Commit Graph

42270 Commits

Author SHA1 Message Date
Koen Vandeputte
810ee3b84a kernel: bump 4.14 to 4.14.104
Refreshed all patches.

Altered patches:
- 332-arc-add-OWRTDTB-section.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-03-06 12:51:52 +01:00
Koen Vandeputte
5183df0dbf kernel: bump 4.9 to 4.9.161
Refreshed all patches.

Altered patches:
- 332-arc-add-OWRTDTB-section.patch

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-03-06 12:51:52 +01:00
Rafał Miłecki
eea538204b kernel: fix refcnt leak in LED netdev trigger on interface rename
Renaming a netdev-trigger-tracked interface was resulting in an
unbalanced dev_hold().

Example:
> iw phy phy0 interface add foo type __ap
> echo netdev > trigger
> echo foo > device_name
> ip link set foo name bar
> iw dev bar del
[  237.355366] unregister_netdevice: waiting for bar to become free. Usage count = 1
[  247.435362] unregister_netdevice: waiting for bar to become free. Usage count = 1
[  257.545366] unregister_netdevice: waiting for bar to become free. Usage count = 1

Above problem was caused by trigger checking a dev->name which obviously
changes after renaming an interface. It meant missing all further events
including the NETDEV_UNREGISTER which is required for calling dev_put().

This change fixes that by:
1) Comparing device struct *address* for notification-filtering purposes
2) Dropping unneeded NETDEV_CHANGENAME code (no behavior change)

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-03-06 06:08:15 +01:00
Daniel Golle
f1803e3492 oxnas: add SoC restart driver for reboot
Refresh oxnas kernel config while at it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(commit c1a8054114 "oxnas: add SoC restart driver for reboot" on master)
2019-03-03 18:14:45 +01:00
Daniel Golle
1bfe1ce5c4 oxnas: cheery-pick DTS improvements from master
4a954e8620 oxnas: dts: Unify naming of gpio-keys nodes
 9292822023 oxnas: dts: Unify naming of gpio-led nodes
 994428f395 oxnas: add missing NAND partitions
 858aebc0ef oxnas: unify MTD partition names
 e2fea41ad6 oxnas: fix forgotten MTD partition name
 42f2e07ba0 oxnas: cloudengines,pogoplug*: enable USB ports

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-03 18:14:41 +01:00
Koen Vandeputte
9ee8c8daf4 kernel: bump 4.14 to 4.14.103
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-25 17:34:25 +01:00
Koen Vandeputte
e2ba7a4b47 kernel: bump 4.9 to 4.9.160
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-25 17:34:25 +01:00
Koen Vandeputte
1be6ff6dc0 kernel: bump 4.14 to 4.14.102
Refreshed all patches.

Remove upstreamed:
- 272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch

Remove upstreamed hunks:
- 105-pinctrl-msm-fix-gpio-hog-related-boot-issues.patch

Fixes:
- CVE-2018-1000026

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-25 10:23:44 +01:00
Koen Vandeputte
e9cb40caa4 kernel: bump 4.9 to 4.9.159
Refreshed all patches.

Remove upstreamed:
- 023-1-smsc95xx-Use-skb_cow_head-to-deal-with-cloned-skbs.patch
- 023-6-ch9200-use-skb_cow_head-to-deal-with-cloned-skbs.patch
- 023-7-kaweth-use-skb_cow_head-to-deal-with-cloned-skbs.patch
- 050-usb-dwc2-Remove-unnecessary-kfree.patch
- 092-netfilter-nf_tables-fix-mismatch-in-big-endian-syste.patch
- 272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch

Fixes:
- CVE-2018-1000026

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-25 10:23:44 +01:00
Rafał Miłecki
d32bbd7477 mac80211: brcmfmac: backport 5.0 & 5.1 important changes/fixes
This backports the most important brcmfmac commits that:
1) Fix some bugs
2) Help debugging bugs

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-02-25 10:21:32 +01:00
Yousong Zhou
ce3a53c4f6 dnsmasq: prefer localuse over resolvfile guesswork
This makes it clear that localuse when explicitly specified in the
config will have its final say on whether or not the initscript should
touch /etc/resolv.conf, no matter whatever the result of previous
guesswork would be

(cherry picked from c17a68cc61)
Tested-by: Paul Oranje <por@oranjevos.nl>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Paul Oranje <por@oranjevos.nl>
2019-02-24 01:57:31 +00:00
Yousong Zhou
87fb8aea87 dnsmasq: allow using dnsmasq as the sole resolver
Currently it seems impossible to configure /etc/config/dhcp to achieve
the following use case

 - run dnsmasq with no-resolv
 - re-generate /etc/resolv.conf with "nameserver 127.0.0.1"

Before this change, we have to set resolvfile to /tmp/resolv.conf.auto
to achive the 2nd effect above, but setting resolvfile requires noresolv
being false.

A new boolean option "localuse" is added to indicate that we intend to
use dnsmasq as the local dns resolver.  It's false by default and to
align with old behaviour it will be true automatically if resolvfile is
set to /tmp/resolv.conf.auto

(cherry picked from 2aea1ada65f050d74a064e74466bbe4e8d)
Tested-by: Paul Oranje <por@oranjevos.nl>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Paul Oranje <por@oranjevos.nl>
2019-02-24 01:55:47 +00:00
Sven Eckelmann
405840631c build: Accept BIN_DIR parameter for legacy-images
BIN_DIR can be set to overwrite the output path for new images. This is an
advertised feature for the imagebuilder and is used by systems like
LibreMesh's chef.

The legacy images are build using a new sub-make which doesn't receive the
variable overwrites of the parent make process. As result, the BIN_DIR is
automatically defined to the default value from rules.mk. The images will
therefore not be placed in the output path which was selected by the user.

Providing BIN_DIR as an explicit variable override to the sub-make works
around this problem.

Fixes: 26c771452c ("image.mk: add LegacyDevice wrapper to allow legacy image building code to be used for device profiles")
Reported-by: Paul Spooren <mail@aparcar.org>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit 9a5a10eb69)
2019-02-20 18:41:37 +01:00
Adrian Schmutzler
bc3eb970ab ar71xx: Fix 5 GHz MAC address for Archer C60 v2
Looks like C60 v2 needs the MAC address to be calculated
manually, while the C60 v1 gets it correctly without manual
interference.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [added id]
(cherry picked from commit 319c5d7c49)
2019-02-20 18:41:37 +01:00
Koen Vandeputte
20f1b7d3f5 kernel: bump 4.14 4.14.101
Refreshed all patches.

Fixes:
- CVE-2019-3819

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-20 14:42:13 +01:00
Koen Vandeputte
d669be4654 kernel: bump 4.9 to 4.9.158
Refreshed all patches.

Fixes:
- CVE-2019-3819

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-20 14:42:13 +01:00
Koen Vandeputte
62feabecd8 kernel: bump 4.14 to 4.14.99
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-15 10:53:17 +01:00
Koen Vandeputte
9fb3710a8b kernel: bump 4.9 to 4.9.156
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-15 10:53:16 +01:00
Felix Fietkau
e5ace80759 mt76: update to the latest version
a9d4c0e mt76: mt76x2: avoid running DPD calibration if tx is blocked
4d7e13f mt76: explicitly disable energy detect cca during scan
e3c1aad mt76: run MAC work every 100ms
4e8766a mt76: clear CCA timer stats in mt76x02_edcca_init
e301f23 mt76: measure the time between mt76x02_edcca_check runs
74075ef mt76: increase ED/CCA tx block threshold

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-13 15:52:21 +01:00
Koen Vandeputte
fbb2186fbd kernel: bump 4.14 to 4.14.98
Refreshed all patches.

Remove upstreamed:
- 100-arm-cns3xxx-fix-writing-to-wrong-PCI-registers-after.patch

Altered patches:
- 721-phy_packets.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-13 10:30:04 +01:00
Koen Vandeputte
72870cc108 kernel: bump 4.9 to 4.9.155
Refreshed all patches.

Remove upstreamed:
- 100-arm-cns3xxx-fix-writing-to-wrong-PCI-registers-after.patch

Altered patches:
- 721-phy_packets.patch

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-13 10:30:04 +01:00
Rafał Miłecki
19a6c4b2b3 mac80211: brcmfmac: fix a possible NULL pointer dereference
This fixes a possible crash in the brcmf_fw_request_nvram_done():
[   31.687293] Backtrace:
[   31.689760] [<c004fb4c>] (__wake_up_common) from [<c004fc38>] (__wake_up_locked+0x1c/0x24)
[   31.698043]  r10:c6794000 r9:00000009 r8:00000001 r7:bf54dda0 r6:a0000013 r5:c78e7d38
[   31.705928]  r4:c78e7d3c r3:00000000
[   31.709528] [<c004fc1c>] (__wake_up_locked) from [<c00502a8>] (complete+0x3c/0x4c)
[   31.717148] [<c005026c>] (complete) from [<bf54590c>] (brcmf_fw_request_nvram_done+0x5c8/0x6a4 [brcmfmac])
[   31.726818]  r7:bf54dda0 r6:c6794000 r5:00001990 r4:c6782380
[   31.732544] [<bf545344>] (brcmf_fw_request_nvram_done [brcmfmac]) from [<c0204e40>] (request_firmware_work_func+0x38/0x60)
[   31.743607]  r10:00000008 r9:c6bdd700 r8:00000000 r7:c72c3cd8 r6:c67f4300 r5:c6bda300
[   31.751493]  r4:c67f4300
[   31.754046] [<c0204e08>] (request_firmware_work_func) from [<c0034458>] (process_one_work+0x1e0/0x318)
[   31.763365]  r4:c72c3cc0
[   31.765913] [<c0034278>] (process_one_work) from [<c0035234>] (worker_thread+0x2f4/0x448)
[   31.774107]  r10:00000008 r9:00000000 r8:c6bda314 r7:c72c3cd8 r6:c6bda300 r5:c6bda300
[   31.781993]  r4:c72c3cc0
[   31.784545] [<c0034f40>] (worker_thread) from [<c003984c>] (kthread+0x100/0x114)
[   31.791949]  r10:00000000 r9:00000000 r8:00000000 r7:c0034f40 r6:c72c3cc0 r5:00000000
[   31.799836]  r4:c735dc00 r3:c79ed540
[   31.803438] [<c003974c>] (kthread) from [<c00097d0>] (ret_from_fork+0x14/0x24)
[   31.810672]  r7:00000000 r6:00000000 r5:c003974c r4:c735dc00
[   31.816378] Code: e5b53004 e1a07001 e1a06002 e243000c (e5934000)
[   31.822487] ---[ end trace a0ffbb07a810d503 ]---

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 83bcacb521)
2019-02-11 11:46:03 +01:00
Mathias Kresin
d997712c71 ath9k: register GPIO chip for OF targets
This partitialy reverts commit f506de2cda.

Registering the GPIO chip without a parent device completely breaks the
ath9k GPIOs for device tree targets.

As long as boards using the devicetree don't have the gpio-controller
property set for the ath9k node, the unloading of the driver works as
expected.

Register the GPIO chip with the ath9k device as parent only for OF
targets to find a trade-off between the needs of driver developers and
the broken LEDs and buttons seen by users.

Fixes: FS#2098

Signed-off-by: Mathias Kresin <dev@kresin.me>
(cherry picked from commit d35f2a5565)
2019-02-10 17:59:18 +01:00
Hans Dedecker
9b14c7d3d1 netifd: handle hotplug event socket errors
a2aba5c system-linux: handle hotplug event socket ENOBUFS errors

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-02 20:48:32 +01:00
Daniel Gonzalez Cabanelas
e33612484a brcm63xx: HG655b: fix the imagetag at dts
Fix the imagetag on the HG655b to allow a correct partition detection at boot time.

It turns out that it was defined at the wrong partition. Just move the imagetag to
the linux firmware partition.

The bug is present since the 18.06 release. Without this fix, the board won't boot.

Fixes: a27d59bb42 ("brcm63xx: switch to new partition layout specification")
Signed-off-by: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit 26d4cb2ca7)
2019-02-01 16:16:15 +01:00
Koen Vandeputte
ef17edae3d kernel: bump 4.14 to 4.14.97
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-01 11:41:39 +01:00
Koen Vandeputte
21762fe9d6 kernel: bump 4.9 to 4.9.154
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-01 11:41:39 +01:00
Felix Fietkau
ab41836321 mt76: update to the latest version
a4ec45c mt7603: fix LED support (copy CFLAGS from main Makefile)
edda5c5 mt76x02: use mask for vifs
dd52191 mt76x02: use commmon add interface for mt76x2u
a80acaf mt76x02: initialize mutli bss mode when set up address
38e832d mt76x02: minor beaconing init changes
171adaf mt76x02: init beacon config for mt76x2u
dcab682 mt76: beaconing fixes for USB
ff81de1 mt76x02: enable support for IBSS and MESH
8027b5d mt7603: remove copyright headers
e747e80 mt76: fix software encryption issues
2afa0d7 mt7603: remove WCID override for software encrypted frames

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-31 23:23:16 +01:00
Koen Vandeputte
026f08a610 kernel: bump 4.14 to 4.14.96
Refreshed all patches.

New symbol added:
- CONFIG_CIFS_ALLOW_INSECURE_LEGACY

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-31 15:35:22 +01:00
Koen Vandeputte
1f1f421af6 kernel: bump 4.9 to 4.9.153
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-31 15:35:22 +01:00
Felix Fietkau
13eeee7b2b mt76: update to the latest version
c3da1aa mt7603: trigger beacon stuck detection faster
7a53138 mt7603: trigger watchdog reset if flushing CAB queue fails
6eef33b mt7603: remove mt7603_txq_init
ae30c30 mt76: add driver callback for when a sta is associated
0db925f mt7603: update HT/VHT capabilities after assoc
b5ac8e4 mt7603: initialize LED callbacks only if CONFIG_MT76_LEDS is set
c989bac mt76x0: eeprom: fix chan_vs_power map in mt76x0_get_power_info
24bd2c0 mt76x0: phy: report target_power in debugfs
bc7ce2a mt76x0: init: introduce mt76x0_init_txpower routine

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-30 15:18:55 +01:00
Jo-Philipp Wich
ac1ce25671 OpenWrt v18.06.2: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-30 13:34:55 +01:00
Jo-Philipp Wich
a02809f61b OpenWrt v18.06.2: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-30 13:34:49 +01:00
Günther Kelleter
cddd7b4c77 base-files: config_get: prevent filename globbing
When config_get is called as "config_get section option" the option
is unexpectedly globbed by the shell which differs from the way options
are read to a variable with "config_get variable section option".
Add another layer of double quotes to fix it.

Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
(backported from commit c3389ab135)
2019-01-30 13:21:02 +01:00
Jo-Philipp Wich
e6162b2127 dnsmasq: backport missing braces fix
Fold upstream fix d2d4990
("Fix missing braces in 8eac67c0a15b673c8d27002c248651b308093e4") into
the already existing static lease fix patch.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-30 13:01:24 +01:00
Thorsten Glaser
d4178c8f47 build: fix umask detection bashism
the leading 0 is optional and not emitted by some shells

Signed-off-by: Thorsten Glaser <tg@mirbsd.org>
(cherry picked from commit da5bee5345)
2019-01-30 12:40:16 +01:00
Jeffery To
b98b55a64f build: fix STAGING_DIR cleaning for packages
This fixes two issues with cleaning package files from STAGING_DIR:

* CleanStaging currently can only remove files and not directories. This
  changes CleanStaging to use clean-package.sh, which does remove
  directories.

* Because of the way directories are ordered in the staging files list,
  clean-package.sh currently tries (and fails) to remove parent
  directories before removing subdirectories. This changes
  clean-package.sh to process the staging files list in reverse, so that
  subdirectories are removed first.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit a117093679)
2019-01-30 12:40:16 +01:00
David Santamaría Rogado
e6c2f3feb1 ar71xx: use correct wan mac address for the TP-Link Archer C7 v4
The correct MAC address for this device is lan_mac +1, there is no
need to set lan_mac so use base_mac variable instead lan_mac.

Based on this PR for ath79:
https://github.com/openwrt/openwrt/pull/1726

Signed-off-by: David Santamaría Rogado <howl.nsp@gmail.com>
[fix alphabetical ordering, reword subject]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

(cherry picked from commit 4bcf581352)
2019-01-30 12:24:32 +01:00
Daniel Halmschlager
2c7a1ccaea ar71xx: Add usb drivers in Archer C7 v4/v5 images
This commit adds the default usb packages
- kmod-usb-core
- kmod-usb2
- kmod-usb-ledtrig-usbport
for Archer C7 v4 and v5.
(The C7 v5 configuration is based on the v4, therefore the change for v4
also applies for v5.)

Signed-off-by: Daniel Halmschlager <dh@dev.halms.at>
(backported from commit 99e212171a)
2019-01-30 12:15:21 +01:00
Sven Roederer
39c3b5139f openssl: bump to 1.0.2q
This fixes the following security problems:
 * CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication
 * CVE-2018-0734: Timing vulnerability in DSA signature generation
 * Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module

Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
(cherry picked from commit 989060478a)
2019-01-30 12:00:46 +01:00
Jo-Philipp Wich
80ed6ebc56 dnsmasq: backport upstream static lease fix
Backport and rebase upstream fix 18eac67
("Fix entries in /etc/hosts disabling static leases.")

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-30 11:42:27 +01:00
Jason A. Donenfeld
4f2199f528 wireguard: bump to 0.0.20190123
* tools: curve25519: handle unaligned loads/stores safely

This should fix sporadic crashes with `wg pubkey` on certain architectures.

* netlink: auth socket changes against namespace of socket

In WireGuard, the underlying UDP socket lives in the namespace where the
interface was created and doesn't move if the interface is moved. This
allows one to create the interface in some privileged place that has
Internet access, and then move it into a container namespace that only
has the WireGuard interface for egress. Consider the following
situation:

1. Interface created in namespace A. Socket therefore lives in namespace A.
2. Interface moved to namespace B. Socket remains in namespace A.
3. Namespace B now has access to the interface and changes the listen
port and/or fwmark of socket. Change is reflected in namespace A.

This behavior is arguably _fine_ and perhaps even expected or
acceptable. But there's also an argument to be made that B should have
A's cred to do so. So, this patch adds a simple ns_capable check.

* ratelimiter: build tests with !IPV6

Should reenable building in debug mode for systems without IPv6.

* noise: replace getnstimeofday64 with ktime_get_real_ts64
* ratelimiter: totalram_pages is now a function
* qemu: enable FP on MIPS

Linux 5.0 support.

* keygen-html: bring back pure javascript implementation

Benoît Viguier has proofs that values will stay well within 2^53. We
also have an improved carry function that's much simpler. Probably more
constant time than emscripten's 64-bit integers.

* contrib: introduce simple highlighter library

This is the highlighter library being used in:
- https://twitter.com/EdgeSecurity/status/1085294681003454465
- https://twitter.com/EdgeSecurity/status/1081953278248796165

It's included here as a contrib example, so that others can paste it into
their own GUI clients for having the same strictly validating highlighting.

* netlink: use __kernel_timespec for handshake time

This readies us for Y2038. See https://lwn.net/Articles/776435/ for more info.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit bbcd0634f8)
2019-01-30 10:55:22 +01:00
Daniel Engberg
8c105c62e4 wireguard: Update to snapshot 0.0.20181218
Update WireGuard to 0.0.20181218

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit 9a37c95431)
2019-01-30 10:55:18 +01:00
Stijn Segers
1447924c95 mbedtls: update to 2.14.1 for 18.06
Updates mbedtls to 2.14.1. This builds on the previous master commit 7849f74117.

Fixes in 2.13.0:
* Fixed a security issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing.
* Several bugfixes.
* Improvements for better support for DTLS on low-bandwidth, high latency networks with high packet loss.

Fixes in 2.14.1:
* CVE-2018-19608: Local timing attack on RSA decryption

Includes master commit 9e7c4702a1 'mbedtls: fix compilation on ARM < 6'.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>

[Update to 2.14.1]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

[Adapted and squashed for 18.06.1+]
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-01-30 10:16:19 +01:00
Jo-Philipp Wich
e5a0b6cde0 uhttpd: disable concurrent requests by default
In order to avoid straining CPU and memory resources on lower end devices,
avoid running multiple CGI requests in parallel.

Ref: https://forum.openwrt.org/t/high-load-fix-on-openwrt-luci/29006
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c6aa9ff388)
2019-01-30 10:13:30 +01:00
Koen Vandeputte
11bfb39e39 kernel: bump 4.14 to 4.14.95
Refreshed all patches.

Removed superseded patches:
- 0400-Revert-MIPS-smp-mt-Use-CPU-interrupt-controller-IPI-.patch

Add upstream patch to fix build error on ipq806x
- 420-enable-CONFIG_MMC_SDHCI_IO_ACCESSORS.patch

Compile-tested on: cns3xxx, imx6, ipq806x
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-28 09:54:32 +01:00
Koen Vandeputte
dd5fa217dc kernel: bump 4.9 to 4.9.152
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-28 09:54:32 +01:00
Christian Lamparter
91d3b87353 uboot-fritz4040: fix crash caused by interaction with gcc 7.1+
David Bauer reported a u-boot crash (data abort) at a odd
place (byteswap) when he ran ping/tftp on his 7530.

|(FRITZ7530) # ping 192.168.1.70
|eth0 PHY0 up Speed :1000 Full duplex
|eth0 PHY1 Down Speed :10 Half duplex
|eth0 PHY2 Down Speed :10 Half duplex
|eth0 PHY3 Down Speed :10 Half duplex
|eth0 PHY4 Down Speed :10 Half duplex
|Using eth0 device
|data abort
|pc : [<84234774>]      lr : [<842351a4>]
|sp : 8412fdb0  ip : 0000009b     fp : 00000000
|r10: 00000000  r9 : 00000001     r8 : 8412ff68
|r7 : 00000000  r6 : 0000002a     r5 : 84244e90  r4 : 8425e28e
|r3 : 84244e90  r2 : 14000045     r1 : 8412fdb0  r0 : 8425e28e
|Flags: nZCv  IRQs off  FIQs off  Mode SVC_32
|Resetting CPU ...
|
|resetting ...

This issue is caused by switch from gcc 5.5 to 7.1+ as explained
in the upstream patch:

|From a768e513b07b5999a8e7d7740ac8d9da04ee7e51 Mon Sep 17 00:00:00 2001
|From: Denis Pynkin <denis.pynkin@collabora.com>
|Date: Fri, 21 Jul 2017 19:28:42 +0300
|Subject: [PATCH] net: Use packed structures for networking
|
|PXE boot is broken with GCC 7.1 due option '-fstore-merging' enabled
|by default for '-O2':
|
|BOOTP broadcast 1
|data abort
|pc : [<8ff8bb30>]          lr : [<00004f1f>]
|reloc pc : [<17832b30>]    lr : [<878abf1f>]
|sp : 8f558bc0  ip : 00000000     fp : 8ffef5a4
|r10: 8ffed248  r9 : 8f558ee0     r8 : 8ffef594
|r7 : 0000000e  r6 : 8ffed700     r5 : 00000000  r4 : 8ffed74e
|r3 : 00060101  r2 : 8ffed230     r1 : 8ffed706  r0 : 00000ddd
|Flags: nzcv  IRQs off  FIQs off  Mode S
|
|Core reason is usage of structures for network headers without packed
|attribute.

This patch just backports the upstream change to the
uboot-fritz4040 package.

Reported-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-01-26 19:40:23 +01:00
Felix Fietkau
6e16dd1234 mt76: update to the latest version
d273ddd mt7603: fix number of frames limit in .release_buffered_frames
63bf183 mt76: add channel switch announcement support
e45db12 mt7603: fix tx status info
9d11596 mt7603: discard bogus tx status data
4bcb2f9 mt7603: fix txd q_idx field value
4206db7 mt76: set IEEE80211_HW_NEEDS_UNIQUE_STA_ADDR flag
c4e4982 mt7603: set IEEE80211_HW_TX_STATUS_NO_AMPDU_LEN
702f557 mt7603: use maximum tx count for buffered multicast packets
158529d mt7603: fix PSE reset retry sequence
fc31457 mt7603: implement support for SMPS
3e9a7d5 Revert "mt7603: fix txd q_idx field value"
815fd03 mt7603: fix CCA timing values
b35cc8e mt7603: set timing on channel change before starting MAC
79b337c mt7603: move CF-End rate update to mt7603_mac_set_timing
3df341d mt7603: avoid redundant MAC timing updates
1c751f3 mt76: avoid scheduling tx queues for powersave stations
2efa389 mt7603: limit station power save queue length to 64
63a79ff mt76: do not report out-of-range rx nss
fe30bd3 mt7603: issue PSE reset on tx hang
ce8cc5d mt7603: issue PSE client reset on init
e342cc5 mt7603: fix buffered multicast count register
aa470d8 mt7603: fix buffered multicast queue flush
b4ee01f mt76: fix tx status timeout processing
7d00d58 mt76x02: fix per-chain signal strength reporting
64abb35 mt76: fix corrupted software generated tx CCMP PN
0b939dc mt76: fix resetting software IV flag on key delete

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-25 23:50:49 +01:00
Koen Vandeputte
76037756d0 kernel: bump 4.14 to 4.14.94
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-23 11:03:20 +01:00