121d)
2019-09-16 05:56:25 +02:00
Rafał Miłecki
47a5f5c7e7 base-files: sysupgrade: pass "backup" ubus attribute
This explicitly tells procd what backup file should be used during
sysupgrade (if any). It's much more generic this way compared to the
magic /tmp/sysupgrade.tgz file that had to be created before a call.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c5223b26a4)
2019-09-16 05:56:25 +02:00
Hans Dedecker
0da990b773 odhcpd: retry failed PD assignments on addrlist change
88d9ab6 dhcpv6: retry failed PD assignments on addrlist change

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-15 20:50:25 +02:00
Felix Fietkau
169bb3d0cb scripts/feeds: fix accepting "-" in feed type string
Fixes a syntax error in processing the type src-git-full

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-09-15 19:55:00 +02:00
David Bauer
0e0f9ff93c ath79: fix UniFi AC LED mapping
The UniFi AC LED mapping is currently off. The blue/white LED are used
as WiFi indicators, while the vendor firmware does not feature WiFI
LEDs.

Instead, the LEDs are used to indicate the devices status. Align the LED
mapping to match the vendor firmware as good as possible.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 18fa749df8)
2019-09-15 12:31:56 +02:00
David Bauer
e1cf17b3ba iwinfo: update to latest Git HEAD
a88fb42 iwinfo: add device id for Qualcomm Atheros QCA9886
1b69d86 iwinfo: add device id for Qualcomm Atheros QCA9887

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 7db2f1a71f)
2019-09-15 12:31:56 +02:00
Koen Vandeputte
cf3b50377e ar71xx: make IRQ fixes target specific
Move the IRQ fix from generic to ar71xx specific.
Other targets like ath79 have specific pathes to delete this code.
This resulted in a build failure on ath79

Fixes: 00d48bcac0 ("ar71xx: Fix potentially missed IRQ handling during
dispatch")

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-14 17:10:41 +02:00
Koen Vandeputte
febf9de9cf ar71xx: fix potential IRQ misses during dispatch for qca953x
If both interrupts are set in the current implementation
only the 1st will be handled and the 2nd will be skipped
due to the "if else" condition.

Fix this by using the same approach as done for QCA955x
just below it.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 9e8c36557cc0582986862f5a36e17adf6db2b90e)
2019-09-13 16:39:44 +02:00
Koen Vandeputte
ca3c7a8868 ar71xx: Fix potentially missed IRQ handling during dispatch
If both interrupts are set in the current implementation
only the 1st will be handled and the 2nd will be skipped
due to the "if else" condition.

Fix this by using the same approach as done for QCA955x
just below it.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-13 16:39:44 +02:00
Koen Vandeputte
63c0a08d49 kernel: bump 4.14 to 4.14.143
Refreshed all patches.

Remove upstreamed:
- 390-v5.3-net-sched-fix-action-ipt-crash.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-13 16:39:44 +02:00
Rafał Miłecki
78d0d13c86 base-files: validate firmware for compatibility with backup
This allows platform code to check if firmware image can be used with
preserving a backup. It may be used e.g. when installing vendor
firmwares that won't restore appended backup archive.

Suggested-by: Luis Araneda <luaraneda@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1c510fe298)
2019-09-12 14:30:18 +02:00
Rafał Miłecki
3dac34de25 bcm53xx: extend firmware validation
This provides TRX validation result to the validation JSON. It also
prevents users from installing broken firmware files.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c19b9f9a26)
2019-09-12 14:30:18 +02:00
Rafał Miłecki
87fe1a560a brcm47xx: extend firmware validation
This provides TRX validation result, so final JSON may look like:
{
	"tests": {
		"fwtool_signature": true,
		"fwtool_device_match": true,
		"trx_valid": true
	},
	"valid": true,
	"forceable": true
}

It also prevents users from installing broken firmware files, e.g.:

root@OpenWrt:/# sysupgrade -F -n /tmp/TZ
Image metadata not found
Invalid image type. Please use firmware specific for this device.
Image check failed but --force given - will update anyway!
Commencing upgrade. Closing all shell sessions.
Firmware image is broken and cannot be installed

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit e68c1cebd1)
2019-09-12 14:30:18 +02:00
Rafał Miłecki
a717428828 treewide: use new procd sysupgrade $UPGRADE_BACKUP variable
It's a variable set by procd that should replace hardcoded
/tmp/sysupgrade.tgz.

This change requires the most recent procd with the commit 0f3c136
("sysupgrade: set UPGRADE_BACKUP env variable").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 641f6b6c26)
2019-09-12 13:27:29 +02:00
Rafał Miłecki
1b9a4f0cb4 treewide: when copying a backup file always specify dest name
$CONF_TAR shouldn't be assumed to always point to the sysupgrade.tgz.
This change makes code more generic and allows refactoring $CONF_TAR.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 62dbe361a1)
2019-09-12 13:26:39 +02:00
Rafał Miłecki
37caec2d5e treewide: don't hardcode "sysupgrade.tgz" file name
1) Add BACKUP_FILE and use it when copying an archive to be restored
   after sysupgrade (on the next preinit).
2) Use CONF_TAR for copying backup prepared by the /sbin/sysupgrade

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit bf39047872)
2019-09-12 13:25:27 +02:00
Yousong Zhou
f54bc3985a tools: mkimage: fix __u64 typedef conflict with new glibc
Including "sys/stat.h" from newer glibc will cause __u64 from linux uapi
header to be included, causing compilation failure for u-boot tools
USE_HOSTCC

Remove typedef for __u64 in include/compiler.h to fix the issue.  It should be
safe because as of u-boot-2018.03, no ref to __u64 is found under u-boot tools/
directory

Error message snippet follows

	  HOSTCC  tools/mkenvimage.o
	In file included from /usr/include/asm-generic/types.h:7,
			 from /usr/include/asm/types.h:5,
			 from /usr/include/linux/types.h:5,
			 from /usr/include/linux/stat.h:5,
			 from /usr/include/bits/statx.h:30,
			 from /usr/include/sys/stat.h:446,
			 from tools/mkenvimage.c:21:
	/usr/include/asm-generic/int-ll64.h:31:42: error: conflicting types for '__u64'
	   31 | __extension__ typedef unsigned long long __u64;
	      |                                          ^~~~~
	In file included from <command-line>:
	././include/compiler.h:69:18: note: previous declaration of '__u64' was here
	   69 | typedef uint64_t __u64;
	      |                  ^~~~~
	make[5]: *** [scripts/Makefile.host:116: tools/mkenvimage.o] Error 1

Ref: https://forum.openwrt.org/t/compile-error-19-07/44423
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1699194
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-09-12 02:25:03 +00:00
Koen Vandeputte
3b8239e93e Revert "ar71xx: use platform code for qca955x usb0 init"
This reverts commit af91a370de.

As Piotr Dymacz pointed out:

In QCA MIPS based WiSOCs, for first USB interface,
device/host mode can be selected _only_ in hardware
see description of 57c641ba6e

QCA955x and QCA9563, second USB can be switched to device
mode in software (tested and confirmed on real hardware).

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-12 00:24:08 +02:00
Tomislav Požega
9ba9a91343 ar71xx: qca955x pci init/reset fixes
Current ar724x code does the reset only on single pci bus, and
in case of qca9558 writes the wrong register (0x10 vs 0x0c).
This change allows the reset of second pci bus, commonly used in
Archer C7 devices, in case host controller is stuck in reset.
If the resetting controller on boot can solve any other issue it
can be enabled unconditionally by removing reset check before
ar724x_pci_hw_init is called.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
[refreshed to apply cleanly]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 76d870871cb12fc0c170e5fd23bce568adfaae6d)
2019-09-11 09:57:28 +02:00
Tomislav Požega
a3c3a8c5ab ar71xx: enable ddr wb flush on qca955x
Enable flushing of write buffers on qca955x. GPL code has 0x88 reg
defined for PCI flush which is likely an error since the device
freezes on boot. So use DS default value 0xA8 for PCI flush.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
(cherry picked from commit fe9e702dc94ece2a004f6db68d6fb9a94d9437cb)
2019-09-11 09:57:28 +02:00
Tomislav Požega
af91a370de ar71xx: use platform code for qca955x usb0 init
Switch from ci_usb_setup to generic platform initialization of
usb0 port.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
(cherry picked from commit 36a0cfd24be1cb79f221964ed2bfe12b98befff3)
2019-09-11 09:57:28 +02:00
Koen Vandeputte
2cd89cf0d7 kernel: bump 4.14 to 4.4.142
Refreshed all patches.

Remove upstreamed:
- 0032-usb-host-fotg2-restart-hcd-after-port-reset.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-09-11 09:57:28 +02:00
Hauke Mehrtens
e8c5e6177d hostapd: SAE/EAP-pwd side-channel attack update
Fixes this security problem:
* SAE/EAP-pwd side-channel attack update
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7bed9bf10f)
2019-09-10 21:55:02 +02:00
Hauke Mehrtens
a0c8494704 hostapd: Fix security problem in EAP-pwd
This fixes:
CVE-2019-11555 "EAP-pwd message reassembly issue with unexpected fragment"
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt

This should not affect OpenWrt in the default settings as we do not use
EAP-pwd.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 9f34bf51d6)
2019-09-10 21:54:58 +02:00
Adrian Schmutzler
d889cc9887 ramips: fix ethernet MAC address of ASUS RT-AC57U
This backports the only non-cosmetic fix from 6640e1c368
("ramips: clean and improve MAC address setup in 02_network").

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-09-09 21:12:23 +08:00
Adrian Schmutzler
79b9bc44d6 ramips: fix duplicate network setup for dlink, dir-615-h1
In 555ca422d1 ("ramips: fix D-Link DIR-615 H1 switch port
mapping"), port setup for dir-615-h1 was changed without removing
the old one. This was working as the new one was triggered earlier
than the old one.

(In the meantine, changed sorting during ramips rename patches
actually inversed that order.)

Anyway, just remove the wrong case now.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit e35e4a996e)
2019-09-09 21:12:23 +08:00