openwrt/staging/hauke.git
6 years agoar71xx: allow to override at803x sgmii aneg status
David Bauer [Mon, 6 Aug 2018 14:15:05 +0000 (16:15 +0200)]
ar71xx: allow to override at803x sgmii aneg status

When checking the outcome of the PHY autonegotiation status, at803x
currently returns false in case the SGMII side is not established.

Due to a hardware-bug, ag71xx needs to fixup the SoCs SGMII side, which
it can't as it is not aware of the link-establishment.

This commit allows to ignore the SGMII side autonegotiation status to
allow ag71xx to do the fixup work.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 4e39e213af7e3e0cd747403e8c227e145cfef988)

6 years agoar71xx: fix QCA955X SGMII link loss
David Bauer [Mon, 6 Aug 2018 14:15:04 +0000 (16:15 +0200)]
ar71xx: fix QCA955X SGMII link loss

The QCA955X is affected by a hardware bug which causes link-loss of the
SGMII link between SoC and PHY. This happens on change of link-state or
speed.

It is not really known what causes this bug. It definitely occurs when
using a AR8033 Gigabit Ethernet PHY.

Qualcomm solves this Bug in a similar fashion. We need to apply the fix
on a per-device base via platform-data as performing the fixup work will
break connectivity in case the SGMII interface is connected to a Switch.

This bug was first proposed to be fixed by Sven Eckelmann in 2016.
 https://patchwork.ozlabs.org/patch/604782/

Based-on-patch-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit f4f99ec9737c653815268f2efad0210caaa32e2d)

6 years agogrub2: rebase patches
Jo-Philipp Wich [Thu, 23 Aug 2018 17:08:58 +0000 (19:08 +0200)]
grub2: rebase patches

Patch 300-CVE-2015-8370.patch was added without proper rebasing on the
version used by OpenWrt, make it apply and refresh the patch to fix
compilation.

Fixes: 7e73e9128f ("grub2: Fix CVE-2015-8370")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 9ffbe84ea49fc643f41bfdf687de99aee17c9154)

6 years agogrub2: Fix CVE-2015-8370
Rosen Penev [Thu, 23 Aug 2018 02:07:57 +0000 (19:07 -0700)]
grub2: Fix CVE-2015-8370

This CVE is a culmination of multiple integer overflow issues that cause
multiple issues like Denial of Service and authentication bypass.

More info: https://nvd.nist.gov/vuln/detail/CVE-2015-8370

Taken from Fedora.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 7e73e9128f6a63b9198c88eea97c267810447be4)

6 years agobzip2: Fix CVE-2016-3189
Rosen Penev [Thu, 23 Aug 2018 02:07:56 +0000 (19:07 -0700)]
bzip2: Fix CVE-2016-3189

Issue causes a crash with specially crafted bzip2 files.

More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189

Taken from Fedora.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f9469efbfa7ce892651f9a6da713eacbef66f177)

6 years agoscripts: bundle-libraries: fix logic flaw
Jo-Philipp Wich [Wed, 29 Aug 2018 11:16:34 +0000 (13:16 +0200)]
scripts: bundle-libraries: fix logic flaw

Previous refactoring of the script moved the LDSO detection into a
file-not-exists condition, causing onyl the very first executable to
get bundled.

Solve the problem by unconditionally checking for LDSO again.

Fixes: 9030a78a71 ("scripts: bundle-libraries: prevent loading host locales")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 5ebcd32997b6d10abcd29c8795a598fdcaf4521d)

6 years agoscripts: bundle-libraries: prevent loading host locales (FS#1803)
Jo-Philipp Wich [Sat, 25 Aug 2018 12:46:57 +0000 (14:46 +0200)]
scripts: bundle-libraries: prevent loading host locales (FS#1803)

Binary patch the bundled glibc library to inhibit loading of host locale
archives in order to avoid triggering internal libc assertions when
invoking shipped, bundled executables.

The problem has been solved with upstream Glibc commit
0062ace229 ("Gracefully handle incompatible locale data") but we still
need to deal with older Glibc binaries for some time to come.

Fixes FS#1803
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 9030a78a716b0a2eeed4510d4a314393262255c2)

6 years agoramips: only limit lzma dictionary size on mt7621
Jo-Philipp Wich [Thu, 30 Aug 2018 08:51:09 +0000 (10:51 +0200)]
ramips: only limit lzma dictionary size on mt7621

The changed dictionary size leads to a different LZMA header which breaks
sysupgrade image magic checkibng on at least some RT288x boards.

Since the commit message only mentions testing on MT7621 and since the
change appears to break at least one other ramips subtarget, do not take
any chances and restrict the size limitation to only MT7621.

Fixes FS#1797
Fixes 09b6755946 ("ramips: limit dictionary size for lzma compression")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 77e2bccde8f7f98603f60473023dadec4f473cf6)

6 years agouqmi: wait for the control device too
Thomas Equeter [Thu, 16 Aug 2018 19:39:05 +0000 (21:39 +0200)]
uqmi: wait for the control device too

The control device /dev/cdc-wdm0 is not available immediately on the
D-Link DWR-921 Rev.C3, therefore the wwan interface fails to start at
boot with a "The specified control device does not exist" error.

This patch alters /lib/netifd/proto/qmi.sh to wait for
network.wwan.delay earlier, before checking for the control device,
instead of just before interacting with the modem.

One still has to use network.wwan.proto='qmi', as the "wwan" proto
performs that sort of check before any delay is possible, failing with a
"No valid device was found" error.

Signed-off-by: Thomas Equeter <tequeter@users.noreply.github.com>
6 years agocomgt: increase timeout on runcommands
Giuseppe Lippolis [Sun, 26 Aug 2018 08:52:27 +0000 (10:52 +0200)]
comgt: increase timeout on runcommands

Some combination of modem/wireless operator requires more time to
execute the commands.
Tested on DWR-512 embedded wwan modem and italian operator iliad (new
virtual operator).

Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
(cherry picked from commit 774d7fc9f2897d7b33ef15ddaa3522531eb85970)

6 years agougps: Update to fix position calculation
Bruno Randolf [Fri, 24 Aug 2018 15:59:08 +0000 (16:59 +0100)]
ugps: Update to fix position calculation

This is necessary to get my position right.
Without this my longitude is incorrecty -15.85xxxx instead of -16.52yyyy

Signed-off-by: Bruno Randolf <br1@einfach.org>
(cherry picked from commit fe960cead7005811deb03c220f6bb5660f65e1d5)

6 years agougps: Add option disabled
Bruno Randolf [Thu, 23 Aug 2018 20:59:58 +0000 (21:59 +0100)]
ugps: Add option disabled

Like many other packages, an option to disable can be practical.

Signed-off-by: Bruno Randolf <br1@einfach.org>
(cherry picked from commit 6b14a73f4f619b7bbdeac1cbcd0d34b0957ca0cb)

6 years agokernel: bump 4.14 to 4.14.67
Koen Vandeputte [Fri, 24 Aug 2018 16:00:10 +0000 (18:00 +0200)]
kernel: bump 4.14 to 4.14.67

Refreshed all patches.

Removed upstreamed patches:
- 037-v4.18-0008-ARM-dts-BCM5301x-Fix-i2c-controller-interrupt-type.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 4.9 to 4.9.124
Koen Vandeputte [Fri, 24 Aug 2018 15:58:52 +0000 (17:58 +0200)]
kernel: bump 4.9 to 4.9.124

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agoar71xx: WNR612v2: fix kernel panic due to wrong Wifi LED init
Michal Cieslakiewicz [Mon, 27 Aug 2018 18:24:04 +0000 (20:24 +0200)]
ar71xx: WNR612v2: fix kernel panic due to wrong Wifi LED init

Netgear WNR612v2 flashed with recent OpenWrt builds suffers from kernel
panic at boot during wireless chip initialization, making device
unusable:

 ath: phy0: Ignoring endianness difference in EEPROM magic bytes.
 ath: phy0: Enable LNA combining
 CPU 0 Unable to handle kernel paging request at virtual address 1000fee1, epc == 801d08f0, ra == 801d0d90
 Oops[#1]:
 CPU: 0 PID: 469 Comm: kmodloader Not tainted 4.9.120 #0
 [ ... register dump etc ... ]
 Kernel panic - not syncing: Fatal exception
 Rebooting in 1 seconds..

This simple patch fixes above error. It keeps LED table in memory after
kernel init phase for ath9k driver to operate correctly (__initdata
removed).

Also, another bug is fixed - correct array size is provided to function
that adds platform LEDs (this device has only 1 connected to Wifi chip)
preventing code from going outside array bounds.

Fixes: 1f5ea4eae46e ("ar71xx: add correct named default wireless led by using platform leds")
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
[trimmed commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoar71xx/generic: enable Zyxel NBG6616 in kernel config again
Matthias Schiffer [Mon, 27 Aug 2018 18:25:01 +0000 (20:25 +0200)]
ar71xx/generic: enable Zyxel NBG6616 in kernel config again

The NBG6616 shares a config symbol with the NBG6716. It was accidentally
removed from the config when the ar71xx-tiny target was split off.

Fixes: 0cd5e85e7ad6 ("ar71xx: create new ar71xx/tiny subtarget for 4MB flash devices")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit a4f4ddba61e61d3f15d19c4e57733a9e44ec8d09)

6 years agomac80211: mwl8k: Expand non-DFS 5G channels
Antonio Silverio [Fri, 10 Aug 2018 10:05:14 +0000 (12:05 +0200)]
mac80211: mwl8k: Expand non-DFS 5G channels

Add non-DFS 5G upper channels (149-165) besides existed 4 lower channels
(36, 40, 44, 48).

Signed-off-by: Antonio Silverio <menion@gmail.com>
6 years agomt76: update to the latest version
Felix Fietkau [Wed, 22 Aug 2018 10:31:55 +0000 (12:31 +0200)]
mt76: update to the latest version

7daf962 mt7603: add survey support
980c606 mt7603: add fix for CCA signal configuration
30b8371 mt7603: fix BAR rate

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agodropbear: backport upstream fix for CVE-2018-15599
Hans Dedecker [Fri, 24 Aug 2018 13:02:24 +0000 (15:02 +0200)]
dropbear: backport upstream fix for CVE-2018-15599

CVE description :
The recv_msg_userauth_request function in svr-auth.c in Dropbear through
2018.76 is prone to a user enumeration vulnerability because username
validity affects how fields in SSH_MSG_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoramips: mt7620: add dir-810l network config
Roger Pueyo Centelles [Thu, 23 Aug 2018 13:04:31 +0000 (15:04 +0200)]
ramips: mt7620: add dir-810l network config

The device was not included in the /etc/board.d/02_network file, so
the network wouldn't be properly set up on boot.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
6 years agoramips: fix compatibles in SoC dtsi
Mathias Kresin [Wed, 22 Aug 2018 04:57:48 +0000 (06:57 +0200)]
ramips: fix compatibles in SoC dtsi

The former used compatibles aren't defined anywhere and aren't used by
the devicetree source files including them.

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoramips: fix GL-MT300N-V2 SoC compatible
Mathias Kresin [Wed, 22 Aug 2018 04:40:28 +0000 (06:40 +0200)]
ramips: fix GL-MT300N-V2 SoC compatible

According to abbfcc85259a ("ramips: add support for GL-inet
GL-MT300N-V2") the board has a MediaTek MT7628AN. Change the SoC
compatible to match the used hardware.

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agoramips: drop not existing groups from pinmux
Mathias Kresin [Wed, 22 Aug 2018 04:26:36 +0000 (06:26 +0200)]
ramips: drop not existing groups from pinmux

RT5350 neither have rgmii nor a mdio pinmux group. MT7628an doesn't
have a jtag group. Having these groups defined might cause a boot
panic.

The pin controller fails to initialise for kernels > 4.9 if invalid
groups are used. If a subsystem references a pin controller
configuration node, it can not find this node and errors out. In worst
case it's the SPI driver which errors out and we have no root
filesystem to mount.

Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agogeneric: revert workarounds for AR8337 switch
Mathias Kresin [Wed, 15 Aug 2018 06:20:33 +0000 (08:20 +0200)]
generic: revert workarounds for AR8337 switch

The intention of 967b6be118e3 ("ar8327: Add workarounds for AR8337
switch") was to remove the register fixups for AR8337. But instead they
were removed for AR8327.

The RGMII RX delay is forced even if the port is used as phy instead of
mac, which results in no package flow at least for one board.

Fixes: FS#1664
Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agokernel: bump 4.14 to 4.14.66
Koen Vandeputte [Wed, 22 Aug 2018 09:24:37 +0000 (11:24 +0200)]
kernel: bump 4.14 to 4.14.66

Refreshed all patches

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 4.9 to 4.9.123
Koen Vandeputte [Wed, 22 Aug 2018 09:24:00 +0000 (11:24 +0200)]
kernel: bump 4.9 to 4.9.123

Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agotools/bison: Update to 3.0.5
Daniel Engberg [Thu, 7 Jun 2018 17:21:12 +0000 (19:21 +0200)]
tools/bison: Update to 3.0.5

Update bison to 3.0.5
Bugfix release
Remove 001-fix-macos-vasnprintf.patch as it is fixed upstream

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit df02e7a3c790552c9620242544ec0137dae6a32b)

6 years agocns3xxx: fix mtu setting with kernel 4.14
Mathias Kresin [Sun, 18 Feb 2018 21:48:44 +0000 (22:48 +0100)]
cns3xxx: fix mtu setting with kernel 4.14

Since kernel 4.10 commit 61e84623ace3 ("net: centralize net_device
min/max MTU checking"), the range of mtu is [min_mtu, max_mtu], which
is [68, 1500] by default.

It's necessary to set a max_mtu if a mtu > 1500 is supported.

Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
6 years agokernel: bump 4.14 to 4.14.65
Koen Vandeputte [Mon, 20 Aug 2018 08:45:32 +0000 (10:45 +0200)]
kernel: bump 4.14 to 4.14.65

Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 4.9 to 4.9.122
Koen Vandeputte [Mon, 20 Aug 2018 08:44:33 +0000 (10:44 +0200)]
kernel: bump 4.9 to 4.9.122

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agoOpenWrt v18.06.1: revert to branch defaults
Jo-Philipp Wich [Thu, 16 Aug 2018 16:36:52 +0000 (18:36 +0200)]
OpenWrt v18.06.1: revert to branch defaults

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agoOpenWrt v18.06.1: adjust config defaults
Jo-Philipp Wich [Thu, 16 Aug 2018 16:36:48 +0000 (18:36 +0200)]
OpenWrt v18.06.1: adjust config defaults

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agorpcd: update to latest git HEAD
Jo-Philipp Wich [Thu, 16 Aug 2018 07:43:11 +0000 (09:43 +0200)]
rpcd: update to latest git HEAD

41333ab uci: tighten uci reorder operation error handling
f91751b uci: tighten uci delete operation error handling
c2c612b uci: tighten uci set operation error handling
948bb51 uci: tighten uci add operation error handling
51980c6 uci: reject invalid section and option names

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 8c91807214c42b481a0893e118d46f488419468a)

6 years agoopenssl: update to version 1.0.2p
Hauke Mehrtens [Wed, 15 Aug 2018 20:17:11 +0000 (22:17 +0200)]
openssl: update to version 1.0.2p

This fixes the following security problems:
 * CVE-2018-0732: Client DoS due to large DH parameter
 * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agokernel: bump kernel 4.9 to version 4.9.120
Hauke Mehrtens [Wed, 15 Aug 2018 19:50:09 +0000 (21:50 +0200)]
kernel: bump kernel 4.9 to version 4.9.120

The following patch was integrated upstream:
 * target/linux/generic/backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch

This fixes tries to work around the following security problems:
 * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
 * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agokernel: bump kernel 4.14 to version 4.14.63
Hauke Mehrtens [Wed, 15 Aug 2018 20:40:58 +0000 (22:40 +0200)]
kernel: bump kernel 4.14 to version 4.14.63

The following patches were integrated upstream:
 * target/linux/ipq40xx/patches-4.14/050-0006-mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch
 * target/linux/mediatek/patches-4.14/0177-phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass.patch

This fixes tries to work around the following security problems:
 * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
 * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agoramips: add missing USB packages into ASL26555-16M
Zoltan HERPAI [Mon, 13 Aug 2018 08:26:03 +0000 (10:26 +0200)]
ramips: add missing USB packages into ASL26555-16M

Mirror the package list from the 8M device profile to the
16M device profile.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
6 years agobrcm47xx: cosmetic fix in model detection
Paul Wassi [Sun, 12 Aug 2018 08:02:22 +0000 (10:02 +0200)]
brcm47xx: cosmetic fix in model detection

In "brcm47xx: rework model detection" the file 01_detect was moved
to 01_network, therefore also update the warning message in case
everything fails.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
6 years agoath25: Do not build images for ubnt2 and ubnt5
Hauke Mehrtens [Sun, 12 Aug 2018 09:32:57 +0000 (11:32 +0200)]
ath25: Do not build images for ubnt2 and ubnt5

The flash size of the ubnt2 and ubnt5 is limited and the images with
LuCI are getting too big for these boards. Do not build images for these
boards to make the complete build of this target not fail anymore.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agoat91: do not build image for at91-q5xr5
Hauke Mehrtens [Sun, 12 Aug 2018 09:31:28 +0000 (11:31 +0200)]
at91: do not build image for at91-q5xr5

The kernel image of the at91-q5xr5 is getting too bing now and this is
breaking the build. Remove the image for the at91-q5xr5 from the build
to at least build images for the other devices.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agouci: bump to source date 2018-08-11
Yousong Zhou [Sat, 11 Aug 2018 12:03:14 +0000 (12:03 +0000)]
uci: bump to source date 2018-08-11

Fixes segfault when parsing malformed delta lines

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 3493c1cf41ecaa2f87394059a26578f723109a15)

6 years agomwlwifi: update to version 10.3.8.0-20180615
Kabuli Chana [Thu, 14 Jun 2018 18:39:22 +0000 (12:39 -0600)]
mwlwifi: update to version 10.3.8.0-20180615

fix mcs rate for HT
support 88W8997
protect rxringdone

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
6 years agotools: findutils: fix compilation with glibc 2.28
Luis Araneda [Thu, 9 Aug 2018 02:32:46 +0000 (22:32 -0400)]
tools: findutils: fix compilation with glibc 2.28

Add a temporary workaround to compile with glibc 2.28
as some constants were removed and others made private

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
6 years agotools: m4: fix compilation with glibc 2.28
Luis Araneda [Thu, 9 Aug 2018 02:32:45 +0000 (22:32 -0400)]
tools: m4: fix compilation with glibc 2.28

Add a temporary workaround to compile with glibc 2.28
as some constants were removed and others made private

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
6 years agokernel: bump 4.14 to 4.14.62
Koen Vandeputte [Thu, 9 Aug 2018 15:18:12 +0000 (17:18 +0200)]
kernel: bump 4.14 to 4.14.62

Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 4.9 to 4.9.119
Koen Vandeputte [Thu, 9 Aug 2018 15:17:50 +0000 (17:17 +0200)]
kernel: bump 4.9 to 4.9.119

Refreshed all patches.

Delete upstreamed patch:
- 100-tcp-add-tcp_ooo_try_coalesce-helper.patch

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agowpa_supplicant: fix CVE-2018-14526
John Crispin [Fri, 10 Aug 2018 13:48:21 +0000 (15:48 +0200)]
wpa_supplicant: fix CVE-2018-14526

Unauthenticated EAPOL-Key decryption in wpa_supplicant

Published: August 8, 2018
Identifiers:
- CVE-2018-14526
Latest version available from: https://w1.fi/security/2018-1/

Vulnerability

A vulnerability was found in how wpa_supplicant processes EAPOL-Key
frames. It is possible for an attacker to modify the frame in a way that
makes wpa_supplicant decrypt the Key Data field without requiring a
valid MIC value in the frame, i.e., without the frame being
authenticated. This has a potential issue in the case where WPA2/RSN
style of EAPOL-Key construction is used with TKIP negotiated as the
pairwise cipher. It should be noted that WPA2 is not supposed to be used
with TKIP as the pairwise cipher. Instead, CCMP is expected to be used
and with that pairwise cipher, this vulnerability is not applicable in
practice.

When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data
field is encrypted using RC4. This vulnerability allows unauthenticated
EAPOL-Key frames to be processed and due to the RC4 design, this makes
it possible for an attacker to modify the plaintext version of the Key
Data field with bitwise XOR operations without knowing the contents.
This can be used to cause a denial of service attack by modifying
GTK/IGTK on the station (without the attacker learning any of the keys)
which would prevent the station from accepting received group-addressed
frames. Furthermore, this might be abused by making wpa_supplicant act
as a decryption oracle to try to recover some of the Key Data payload
(GTK/IGTK) to get knowledge of the group encryption keys.

Full recovery of the group encryption keys requires multiple attempts
(128 connection attempts per octet) and each attempt results in
disconnection due to a failure to complete the 4-way handshake. These
failures can result in the AP/network getting disabled temporarily or
even permanently (requiring user action to re-enable) which may make it
impractical to perform the attack to recover the keys before the AP has
already changes the group keys. By default, wpa_supplicant is enforcing
at minimum a ten second wait time between each failed connection
attempt, i.e., over 20 minutes waiting to recover each octet while
hostapd AP implementation uses 10 minute default for GTK rekeying when
using TKIP. With such timing behavior, practical attack would need large
number of impacted stations to be trying to connect to the same AP to be
able to recover sufficient information from the GTK to be able to
determine the key before it gets changed.

Vulnerable versions/configurations

All wpa_supplicant versions.

Acknowledgments

Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU
Leuven for discovering and reporting this issue.

Possible mitigation steps

- Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This
can be done also on the AP side.

- Merge the following commits to wpa_supplicant and rebuild:

WPA: Ignore unauthenticated encrypted EAPOL-Key data

This patch is available from https://w1.fi/security/2018-1/

- Update to wpa_supplicant v2.7 or newer, once available

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 1961948585e008ad0095d7074784893229b00d06)

6 years agoRevert "libevent2: Don't build tests and samples"
Jo-Philipp Wich [Thu, 9 Aug 2018 13:27:12 +0000 (15:27 +0200)]
Revert "libevent2: Don't build tests and samples"

This reverts commit fe90d14880ad80e5cbc0eba036f8f9f83fa77396.

The cherry pick does not apply cleanly to 18.06.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agokernel: move e1000e patches to backports
Stijn Tintel [Thu, 9 Aug 2018 09:46:29 +0000 (11:46 +0200)]
kernel: move e1000e patches to backports

They're already in linux.git, so they shouldn't be in pending.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 14b6c725411dfb3e44242bea3b000a1f58b52235)

6 years agokernel: add pending e1000e fixes
Stijn Tintel [Thu, 28 Jun 2018 09:44:10 +0000 (11:44 +0200)]
kernel: add pending e1000e fixes

The previous round of fixes for the 82574 chip cause an issue with
emulated e1000e devices in VMware ESXi 6.5. It also contains changes
that are not strictly necessary. These patches fix the issues introduced
in the previous series, revert the unnecessary changes to avoid
unforeseen fallout, and avoid a case where interrupts can be missed.

The final two patches of this series are already in the kernel, so no
need to include them here.

Patchwork: https://patchwork.ozlabs.org/cover/881776/

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit ef025e6417abd608ee398039623ac8a306bb92c5)

6 years agofirmware: intel-microcode: bump to 20180703
Zoltan HERPAI [Mon, 30 Jul 2018 13:16:59 +0000 (15:16 +0200)]
firmware: intel-microcode: bump to 20180703

  * New upstream microcode data file 20180703
    + Updated Microcodes:
      sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
      sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
      sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
      sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
      sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
      sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
      sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
      sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
      sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
      sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
    + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640
    + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
    + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
      Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
      Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
      server dies.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
6 years agocurl: Fix CVE-2018-0500
Hauke Mehrtens [Wed, 8 Aug 2018 19:57:18 +0000 (21:57 +0200)]
curl: Fix CVE-2018-0500

This backports a fix for:
* CVE-2018-0500 SMTP send heap buffer overflow
See here for details: https://curl.haxx.se/docs/adv_2018-70a2.html

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agoustream-ssl: update to version 2018-05-22
Hauke Mehrtens [Tue, 22 May 2018 18:44:34 +0000 (20:44 +0200)]
ustream-ssl: update to version 2018-05-22

5322f9d mbedtls: Fix setting allowed cipher suites
e8a1469 mbedtls: Add support for a session cache

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agombedtls: Update to 2.12.0
Hauke Mehrtens [Mon, 21 May 2018 11:58:52 +0000 (13:58 +0200)]
mbedtls: Update to 2.12.0

Multiple security fixes
* CVE-2018-0497 Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel
* CVE-2018-0498 Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel

Disable OFB block mode and XTS block cipher mode, added in 2.11.0.
Disable Chacha20 and Poly1305 cryptographic primitives, added in 2.12.0
Patch the so version back to the original one, the API changes are
looking no so invasive.

The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
163.967 Bytes
ipkg for mips_24kc after:
164.753 Bytes

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agombedtls: Activate the session cache
Hauke Mehrtens [Mon, 21 May 2018 11:58:53 +0000 (13:58 +0200)]
mbedtls: Activate the session cache

This make sit possible to store informations about a session and reuse
it later. When used by a server it increases the time to create a new
TLS session from about 1 second to less than 0.1 seconds.

The size of the ipkg file increased by about 800 Bytes.
ipkg for mips_24kc before:
163.140 Bytes
ipkg for mips_24kc after:
163.967 Bytes

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agombedtls: cleanup config patch
Daniel Engberg [Fri, 6 Jul 2018 13:45:06 +0000 (16:45 +0300)]
mbedtls: cleanup config patch

Clean up patch, use "//" consistently.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agombedtls: Deactivate platform abstraction
Hauke Mehrtens [Mon, 21 May 2018 11:58:54 +0000 (13:58 +0200)]
mbedtls: Deactivate platform abstraction

This makes mbedtls use the POSIX API directly and not use the own
abstraction layer.
The size of the ipkg decreased by about 100 bytes.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 years agokernel: remove stray 4.4 references
Jo-Philipp Wich [Wed, 8 Aug 2018 17:31:58 +0000 (19:31 +0200)]
kernel: remove stray 4.4 references

The 4.4 version hash was accidentally reintroduced while rebasing the
master commit, remove it again.

Fixes ca3174e4e9 ("kernel: bump 4.9 to 4.9.118")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agokernel: backport upstream fix for CVE-2018-5390
Jo-Philipp Wich [Wed, 8 Aug 2018 09:12:18 +0000 (11:12 +0200)]
kernel: backport upstream fix for CVE-2018-5390

Backport an upstream fix for a remotely exploitable TCP denial of service
flaw in Linux 4.9+.

The fixes are included in Linux 4.14.59 and later but did not yet end up in
version 4.9.118.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit fefe1da440eede8dfaa23975c30ae2f6fcac744d)

6 years agokernel: bump 4.14 to 4.14.61
Koen Vandeputte [Tue, 7 Aug 2018 08:34:37 +0000 (10:34 +0200)]
kernel: bump 4.14 to 4.14.61

Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(backported from commit 7a254aeeb8a9ca7e2846af6ed508f5ec21db350d)

6 years agokernel: bump 4.9 to 4.9.118
Koen Vandeputte [Tue, 7 Aug 2018 08:33:52 +0000 (10:33 +0200)]
kernel: bump 4.9 to 4.9.118

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(backported from commit f7036a34ace38b701243e9357d7f509f8a66f0b1)

6 years agoRevert "kernel: usb: dwc2 DMA alignment fixes"
John Crispin [Wed, 8 Aug 2018 14:31:14 +0000 (16:31 +0200)]
Revert "kernel: usb: dwc2 DMA alignment fixes"

This reverts commit 1e5bd42d63e508358c703be550590d3ff72dc6e0.

this has already treacled down with the latest kernel bump

Signed-off-by: John Crispin <john@phrozen.org>
6 years agobrcm2708: fix w1 patch
John Crispin [Mon, 30 Jul 2018 18:51:56 +0000 (20:51 +0200)]
brcm2708: fix w1 patch

this is now part of generic

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 5f5d8128815c0624a01e48de25bd5cf1b6ab23ef)

6 years agobase-files: drop fwtool_pre_upgrade
John Crispin [Mon, 30 Jul 2018 15:42:39 +0000 (17:42 +0200)]
base-files: drop fwtool_pre_upgrade

this feature has never worked, the fw image name was not passed and the -t
parameter was missing in the tool invocation. drop the feature.

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 5e1b4c57ded7898be5255aef594fa18ec206f0b2)

6 years agolibevent2: Don't build tests and samples
Eneas U de Queiroz [Mon, 30 Jul 2018 12:27:52 +0000 (12:27 +0000)]
libevent2: Don't build tests and samples

The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This reduces build time significantly.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry picked from commit 26dbf79f4905e6b5ba5aafdc2271c3a864dd1924)

6 years agokernel: generic: fix problem with w1-gpio-custom
Pawel Dembicki [Thu, 15 Feb 2018 21:21:25 +0000 (22:21 +0100)]
kernel: generic: fix problem with w1-gpio-custom

In boards with fdt is impossible to use kmod-w1-gpio-custom.
w1-gpio-custom create platform structure for w1-gpio module,
but if board use fdt, data is ignored in w1-gpio probe.

This workaround fix the problem.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(cherry picked from commit aa5838adb7be733c427e63bb6cc702f9a533292d)

6 years agowwan: Fix teardown for sierra_net driver
Masashi Honma [Tue, 17 Jul 2018 23:40:33 +0000 (08:40 +0900)]
wwan: Fix teardown for sierra_net driver

The sierra_net driver is using proto_directip_setup for setup. So use
proto_directip_teardown for teardown.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
(cherry picked from commit d05967baecca33774ab95d4ffabbcb4cc9d0a1bf)

6 years agokernel: leds-apu2 remove boardname check
Lukas Mrtvy [Wed, 11 Jul 2018 08:22:27 +0000 (10:22 +0200)]
kernel: leds-apu2 remove boardname check

'In different versions of coreboot are different names of apu boardname.
No need to check boardname to load module.'

Signed-off-by: Lukas Mrtvy <lukas.mrtvy@gmail.com>
(cherry picked from commit f21bcb4db8a12cef62e5698f0f711db8dde99db8)

6 years agodropbear: close all active clients on shutdown
Christian Schoenebeck [Thu, 12 Jul 2018 02:36:03 +0000 (22:36 -0400)]
dropbear: close all active clients on shutdown

Override the default shutdown action (stop) and close all processes
of dropbear

Since commit 498fe85, the stop action only closes the process
that's listening for new connections, maintaining the ones with
existing clients.
This poses a problem when restarting or shutting-down a device,
because the connections with existing SSH clients, like OpenSSH,
are not properly closed, causing them to hang.

This situation can be avoided by closing all dropbear processes when
shutting-down the system, which closes properly the connections with
current clients.

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
[Luis: Rework commit message]
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
(cherry picked from commit 1e177844bc814d3846312c91cd0f7a54df4f32b9)

6 years agokernel: gpio-nct5104d remove boardname check
Lukáš Mrtvý [Wed, 11 Jul 2018 09:33:55 +0000 (11:33 +0200)]
kernel: gpio-nct5104d remove boardname check

'In different versions of coreboot are different names of apu boardname.
No need to check boardname to load module.'

Signed-off-by: Lukáš Mrtvý <lukas.mrtvy@gmail.com>
(cherry picked from commit d3b8e6b2a77de8b3d5724534714ecdfd8fa6d50c)

6 years agobuild: README punctuation pendantry
Kevin Darbyshire-Bryant [Sun, 8 Jul 2018 10:58:07 +0000 (11:58 +0100)]
build: README punctuation pendantry

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 79b38047b9962846912195b963230653c35900a1)

6 years agobuild: Update README & github help
Kevin Darbyshire-Bryant [Sat, 7 Jul 2018 21:23:01 +0000 (22:23 +0100)]
build: Update README & github help

Update README to include Openwrt branding and improve wording.

Point at the Openwrt wiki in .github templates.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 5781fc6b3f4fade6229390c364c7d7cca514ec76)

6 years agobasefiles: Reword sysupgrade message
Kevin Darbyshire-Bryant [Wed, 4 Jul 2018 16:26:16 +0000 (17:26 +0100)]
basefiles: Reword sysupgrade message

sysupgrade 'upgrade' message more verbose than needs be.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit edf338f248a270f5fd85edc04775ec5ed6d46bca)

6 years agolinux: update license tag to use correct SPDX tag
Florian Eckert [Fri, 6 Jul 2018 12:31:44 +0000 (14:31 +0200)]
linux: update license tag to use correct SPDX tag

Use SPDX tag.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit c79ef6fbe39b0626214542a0de141da092be193c)

6 years agokernel: usb: dwc2 DMA alignment fixes
Antti Seppälä [Fri, 6 Jul 2018 06:35:37 +0000 (09:35 +0300)]
kernel: usb: dwc2 DMA alignment fixes

Add two patches submitted for upstream review that significantly improve
the dwc2 driver on openwrt from kernel stability and performance
perspectives.

Fixes: FS#1367
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
(cherry picked from commit 9f451ec698ede068e911821473cbe94f50a2977c)

6 years agofirmware: amd64-microcode: update to 20180524
Zoltan HERPAI [Sat, 7 Jul 2018 09:44:02 +0000 (11:44 +0200)]
firmware: amd64-microcode: update to 20180524

  * New microcode update packages from AMD upstream:
    + New Microcodes:
      sig 0x00800f12, patch id 0x08001227, 2018-02-09
    + Updated Microcodes:
      sig 0x00600f12, patch id 0x0600063e, 2018-02-07
      sig 0x00600f20, patch id 0x06000852, 2018-02-06
  * Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support,
    plus other unspecified fixes/updates.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
(cherry picked from commit 10e393262caeba1e9cbdcc937d20fe15ad5f448a)

6 years agokernel: remove linux 4.4 support
Koen Vandeputte [Wed, 8 Aug 2018 07:56:49 +0000 (09:56 +0200)]
kernel: remove linux 4.4 support

No targets are using it anymore

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: remove linux 3.18 support
Koen Vandeputte [Wed, 8 Aug 2018 07:54:51 +0000 (09:54 +0200)]
kernel: remove linux 3.18 support

No targets are using it anymore

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agolibubox: fix mirror hash
Jo-Philipp Wich [Tue, 7 Aug 2018 14:30:20 +0000 (16:30 +0200)]
libubox: fix mirror hash

Correct the mirror hash to reflect whats on the download server.

A locally produced libubox SCM tarball was also verified to yield an identical
checksum compared to the one currently on the download server.

Fixes FS#1707.
Fixes 5dc32620c4 ("libubox: update to latest git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 432eaa940fee0b8023bee122da4cb08f3216209f)

6 years agonetifd: update to latest git HEAD
John Crispin [Mon, 30 Jul 2018 21:56:14 +0000 (23:56 +0200)]
netifd: update to latest git HEAD

a0a1e52 fix compile error
75ee790 interface-ip: fix eui64 ifaceid generation (FS#1668)
ca97097 netifd: make sure the vlan ifname fits into the buffer
b8c1bca iprule: remove bogus assert calls
a2f952d iprule: fix broken in_dev/out_dev checks
263631a vlan: use alloca to get rid of IFNAMSIZE in vlan_dev_set_name()
291ccbb ubus: display correct prefix size for IPv6 prefix address
908a9f4 CMakeLists.txt: add -Wimplicit-fallthrough to the compiler flags
b06b011 proto-shell.c: add a explicit "fall through" comment to make the compiler happy
60293a7 replace fall throughs in switch/cases where possible with simple code changes
5cf7975 iprule: rework interface based rules to handle dynamic interfaces
57f87ad Introduce new interface event "create" (IFEV_CREATE)
03785fb system-linux: fix build error on older kernels
d1251e1 system-linux: adjust bridge isolate mode for upstream attribute naming
e9eff34 system-linux: extend link mode speed definitions
c1f6a82 system-linux: add autoneg and link-partner output

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 3c4eeb5d21073dea5a021012f9e65ce95f81806e)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoRevert "mt7620: gsw: make IntPHY and ExtPHY share mdio addr 4 possible"
Jo-Philipp Wich [Mon, 6 Aug 2018 17:52:06 +0000 (19:52 +0200)]
Revert "mt7620: gsw: make IntPHY and ExtPHY share mdio addr 4 possible"

This reverts commit b40316c21a960d332bc9b04ee1791b8aafcf8786.

That change causes ramips/mt7620 to fail with:

    drivers/net/ethernet/mtk/gsw_mt7620.c: In function 'mt7620_hw_init':
    drivers/net/ethernet/mtk/gsw_mt7620.c:171:14: error: 'mdio_mode' undeclared (first use in this function); did you mean 'd_move'?
      } else if (!mdio_mode) {
                  ^~~~~~~~~
                  d_move

Back it out for now to restore compilation.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
6 years agokernel: add missing ARM64_SSBD symbol
Stijn Tintel [Tue, 31 Jul 2018 09:19:18 +0000 (12:19 +0300)]
kernel: add missing ARM64_SSBD symbol

In 4.14.57, a new symbol for Spectre v4 mitigation was introduced for
ARM64. Add this symbol to all ARM64 targets using kernel 4.14.

This mitigates CVE-2018-3639 on ARM64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 77e3e706ce0dfe653a28e088bdcf0acddead0091)

6 years agomt7620: gsw: make IntPHY and ExtPHY share mdio addr 4 possible
Chen Minqiang [Fri, 3 Aug 2018 17:14:07 +0000 (01:14 +0800)]
mt7620: gsw: make IntPHY and ExtPHY share mdio addr 4 possible

To share mdio addr for IntPHY and ExtPHY,
as described in the documentation (MT7620_ProgrammingGuide.pdf).
(refer: http://download.villagetelco.org/hardware/MT7620/MT7620_ProgrammingGuide.pdf)

when port4 setup to work as gmac mode, dts like:

&gsw {
    mediatek,port4 = "gmac";
};

we should set SYSCFG1.GE2_MODE==0x0 (RGMII).
but SYSCFG1.GE2_MODE may have been set to 3(RJ-45) by uboot/default
so we need to re-set it to 0x0

before this changes:
gsw: 4FE + 2GE may not work correctly and MDIO addr 4 cannot be used by ExtPHY

after this changes:
gsw: 4FE + 2GE works and MDIO addr 4 can be used by ExtPHY

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
(cherry picked from commit f6d81e2fa1f110d8025eaa434d67d0014aca1d42)

6 years agoramips: fix gigabit switch PHY access on MDIO
Daniel Gimpelevich [Wed, 1 Aug 2018 14:51:47 +0000 (07:51 -0700)]
ramips: fix gigabit switch PHY access on MDIO

When PHY's are defined on the MDIO bus in the DTS, gigabit support was
being masked out for no apparent reason, pegging all such ports to 10/100.
If gigabit support must be disabled for some reason, there should be a
"max-speed" property in the DTS.

Reported-by: James McKenzie <openwrt@madingley.org>
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
(cherry picked from commit 379fe506729a20c5fdb072840cb662b032e90c36)

6 years agokernel: bump 4.14 to 4.14.60 for 18.06
Stijn Segers [Sat, 4 Aug 2018 16:08:26 +0000 (18:08 +0200)]
kernel: bump 4.14 to 4.14.60 for 18.06

* Refreshed patches.
* Patches made redundant by changes upstream:
  - target/linux/ramips/patches-4.14/0036-mtd-fix-cfi-cmdset-0002-erase-status-check.patch
* Patches accepted upstream:
  - target/linux/apm821xx/patches-4.14/020-0001-crypto-crypto4xx-remove-bad-list_del.patch
  - target/linux/apm821xx/patches-4.14/020-0011-crypto-crypto4xx-fix-crypto4xx_build_pdr-crypto4xx_b.patch
  - target/linux/brcm63xx/patches-4.14/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch
  - target/linux/brcm63xx/patches-4.14/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch
  - target/linux/generic/backport-4.14/080-net-convert-sock.sk_wmem_alloc-from-atomic_t-to-refc.patch
  - target/linux/generic/pending-4.14/900-gen_stats-fix-netlink-stats-padding.patch

The ext4 regression introduced in 4.14.55 has been fixed by 4.14.60 (commit f547aa20b4f61662ad3e1a2040bb3cc5778f19b0).

Fixes the following CVEs:
- CVE-2018-10876
- CVE-2018-10877
- CVE-2018-10879
- CVE-2018-10880
- CVE-2018-10881
- CVE-2018-10882
- CVE-2018-10883

Thanks to Stijn Tintel for the CVE list :-).

Compile-tested on: ramips/mt7621, x86/64
Run-tested on: ramips/mt7621, x86/64

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
6 years agokernel: bump 4.9 to 4.9.117 for 18.06
Stijn Segers [Sat, 4 Aug 2018 16:08:25 +0000 (18:08 +0200)]
kernel: bump 4.9 to 4.9.117 for 18.06

* Refreshed patches.
* Removed patches:
  - target/linux/ar71xx/patches-4.9/103-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch superseded by upstream
  - target/linux/ar71xx/patches-4.9/403-mtd_fix_cfi_cmdset_0002_status_check.patch superseded by upstream
  - target/linux/brcm63xx/patches-4.9/001-4.11-01-mtd-m25p80-consider-max-message-size-in-m25p80_read.patch accepted upstream
  - target/linux/brcm63xx/patches-4.9/001-4.15-08-bcm63xx_enet-correct-clock-usage.patch accepted upstream
  - target/linux/brcm63xx/patches-4.9/001-4.15-09-bcm63xx_enet-do-not-write-to-random-DMA-channel-on-B.patch accepted upstream
  - target/linux/generic/pending-4.9/900-gen_stats-fix-netlink-stats-padding.patch

* New backported patch to address ext4 breakage, introduced in 4.9.112:
  - backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch

Also add ARM64_SSBD symbol to ARM64 targets still running kernel 4.9

Thanks to Koen Vandeputte for pointing out the need to add the ARM64_SSBD symbol, and the ext4 patch.

Compile-tested on: ar71xx
Run-tested on: ar71xx

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
6 years agouclient: update to latest git HEAD
Jo-Philipp Wich [Fri, 3 Aug 2018 21:50:29 +0000 (23:50 +0200)]
uclient: update to latest git HEAD

f2573da uclient-fetch: use package name pattern in message for missing SSL library
9fd8070 uclient-fetch: Check for nullpointer returned by uclient_get_url_filename
f41ff60 uclient-http: basic auth: Handle memory allocation failure
a73b23b uclient-http: auth digest: Handle multiple possible memory allocation failures
66fb58d uclient-http: Handle memory allocation failure
2ac991b uclient: Handle memory allocation failure for url
63beea4 uclient-http: Implement error handling for header-sending
eb850df uclient-utils: Handle memory allocation failure for url file name
ae1c656 uclient-http: Close ustream file handle only if allocated

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit e44162ffca448d024fe023944df702c9d3f6b586)

6 years agosdk: include arch/arm/ Linux includes along with arch/arm64/ ones
Jo-Philipp Wich [Fri, 3 Aug 2018 11:45:27 +0000 (13:45 +0200)]
sdk: include arch/arm/ Linux includes along with arch/arm64/ ones

The Linux headers on arm64 architectures contain references to common
arch/arm/ headers which were not bundled by the SDK so far.

Check if we're packing the SDK for an arm64 target and if we do, also
include arch/arm headers as well.

Fixes FS#1725.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 4bb8a678e0e0eaf5c3651cc73f3b2c4cb1d267a2)

6 years agoiperf: bump to 2.0.12
Koen Vandeputte [Thu, 2 Aug 2018 13:00:17 +0000 (15:00 +0200)]
iperf: bump to 2.0.12

2.0.12 change set (as of June 25th 2018)

o Change the unicast TTL default value from 1 to the system default (to be compatable with previous versions.) Mulitcast still defaults to 1.
o adpative formatting bug fix: crash occurs when values exceed 1 Tera. Add support for Tera and Peta and eliminate the potential crash condition
o configure default compile to include isochronous support (use configure --disable-isochronous to remove support)
o replace 2.0.11's --vary-load option with a more general -b option to include <mean>,<stdev>, e.g. -b 100m,40m, which will pull from a log normal distribution every 0.1 seconds
o fixes for windows cross compile (using mingw32)
o compile flags of -fPIE for android
o configure --enable-checkprograms to compile ancillary binaries used to test things such as delay, isoch, pdf generation
o compile tests when trying to use 64b seq numbers on a 32b platform
o Fix GCC ver 8 warnings

2.0.11 change set (as of May 24th, 2018)

o support for -b on server (read rate limiting)
o honor -T (ttl) for unicast. (Note: the default value is 1 so this will impact unicast tests that require routing)
o support for --isochronous traffic with optional frames per second, mean and variance uses a log normal distribution (requires configure w/-enable-isochronous and compile)
o support for --udp triggers (requires configure w/ --enable-udptriggers, early code with very limited support)
o support for --udp-histogram with optional bin width and number of bins (default is 1 millisecond bin width and 1000 bins)
o support for frame (burst) latency histograms when --isochronous is set
o support for --tx-sync with -P for synchonrized writes. Initial use is for WiFi OFDMA latency testing.
o support for --incr-dstip with -P for simultaneous flows to multiple destinations (use case is for OFDMA)
o support for --vary-load with optional weight, uses log normal distribution (requires -b to set the mean)
o support for --l2checks to detect L2 length errors not detected by v4 or v6 payload length errors (requires linux, berkeley packet filters BPFs and AF_PACKET socket support)
o support for server joining mulitcast source specific multicast (S,G) and (*,G) for both v4 and v6 on platforms that support it
o improved write counters (requires -e)
o accounting bug fix on client when write fails, this bug was introduced in 2.0.10
o slight restructure client/server traffic thread code for maintainability
o python: flow example script updates
o python: ssh node object using asyncio
o python: histograms in flows with plotting (assumed gnuplot available)
o python: hierarchical clustering of latency histograms (early code)
o man pages updates
o Note: latency histograms require client and server system clock synchronization. A GPS disciplined oscillator using Precision Time Protocol works well for this.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agosdk: bundle usbip userspace sources
Jo-Philipp Wich [Wed, 1 Aug 2018 07:11:17 +0000 (09:11 +0200)]
sdk: bundle usbip userspace sources

Bundle the usbip utility sources shipped with the Linux kernel tree in
order to allow the usbip packages from the package feed to build within
the OpenWrt SDK.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit d0e0b7049f88774e67c3d5ad6b573f7070e5f900)

6 years agoinclude/feeds.mk: fix distfeeds.conf without per-feed repos
Bjørn Mork [Tue, 31 Jul 2018 12:01:12 +0000 (14:01 +0200)]
include/feeds.mk: fix distfeeds.conf without per-feed repos

commit 514a4b3e1b4e4 ("include/feeds.mk: rework generation of opkg
distfeeds.conf") made the per-feed "base" repo unconditional, making
the default configuration fail when PER_FEED_REPO is disabled:

 root@wrt1900ac-1:~# cat /etc/opkg/distfeeds.conf
 src/gz openwrt_core http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages
 src/gz openwrt_base http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base
 root@wrt1900ac-1:~# opkg update
 Downloading http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages/Packages.gz
 Updated list of available packages in /var/opkg-lists/openwrt_core
 Downloading http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages/Packages.sig
 Signature check passed.
 Downloading http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz
 *** Failed to download the package list from http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz

 Collected errors:
  * opkg_download: Failed to download http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz, wget returned 8.

Cc: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: 514a4b3e1b4e ("include/feeds.mk: rework generation of opkg distfeeds.conf")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
[whitespace/indentation fix]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c72f3b5e2b7e9a86488046bb6e2396f2354b82c9)

6 years agobcm53xx: backport BCM5301X/BCM53573 dts commits from 4.19+
Rafał Miłecki [Sat, 28 Jul 2018 19:46:40 +0000 (21:46 +0200)]
bcm53xx: backport BCM5301X/BCM53573 dts commits from 4.19+

This includes Linksys EA9500 support, BCM53573 timer fix and
upstream-ready partitions patch that replaces two downstream hacks.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a07730472c49c1f7bb56afa3eb8be23e6e87b4f1)

6 years agobcm53xx: switch USB 3.0 PHY DT description to use MDIO bus
Rafał Miłecki [Sat, 28 Jul 2018 19:37:46 +0000 (21:37 +0200)]
bcm53xx: switch USB 3.0 PHY DT description to use MDIO bus

USB 3.0 PHY is attached to the MDIO bus and should be supported
(accessed) as a MDIO device. This wasn't known initially which resulted
in writing driver that was working with MDIO bus (using some magic
values) without knowing it.

This commit updates DT to properly describe MDIO & USB 3.0 PHY and
enables required kernel drivers.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 8a175ea2198f59795113a3857f6a742a455ad54f)

6 years agobcm53xx: backport DT fix for I2C controller interrupt
Rafał Miłecki [Sat, 28 Jul 2018 19:35:23 +0000 (21:35 +0200)]
bcm53xx: backport DT fix for I2C controller interrupt

Specified interrupt type was incorrect.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 5c8b8a3fd4be9702940859c1e1e5c3f1b4f33f50)

6 years agokernel: backport mtd support for subpartitions in DT
Rafał Miłecki [Fri, 27 Jul 2018 19:54:08 +0000 (21:54 +0200)]
kernel: backport mtd support for subpartitions in DT

This is a new & warm feature that allows nesting partiitons in DT and
mixing their types (e.g. static vs. dynamic). It's very useful for
boards that have most partitions static but some of them require extra
parsing (e.g. a "firmware" partition).

It's required to successfully backport support for new devices using
that new syntax in their DT files.

Since brcm63xx has a custom alternative patch the upstream one is being
reverted for it. The plan is to make brcm63xx use the upstream
implementation.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 2a598bbaa3f75b7051c2453a6ccf706191cf2153)

6 years agokernel: backport mtd patches with Broadcom of_match_table-s
Rafał Miłecki [Fri, 27 Jul 2018 13:51:53 +0000 (15:51 +0200)]
kernel: backport mtd patches with Broadcom of_match_table-s

Two tiny & trivial patches with no regression risk. One simplifies
bcm53xx downstream patch.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 6bcafea2c04849e8a9cca71a7759b20d1010d643)

6 years agoRe-enable arbitrary IPv6 addresses as outer ip4-in-ip6 tunnel source address
Axel Neumann [Mon, 21 May 2018 18:32:09 +0000 (20:32 +0200)]
Re-enable arbitrary IPv6 addresses as outer ip4-in-ip6 tunnel source address

The 666-Add-support-for-MAP-E-FMRs-mesh-mode.patch kernel patches
break the possibility for using an ip4ip6 tunnel interface as a fall
back interface accepting ip4-in-ip6 tunneled packets from any remote
address. This works out of the box with any normal (non-666-patched)
kernel and can be configured by setting up an 'ip -6 tunnel' with type
'any' or 'ip4ip6' and a remote address of '::'.

The misbehavior comes with line 290 the patch which discards all packets
that do not show the expected saddr, even if no single fmr rule was
defined and despite the validity of the saddr was already approved earlier.

Signed-off-by: Axel Neumann <neumann@cgws.de>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from 65c05301c2)

6 years agokernel: remove duplicate #define's in at803x Ethernet PHY driver
Daniel Golle [Tue, 31 Jul 2018 03:17:52 +0000 (05:17 +0200)]
kernel: remove duplicate #define's in at803x Ethernet PHY driver

AT803X_REG_CHIP_CONFIG and AT803X_BT_BX_REG_SEL have been defined
upstream by commit f62265b53ef3 ("at803x: double check SGMII side autoneg")
An existing local patch then added those exact same defines again which
isn't necessary, so remove them.

Fixes: f791fb4af450 ("kernel: add linux 4.9 support")
Fixes: b3f95490b9be ("kernel: generic: Add kernel 4.14 support")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 67fcff6aaf)

6 years agokernel: re-add patch for AT8032 Ethernet PHY
Daniel Golle [Tue, 31 Jul 2018 02:50:38 +0000 (04:50 +0200)]
kernel: re-add patch for AT8032 Ethernet PHY

The patch was wrongly removed by a kernel version bump to 4.9.106 in
the believe that it was merged upstream thow it wasn't. This lead to
unrecoverable link losses on devices which use those PHYs such as
many ubnt single-port CPEs.

Fixes: 6f8eb1b50f ("kernel: bump 4.9 to 4.9.106 for 18.06")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit a497e47762)

6 years agoca-certificates[18.06]]: remove myself as PKG_MAINTAINER
Christian Schoenebeck [Mon, 30 Jul 2018 19:31:41 +0000 (21:31 +0200)]
ca-certificates[18.06]]: remove myself as PKG_MAINTAINER

remove myself as PKG_MAINTAINER

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>