Commit Graph

45711 Commits

Author SHA1 Message Date
Klaus Kudielka
ebe8cc2b2a mvebu: fixup Turris Omnia U-Boot environment
Fixup dfa357a3de "mvebu: base-files: Update Turris Omnia U-Boot
environment" which should have included this file as well.

By rebasing the initial patch this file somehow disappeared.

Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tested-by: W. Michael Petullo <mike@flyn.org> (Turris Omnia "2020")
Tested-by: Klaus Kudielka <klaus.kudielka@gmail.com> (Turris Omnia)
[explain fixup in commit message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(backported from commit 485ce5bbe5)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-12-04 17:57:25 +01:00
Klaus Kudielka
f10332c292 mvebu: base-files: Update Turris Omnia U-Boot environment
Move the update procedure from sysupgrade to first boot, which is much
more convenient in the sysupgrade case (otherwise the environment is
always one generation behind).

Check whether we have an old U-Boot release installed, and update the
environment only if necessary.

Some notes on the U-Boot environment:

The first 9 lines are a copy of the default environment of the old U-Boot
release - only modified, to run "distro_bootcmd", in case "mmcboot" fails
to boot the factory OS.

The remaining 16 lines are a backport of the default environment of the
new U-Boot release (shipped with CZ11NIC23). The main entry point is
"distro_bootcmd", which eventually sources boot.scr. This way, we have
a unified boot protocol for all Turris Omnia revisions so far.

This commit also fixes a shortcoming of previous Turris Omnia support:

Users may install OpenWrt with the Turris Omnia in factory state
(i.e. invalid environment store). In that case, neither fw_setenv, nor
U-Boot itself, would import the default environment from the image -
screwing up the rescue system, at least!

Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tested-by: W. Michael Petullo <mike@flyn.org> (Turris Omnia "2020")
Tested-by: Klaus Kudielka <klaus.kudielka@gmail.com> (Turris Omnia)
(cherry picked from commit dfa357a3de)
2020-12-04 17:57:25 +01:00
Klaus Kudielka
ca1ee39854 mvebu: Add turris-omnia.bootscript
In contrast to the U-Boot version shipped with older versions of Turris
Omnia (CZ11NIC13, CZ11NIC20), the version shipped with Turris Omnia 2019
(CZ11NIC23) relies on the existence of /boot.scr.

Consequently, add a suitable boot script to the sysupgrade image.

Flash instructions for Turris Omnia 2019:
- Download openwrt-...-sysupgrade.img.gz, gunzip it, and copy the resulting
  .img file to the root of a USB flash drive (FAT32 or ext2/3/4).
- Enter a rescue shell: Either via 5-LED reset and ssh root@192.168.1.1
  on LAN port 4, or via 7-LED reset and the serial console.
- Insert the USB drive and mount it:
  mkdir /mnt; mount /dev/sda1 /mnt
- Flash the OpenWrt image to eMMC:
  dd if=/mnt/openwrt-...-sysupgrade.img of=/dev/mmcblk0 bs=4096 conv=fsync
- Reboot.

Flash instructions using a temporary "medkit" installation were written for
the older versions of Turris Omnia, and will *not* work on the Turris Omnia
2019.

Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tested-by: W. Michael Petullo <mike@flyn.org> (Turris Omnia "2020")
(cherry picked from commit afd4375a33)
2020-12-04 17:57:25 +01:00
Klaus Kudielka
f61e053e72 uboot-envtools: mvebu: update uci defaults for Turris Omnia
On the Turris Omnia 2019, u-boot environment is located at 0xF0000, instead
of 0xC0000. The switch happened with u-boot-omnia package version 2019-04-2
(May 10, 2019).

Check the installed u-boot release, and set the default accordingly.

Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
[bump PKG_RELEASE, use lower case for hex offset]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 04d3b517dc)
2020-12-04 17:57:25 +01:00
Kuan-Yi Li
f1525e785e kernel: backport GD25Q256 support from 4.15
Backport below changes for GigaDevice GD25Q256 support from v4.15:

  e27072851bf7 mtd: spi-nor: add a quad_enable callback in struct flash_info
  65153846b18c mtd: spi-nor: add support for GD25Q256

This chip is used on newer Quad-E4G boards.

Before:

[    2.366493] m25p80 spi0.0: unrecognized JEDEC id bytes: c8, 40, 19
[    2.372853] m25p80: probe of spi0.0 failed with error -2

After:

[    2.371722] m25p80 spi0.0: gd25q256 (32768 Kbytes)
[    2.376694] 5 fixed-partitions partitions found on MTD device spi0.0
[    2.383043] Creating 5 MTD partitions on "spi0.0":
[    2.387824] 0x000000000000-0x000000030000 : "u-boot"
[    2.394138] 0x000000030000-0x000000031000 : "u-boot-env"
[    2.400608] 0x000000031000-0x000000040000 : "config"
[    2.406830] 0x000000040000-0x000000050000 : "factory"
[    2.413169] 0x000000050000-0x000002000000 : "firmware"

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
2020-12-01 21:59:30 +01:00
Hauke Mehrtens
c72b7a4f0d kernel: bump 4.14 to 4.14.209
Refreshed all patches.

Altered patches:
- 804-i2c-support-layerscape.patch

Compile-tested on: ipq40xx, ath79, layerscape/armv8_64b
Runtime-tested on: ipq40xx, ath79

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-12-01 21:57:55 +01:00
Alberto Bursi
c420f77678 wireguard-tools: fix category/description in menuconfig
wireguard-tools is trying to import the menuconfig section
from the wireguard package, but since it's not anymore in
the same makefile this seems to fail and wireguard-tools
ends up in "extra packages" category instead with other
odds and ends.

Same for the description, it's trying to import it from the
wireguard package but it fails so it only shows the line
written in this makefile.

remove the broken imports and add manually the entries
and description they were supposed to load

Fixes: ea980fb9c6 ("wireguard: bump to 20191226")

Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
[fix trailing whitespaces, add Fixes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit a4d52522c7)
2020-12-01 13:31:18 +01:00
David Bauer
0ce0d687de ipq40xx: disable double-tagging for PSGMII devices
This commit disables the double tagging recently backported to 19.07.

Operating the switch on the S-Tag had the advantage of being able to
have separate VLANs for the same C-VID on LAN and WAN. However, this
broke the ability to configure C-TAG modifications on the switch. Also
performance took a significant toll.

Fixes: commit 8c19171255 ("ipq40xx: fix ethernet vlan double tagging")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-30 15:27:58 +01:00
Jan Pavlinec
6703abb7ca tcpdump: patch CVE-2020-8037
This PR backports upstream fix for CVE-2020-8037.  This fix is only
relevant for tcpdump package, tcpdump-mini is not affeted by this issue.

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 5bb3cc749e)
2020-11-25 06:02:08 +01:00
Sven Eckelmann
b4698d87c8 kernel: mtd: parser: cmdline: Fix parsing of part-names with colons
Some devices (especially QCA ones) are already using hardcoded partition
names with colons in it. The OpenMesh A62 for example provides following
mtd relevant information via cmdline:

  root=31:11 mtdparts=spi0.0:256k(0:SBL1),128k(0:MIBIB),384k(0:QSEE),64k(0:CDT),64k(0:DDRPARAMS),64k(0:APPSBLENV),512k(0:APPSBL),64k(0:ART),64k(custom),64k(0:KEYS),0x002b0000(kernel),0x00c80000(rootfs),15552k(inactive) rootfsname=rootfs rootwait

The change to split only on the last colon between mtd-id and partitions
will cause newpart to see following string for the first partition:

  KEYS),0x002b0000(kernel),0x00c80000(rootfs),15552k(inactive)

Such a partition list cannot be parsed and thus the device fails to boot.

Avoid this behavior by making sure that the start of the first part-name
("(") will also be the last byte the mtd-id split algorithm is using for
its colon search.

Fixes: 9c718b5478 ("kernel: bump 4.14 to 4.14.200")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(backported from commit 223eec7e81)
2020-11-24 09:48:48 +01:00
Petr Štetiar
193adc94d1 ar71xx,ath79: refresh 910-unaligned_access_hacks.patch
Commit c9c7b4b394 ("kernel: add netfilter-actual-sk patch") has
touched net/ipv6/netfilter/ip6table_mangle.c which in turn has affected
910-unaligned_access_hacks.patch so the patch needs to be refreshed.

Fixes: c9c7b4b394 ("kernel: add netfilter-actual-sk patch")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-11-24 09:27:50 +01:00
Petr Štetiar
733a482733 musl: handle wcsnrtombs destination buffer overflow (CVE-2020-28928)
The wcsnrtombs function in all musl libc versions up through 1.2.1 has
been found to have multiple bugs in handling of destination buffer
size when limiting the input character count, which can lead to
infinite loop with no forward progress (no overflow) or writing past
the end of the destination buffera.

This function is not used internally in musl and is not widely used,
but does appear in some applications. The non-input-limiting form
wcsrtombs is not affected.

All users of musl 1.2.1 and prior versions should apply the attached
patch, which replaces the overly complex and erroneous implementation.
The upcoming 1.2.2 release will adopt this new implementation.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 4d4ef1058c)
2020-11-23 22:37:03 +01:00
Aaron Goodman
c9c7b4b394 kernel: add netfilter-actual-sk patch
Backport of linux kernel commit 46d6c5a to 4.14 kernel.

netfilter: use actual socket sk rather than skb sk when routing harder

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
2020-11-23 22:34:37 +01:00
Jo-Philipp Wich
a448ad7490 uhttpd: update to 19.07 Git HEAD
3abcc89 client: fix spurious keepalive connection timeouts

Fixes: FS#3443
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-11-20 22:53:04 +01:00
David Bauer
39c5635714 scripts: download.pl: retry download using filename
With this commit, the download script will try downloading source files
using the filename instead of the url-filename in case the previous
download attempt using the url-filename failed.

This is required, as the OpenWrt sources mirrors serve files using the
filename files might be renamed to after downloading. If the original
mirror for a file where url-filename and filename do not match goes
down, the download failed prior to this patch.

Further improvement can be done by performing this only for the
OpenWrt sources mirrors.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit d369993898)
2020-11-20 11:58:01 +01:00
Hauke Mehrtens
2a8279c161 layerscape: Fix check after kernel update
The fsl_destroy_mc_io() function was moved, add the new checks to the
moved copy and not just remove it.

Fixes: ac5297340e ("kernel: bump 4.14 to 4.14.206")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-16 19:31:23 +01:00
Koen Vandeputte
ac5297340e kernel: bump 4.14 to 4.14.206
Refreshed all patches.

Altered patches:
- 210-dwc2_defaults.patch
- 708-mc-bus-support-layerscape.patch

Fixes:
- CVE-2020-25656

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-11-16 09:35:05 +01:00
Roger Pueyo Centelles
589c3cf4e0 ath79: remove wmac mtd-mac-address for UniFi AC family
The MAC address for the wmac 2.4 GHz radio of the Ubiquiti UniFi AC
family of devices is actually embedded in the mtd-cal-data, so there
is no need for mtd-mac-address (which was incorrectly forcing wmac
to have the same MAC as eth0). This makes it coherent with the stock
firmware and the ar71xx target:

 · XX:XX:XX:X0:XX:XX eth0
 · XX:XX:XX:X1:XX:XX ath0/wlan1 (2.4 GHz)
 · XX:XX:XX:X2:XX:XX ath1/wlan0 (5 GHz)

Checked on a UniFi AC Mesh, a UniFi AC LR and a UniFi Lite.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
(cherry picked from commit 20ace70db6)
2020-11-12 18:04:50 +01:00
Sven Roederer
2a3dbded93 feeds: add freifunk feed
Read the freifunk packages, that have been moved from the LuCI feed
into its own feed in January 2019.
Use openwrt-19.07 branch of that repository for openwrt-19.07.

Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
(cherry picked from commit 221f97ff47)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-11 16:35:50 +00:00
David Bauer
ad3c2b9736 ath79: use correct firmware name for UniFi AP
The Ubiquiti UniFi AP does not have a AHB connected radio but a PCI one.
Also the EEPROM ist only 0x440 bytes of length.

Reported-by: Martin Weinelt <martin@darmstadt.freifunk.net>
Tested-by: Martin Weinelt <martin@darmstadt.freifunk.net>
Signed-off-by: David Bauer <mail@david-bauer.net>
(backported from commit 4c5eb1040f)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-11-11 17:32:25 +01:00
David Bauer
84ae238324 ramips: fix logic level for DIR-645 buttons
The D-Link DIR-645 currently uses an incorrect logic level for its
buttons.

Correct them in order to prevent unintentional activation of failsafe
mode.

Reported-by: Perry Melange <isprotejesvalkata@gmail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 929e8f0f55)
2020-11-11 17:28:30 +01:00
Adrian Schmutzler
c25e3275ac ath79: fix LED labels for PowerCloud CAP324
The order of function and color in the labels in inverted for the
LAN LEDs. Fix it.

Fixes: 915966d861 ("ath79: Port PowerCloud Systems CAP324 support")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 96023cd4ba)
2020-11-11 17:26:52 +01:00
Hauke Mehrtens
78c4c04dd7 uci: Backport security fixes
This packports two security fixes from master.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit f9005d4f80)
2020-10-28 23:22:44 +01:00
Andre Heider
3af9c5fefd uboot-envtools: mvebu: fix config for mainline u-boot
Mainline u-boot dynamically passes the mtd partitions via devicetree:
$ cat /proc/mtd
dev:    size   erasesize  name
mtd0: 003f0000 00001000 "firmware"
mtd1: 00010000 00001000 "u-boot-env"

Add support for this setup.

Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit 60c9a27cbc)
2020-10-28 23:22:44 +01:00
Andre Heider
7fbee0c7b2 mvebu: Add bootscript for espressobin to support mainline firmware
The generic bootscript is tailored around a downstream firmware and
doesn't work on a firmware built from mainline components.

Add a bootscript which:
* sets $console since mainline u-boot doesn't do that
* uses distro boot variables, so OpenWRT can be booted off any supported
  device when using a mainline firmware
* sets missing distro boot variables for the downstream firmware

Booting with a downstream firmware is unchanged.
Booting with a mainline firmware now works.

Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit c43b45863e)
2020-10-28 23:22:44 +01:00
Koen Vandeputte
14903d9d8c kernel: bump 4.14 to 4.14.202
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-10-21 15:34:11 +02:00
Tan Zien
03a029745f firmware: intel-microcode: update to 20200616
intel-microcode (3.20200616.1)

  * New upstream microcode datafile 20200616
    + Downgraded microcodes (to a previously shipped revision):
      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
      sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
  * Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3,
  * This update *removes* the SRBDS mitigations from the above processors
  * Note that Debian had already downgraded 0x406e3 in release 3.20200609.2

intel-microcode (3.20200609.2)

  * REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression
    * Microcode rollbacks (closes: LP#1883002)
      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
    * THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS
    * Avoid hangs on boot on (some?) Skylake-U/Y processors,
  * ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading,
    just in case.  Note that Debian does not do late loading by itself.
    Refer to LP#1883002 for the report, 0x806ec hangs upon late load.

intel-microcode (3.20200609.1)

  * SECURITY UPDATE
    * For most processors: SRBDS and/or VRDS, L1DCES mitigations depending
      on the processor model
    * For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and
      L1DCES mitigations, plus mitigations described in the changelog entry
      for package release 3.20191112.1.
    * Expect some performance impact, the mitigations are enabled by
      default.  A Linux kernel update will be issued that allows one to
      selectively disable the mitigations.
  * New upstream microcode datafile 20200609
    * Implements mitigation for CVE-2020-0543 Special Register Buffer Data
      Sampling (SRBDS), INTEL-SA-00320, CROSSTalk
    * Implements mitigation for CVE-2020-0548 Vector Register Data Sampling
      (VRDS), INTEL-SA-00329
    * Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling
      (L1DCES), INTEL-SA-00329
    * Known to fix the regression introduced in release 2019-11-12 (sig
      0x50564, rev. 0x2000065), which would cause several systems with
      Skylake Xeon, Skylake HEDT processors to hang while rebooting
    * Updated Microcodes:
      sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552
      sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456
      sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528
      sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600
      sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336
      sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448
      sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768
      sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816
      sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224
      sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224
      sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448
      sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424
      sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424
      sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
      sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424
      sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
      sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424
  * Restores the microcode-level fixes that were reverted by release
    3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT)

intel-microcode (3.20200520.1)

  * New upstream microcode datafile 20200520
    + Updated Microcodes:
      sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432
      sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456

intel-microcode (3.20200508.1)

  * New upstream microcode datafile 20200508
    + Updated Microcodes:
      sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520
    * Likely fixes several critical errata on IceLake-U/Y causing system
      hangs

intel-microcode (3.20191115.2)

  * Microcode rollbacks (closes: #946515, LP#1854764):
    sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
  * Avoids hangs on warm reboots (cold boots work fine) on HEDT and
    Xeon processors with signature 0x50654.

intel-microcode (3.20191115.1)

  * New upstream microcode datafile 20191115
    + Updated Microcodes:
      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
      sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
      sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352
      sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352
      sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
      sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
      sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136

intel-microcode (3.20191113.1)

  * New upstream microcode datafile 20191113
    + SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details
      Adds microcode update for CFL-S (Coffe Lake Desktop)
      INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117
    + Updated Microcodes (previously removed):
      sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328

intel-microcode (3.20191112.1)

  * New upstream microcode datafile 20191112
    + SECURITY UPDATE
      - Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135
      - Implements TA Indirect Sharing mitigation, and improves the
        MDS mitigation (VERW)
      - Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271,
        CVE-2019-11139
      - Fixes SGX vulnerabilities and errata (including CVE-2019-0117)
    + CRITICAL ERRATA FIXES
      - Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except
        Ice Lake), causes a 0-3% typical perforance hit (can be as bad
        as 10%).  But ensures the processor will actually jump where it
        should, so don't even *dream* of not applying this fix.
      - Fixes AVX SHUF* instruction implementation flaw erratum
    + Removed Microcodes:
      sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
    + New Microcodes:
      sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992
      sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200
      sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040
      sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752
      sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400
      sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136
    + Updated Microcodes:
      sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376
      sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x2000065, size 34816
      sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200
      sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376
      sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728
      sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328
      sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328
      sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
      sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
    + Updated Microcodes (previously removed):
      sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
(cherry picked from commit e826e00765)
2020-10-18 00:07:23 +02:00
Tan Zien
95d60bf881 firmware: amd64-microcode: update to 20191218
amd64-microcode (3.20191218.1)

  * New microcode update packages from AMD upstream:
    + Removed Microcode updates (known to cause issues):
      sig 0x00830f10, patch id 0x08301025, 2019-07-11
  * README: update for new release

amd64-microcode (3.20191021.1)

  * New microcode update packages from AMD upstream:
    + New Microcodes:
      sig 0x00830f10, patch id 0x08301025, 2019-07-11
    + Updated Microcodes:
      sig 0x00800f12, patch id 0x08001250, 2019-04-16
      sig 0x00800f82, patch id 0x0800820d, 2019-04-16

amd64-microcode (3.20181128.1)

  * New microcode update packages from AMD upstream:
    + New Microcodes:
      sig 0x00800f82, patch id 0x0800820b, 2018-06-20

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
(cherry picked from commit 182c7d955f)
2020-10-18 00:07:16 +02:00
Hauke Mehrtens
dda5e3db19 firewall: options: fix parsing of boolean attributes
Boolean attributes were parsed the same way as string attributes,
so a value of { "bool_attr": "true" } would be parsed correctly, but
{ "bool_attr": true } (without quotes) was parsed as false.

Fixes FS#3284

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7f676b5ed6)
2020-10-16 21:37:22 +02:00
Koen Vandeputte
7dd822983b kernel: bump 4.14 to 4.14.201
Refreshed all patches.

Fixes:
- CVE-2020-14386

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-10-14 17:18:54 +02:00
Adrian Schmutzler
aee081e62e oxnas: fix qc_prep return in sata driver after kernel 4.14.200
This fixes a regression after a kernel change in 4.14.200 [1] that
led to build failure on oxnas/ox820:

  drivers/ata/sata_oxnas.c:2238:13: error: initialization of
  'enum ata_completion_errors (*)(struct ata_queued_cmd *)'
  from incompatible pointer type
  'void (*)(struct ata_queued_cmd *)' [-Werror=incompatible-pointer-types]
    .qc_prep = sata_oxnas_qc_prep,
               ^~~~~~~~~~~~~~~~~~
  drivers/ata/sata_oxnas.c:2238:13: note:
  (near initialization for 'sata_oxnas_ops.qc_prep')

Our local driver is changed the same way as prototyped in the
kernel patch, i.e. return type is changed and AC_ERR_OK return
value is added.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=306a1c5b5683c1d37565e575386139a64bdbec6f

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit f6ca57e4f4)
2020-10-12 11:31:19 +01:00
Felix Fietkau
6696fddfd9 mac80211: do not allow bigger VHT MPDUs than the hardware supports
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit caf727767a)
[Refreshed patch]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-10-12 09:45:54 +02:00
Koen Vandeputte
9c718b5478 kernel: bump 4.14 to 4.14.200
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-10-12 09:45:54 +02:00
Chuanhong Guo
b21bea7b1b ath79: ar8216: make switch register access atomic
reg accesses on integrated ar8229 sometimes fails. As a result, phy read
got incorrect port status and wan link goes down and up mysteriously.
After comparing ar8216 with the old driver, these local_irq_save/restore
calls are the only meaningful differences I could find and it does fix
the issue.
The same changes were added in svn r26856 by Gabor Juhos:
ar71xx: ag71xx: make switch register access atomic

As I can't find the underlying problem either, this hack is broght
back to fix the unstable link issue.
This hack is only suitable for ath79 mdio and may easily break the
driver on other platform. Limit it to ath79-only as a target patch.

Fixes: FS#2216
Fixes: FS#3226
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit 86fdc8abed)
2020-10-11 11:57:55 +08:00
Baptiste Jonglez
891022918d scripts: getver.sh: fix version based on stable branch
When building from a local branch based off the "openwrt-19.07" branch,
version computation is wrong, for instance:

    r10194+1004-c53f62b111

The number of local commits (1004 in this case) is wrong because it is
computed against master.  As a result, it wrongly counts *all* commits
since the beginning of the openwrt-19.07 branch as local commits.

The fix is to compare to the openwrt-19.07 branch instead, which gives the
expected result such as:

    r11192+6-8b0278a17e

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
[shorten commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-07 23:13:00 +02:00
Eneas U de Queiroz
8076fb59ab openssl: bump to 1.1.1h
This is a bug-fix release.  Patches were refreshed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 475838de1a)
2020-09-28 17:14:31 +02:00
Adrian Schmutzler
f4286d7bc2 ath79: fix rssi-low LED for My Net Range Extender
The LED color was missing in 01_leds.

Fixes: 745dee11ac ("ath79: add support for WD My Net Wi-Fi Range
Extender")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit d232a8ac7d)
2020-09-28 13:33:28 +02:00
Hauke Mehrtens
d82e6a2f10 kernel: Update to version 4.14.199
Compile and runtime tested on lantiq/xrx200 + ath79/generic.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-28 01:04:35 +02:00
Rozhuk Ivan
86b44028e2 comgt: fix hotplug event handling
Hotplug manager send: "remove" -> "add" -> "bind" events,
script interpret bind as "not add" = "remove" and mark device
as unavailable.

Signed-off-by: Rozhuk Ivan <rozhuk.im@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(cherry picked from commit 4821ff064b)
Fixes: FS#3351
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-09-19 19:48:27 +02:00
Jo-Philipp Wich
34a9652904 Revert "ramips: ethernet: fix to interrupt handling"
This reverts commit 7ac454014a.

The change reportedly causes regressions in ethernet performance.

Fixes: FS#3332
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-09-18 08:53:53 +02:00
Hauke Mehrtens
29b4104d69 OpenWrt v19.07.4: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-07 20:27:30 +02:00
Hauke Mehrtens
d5810aa613 OpenWrt v19.07.4: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-09-07 20:27:12 +02:00
Michael Yartys
ce6496d796 ath10k-ct-firmware: update firmware images
Not a large change from last time, but should fix at least one rare wave-2
crash.

Tested on Netgear R7800.

Signed-off-by: Michael Yartys <michael.yartys@gmail.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit 91aab77bf1)
[adapt variables and package names]
[remove changes to non-full htt-mgt variants because we did not backport
 a882bfce05 ("ath10k-ct-firmware: add htt-mgt variants")]
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Tested-by: Baptiste Jonglez <git@bitsofnetworks.org> [QCA9886, QCA9887]
2020-09-06 18:19:39 +02:00
Álvaro Fernández Rojas
b72077150d ath10k-ct-firmware: update firmware images
No release notes this time.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit 06f510df6e)
[adapt variables and package names because we did not backport
 2e5e9b459e ("ath10k-ct-firmware: rename ct-htt packages")]
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
2020-09-06 18:19:39 +02:00
Álvaro Fernández Rojas
ddc2af4505 ath10k-firmware: move CT firmwares to new package
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit 658e68f85c)
2020-09-06 18:19:39 +02:00
Álvaro Fernández Rojas
a43a39f531 ath10k-firmware: update ath10k-ct firmware images
Release notes for 017:

Wave-1:

 *  March 19, 2020:  Fix problem where power-save was not enabled when going off-channel to scan.
                     The problem was a boolean logic inversion in the chmgr code, a regression I introduced
                     a long time ago.

 *  March 19, 2020:  When scanning only on current working channel, do not bother with disable/enable
                     powersave.  This should make an on-channel scan less obtrusive than it was previously.

 *  March 23, 2020:  Fix channel-mgr use-after-free problem that caused crashes in some cases.  The crash
                     was exacerbated by recent power-save changes.

 *  March 23, 2020:  Fix station-mode power-save related crash:  backported the fix from 10.2 QCA firmware.

 *  March 23, 2020:  Attempt to better clean up power-save objects and state, especially in station mode.

Release notes for 016:

Wave-1 changes, some debugging code for a crash someone reported, plus:

*  February 28, 2020:  Fix custom-tx path when sending in 0x0 for rate-code.  Have tries == 0 mean
                        one try but NO-ACK (similar to how wave-2 does it).

wave-2:

 * Fixed some long-ago regressions related to powersave and/or multicast.  Maybe fix some
   additional multicast and/or tx-scheduling bugs.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Acked-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 84f4a783c6)
2020-09-06 18:19:39 +02:00
Michael Yartys
4b8a5bdc83 ath10k-firmware: update ath10k-ct firmware
This supports better per-chain noise floor reporting, which in turn allows for
better RSSI reporting in the driver.

Wave-2 fixes a long-standing rate-ctrl problem when connected to xbox (and probably other devices).

Wave-2 has fix for crash likely related to rekeying.

Wave-1 has some debugging code added where a user reported a crash.

Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>  [ipq806x+qca9984,ipq4019+qca9986]
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
(cherry picked from commit 1862263883)
2020-09-06 18:19:39 +02:00
Stefan Lippers-Hollmann
e4b47e12cb ath10k-firmware: update Candela Tech firmware images
The release notes since last time for wave-1:

 * No changes to wave-1, but I make a version .014 copy anyway to keep
   the makefile in sync.

The release notes since last time for wave-2:

 * December 16, 2019: Wave-2 has a fix to make setting txpower work
                      better. Before setting the power was ignored at
                      least some of the time (it also appeared to work
                      mostly, so I guess it was being correctly set in
                      other ways).

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit 6598264266)
2020-09-06 18:19:39 +02:00
NeilBrown
7ac454014a ramips: ethernet: fix to interrupt handling
The current code acknowledged interrupts *after* polling.
This is the wrong way around, and could cause an interrupt to
be missed.
This is not likely to be fatal as another packet, and so another
interrupt, should come along soon.  But maybe it is causing
problems, so let's fix it anyway.

Signed-off-by: NeilBrown <neil@brown.name>
(Note that this matches the upstream driver.)
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-09-06 17:11:34 +02:00
Hauke Mehrtens
f5afa593e7 hostapd: Fix compile errors after wolfssl update
This fixes the following compile errors after the wolfssl 4.5.0 update:
  LD  wpa_cli
../src/crypto/tls_wolfssl.c: In function 'tls_match_alt_subject':
../src/crypto/tls_wolfssl.c:610:11: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
    type = GEN_EMAIL;
           ^~~~~~~~~
           ENAVAIL
../src/crypto/tls_wolfssl.c:610:11: note: each undeclared identifier is reported only once for each function it appears in
../src/crypto/tls_wolfssl.c:613:11: error: 'GEN_DNS' undeclared (first use in this function)
    type = GEN_DNS;
           ^~~~~~~
../src/crypto/tls_wolfssl.c:616:11: error: 'GEN_URI' undeclared (first use in this function)
    type = GEN_URI;
           ^~~~~~~
../src/crypto/tls_wolfssl.c: In function 'wolfssl_tls_cert_event':
../src/crypto/tls_wolfssl.c:902:20: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
   if (gen->type != GEN_EMAIL &&
                    ^~~~~~~~~
                    ENAVAIL
../src/crypto/tls_wolfssl.c:903:20: error: 'GEN_DNS' undeclared (first use in this function)
       gen->type != GEN_DNS &&
                    ^~~~~~~
../src/crypto/tls_wolfssl.c:904:20: error: 'GEN_URI' undeclared (first use in this function)
       gen->type != GEN_URI)
                    ^~~~~~~
Makefile:2029: recipe for target '../src/crypto/tls_wolfssl.o' failed

Fixes: 00722a720c ("wolfssl: Update to version 4.5.0")
Reported-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit bc19481826)
2020-09-04 00:41:56 +02:00