Yousong Zhou [Wed, 30 Oct 2019 12:41:34 +0000 (12:41 +0000)]
kernel: mark kmod-usb-serial-wwan as hidden
The kconfig symbol is an invisible one since its introduction. It is
not supposed to be enabled on its own.
Resolves FS#1821
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit
4bf9bec361699e1c033460964158531adf15d7ee)
Koen Vandeputte [Mon, 28 Oct 2019 14:55:11 +0000 (15:55 +0100)]
kernel: add missing symbol
Discovered during layerscape compile-testing
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Mon, 28 Oct 2019 13:40:43 +0000 (14:40 +0100)]
kernel: bump 4.14 to 4.14.150
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Mon, 28 Oct 2019 13:24:03 +0000 (14:24 +0100)]
kernel: bump 4.9 to 4.9.197
Refreshed all patches.
Altered patches:
- 804-crypto-support-layerscape.patch
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Compiling target layerscape before this patch shows that it's broken.
Fixing it is out-of-scope for bumping the kernel and will
be done in a later patch.
The altered patch is a sample change which leaves the target
exactly as it was before this bump.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Daniel F. Dickinson [Thu, 27 Dec 2018 03:33:57 +0000 (22:33 -0500)]
brcm2708: Add feature flag rootfs-part
Even with squashfs brcm2708 requires ROOTFS_PART_SIZE because the overlay
exists as a loopback device on the space not used by squashfs in the root
partition. Also for ext4 (the other fs option) ROOTFS_PART_SIZE is required,
so use feature flag rootfs-part to enable it.
Fixes FS#2166
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
(cherry picked from commit
3bb44f42990a75e66972016cde75bed6a3f09ef9)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Yousong Zhou [Thu, 24 Oct 2019 10:34:06 +0000 (10:34 +0000)]
iptables: bump PKG_RELEASE
Package content changed with the previous two cherry-picks
dff0b2104d kernel: netfilter: Add nf_tproxy_ipv{4,6} and nf_socket_ipv{4,6}
a2fe698a40 kernel: Added required dependencies for socket match.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Oldřich Jedlička [Tue, 29 Jan 2019 21:25:33 +0000 (22:25 +0100)]
kernel: Added required dependencies for socket match.
This applies to kernel 4.10 and newer.
See https://github.com/torvalds/linux/commit/
8db4c5be88f62ffd7a552f70687a10c614dc697b
The above commit added to kernel 4.10 added new dependency
for building the NETFILTER_XT_MATCH_SOCKET (xt_socket.ko)
module. The NF_SOCKET_IPVx options (both of them) need to
be enabled in order to build the NETFILTER_XT_MATCH_SOCKET
module. Without the change the module is not built.
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
(cherry picked from commit
66e875a07033cdcfd8c4a16940d4acfe63c60202)
(required for fixing FS#2531)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Hauke Mehrtens [Sun, 18 Nov 2018 17:15:56 +0000 (18:15 +0100)]
kernel: netfilter: Add nf_tproxy_ipv{4,6} and nf_socket_ipv{4,6}
The nf_socket.ko module was split in commit
8db4c5be88f ("netfilter:
move socket lookup infrastructure to nf_socket_ipv{4,6}.c") into a
common, n IPv4 and an IPv6 part.
The nf_tproxy.ko module was split in commit
45ca4e0cf27 ("netfilter:
Libify xt_TPROXY") into a common, an IPv4 and an IPv6 part.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
89806545cc1711f4e33c1c2ac5265aec4afe8078)
(required for fixing FS#2531)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
DENG Qingfang [Sat, 12 Oct 2019 16:29:13 +0000 (00:29 +0800)]
tcpdump: update to 4.9.3
Fixed CVEs:
CVE-2017-16808
CVE-2018-10103
CVE-2018-10105
CVE-2018-14461
CVE-2018-14462
CVE-2018-14463
CVE-2018-14464
CVE-2018-14465
CVE-2018-14466
CVE-2018-14467
CVE-2018-14468
CVE-2018-14469
CVE-2018-14470
CVE-2018-14879
CVE-2018-14880
CVE-2018-14881
CVE-2018-14882
CVE-2018-16227
CVE-2018-16228
CVE-2018-16229
CVE-2018-16230
CVE-2018-16300
CVE-2018-16301
CVE-2018-16451
CVE-2018-16452
CVE-2019-15166
CVE-2019-15167
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit
394273c066b8f4317b77f3ede216cfcdd45250c1)
DENG Qingfang [Sat, 12 Oct 2019 16:28:32 +0000 (00:28 +0800)]
libpcap: update to 1.9.1
Fixed CVEs:
CVE-2018-16301
CVE-2019-15161
CVE-2019-15162
CVE-2019-15163
CVE-2019-15164
CVE-2019-15165
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit
44f11353de044834a442d3192b66579b99305720)
Syrone Wong [Thu, 26 Jul 2018 14:46:38 +0000 (22:46 +0800)]
libpcap: update to 1.9.0
001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch dropped due to upstream
002-Add-missing-compiler_state_t-parameter.patch dropped due to upstream
202-protocol_api.patch dropped due to implemented upstream by another way
upstream commit: https://github.com/the-tcpdump-group/libpcap/commit/
55c690f6f834b4762697d7a134de439c9096c921
and renamed via: https://github.com/the-tcpdump-group/libpcap/commit/
697b1f7e9b1d6f5a5be04f821d7c5dc62458bb3b
ead is the only user who use the protocol api, we have to use the new api since libpcap 1.9.0
Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
Koen Vandeputte [Mon, 14 Oct 2019 12:30:25 +0000 (14:30 +0200)]
kernel: bump 4.14 to 4.14.149
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Tue, 8 Oct 2019 13:04:58 +0000 (15:04 +0200)]
kernel: bump 4.14 to 4.14.148
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Tue, 8 Oct 2019 13:01:15 +0000 (15:01 +0200)]
kernel: bump 4.9 to 4.9.196
Refreshed all patches.
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Mon, 7 Oct 2019 11:10:45 +0000 (13:10 +0200)]
kernel: bump 4.14 to 4.14.147
Refreshed all patches.
Compile-tested on: cns3xxx, imx6
Compile-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Mon, 7 Oct 2019 11:06:05 +0000 (13:06 +0200)]
kernel: bump 4.9 to 4.9.195
Refreshed all patches.
Altered patches:
- 403-mtd_fix_cfi_cmdset_0002_status_check.patch
Compile-tested on: ar71xx
Compile-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Christian Lamparter [Sat, 28 Sep 2019 12:31:16 +0000 (14:31 +0200)]
apm821xx: fix fan control on highest step
This patch removes a typo (extra "0") so that the 'cpu-alert6'
step is triggered once the system reaches 85°C.
Note: Unless the WNDR4700 is placed in an hot oven, the
hardware-monitor will never reach this value.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Rafał Miłecki [Thu, 26 Sep 2019 04:45:11 +0000 (06:45 +0200)]
brcm47xx: sysupgrade: fix device model detection
$(board_name) was providing content on "boardtype" (and optionally
"boardnum") NVRAM values. That function requires & expects more specific
and detailed model name extracted from the /proc/cpuinfo.
Fixes: f12a32630ff5 ("treewide: use the generic board_name function")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Koen Vandeputte [Tue, 24 Sep 2019 09:07:18 +0000 (11:07 +0200)]
kernel: bump 4.14 to 4.14.146
Refreshed all patches.
Fixes:
- CVE-2019-14814
- CVE-2019-14815
- CVE-2019-14816
- CVE-2019-14821
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Tue, 24 Sep 2019 08:59:28 +0000 (10:59 +0200)]
kernel: bump 4.9 to 4.9.194
Refreshed all patches.
Fixes:
- CVE-2019-14814
- CVE-2019-14815
- CVE-2019-14816
- CVE-2019-14821
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Hauke Mehrtens [Fri, 20 Sep 2019 20:20:16 +0000 (22:20 +0200)]
hostapd: Fix AP mode PMF disconnection protection bypass
This fixes
* CVE-2019-16275 AP mode PMF disconnection protection bypass
https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
a6981604b30bc1ddc1713b368fe853d89c2ba40d)
Hauke Mehrtens [Sun, 8 Sep 2019 21:53:18 +0000 (23:53 +0200)]
hostapd: SAE/EAP-pwd side-channel attack update
Fixes this security problem:
* SAE/EAP-pwd side-channel attack update
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
7bed9bf10fc8d05df34c7efc66e8b4ade37a1a0c)
Magnus Kroken [Wed, 18 Sep 2019 19:22:16 +0000 (21:22 +0200)]
mbedtls: update to 2.16.3
Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch,
the issue has been fixed upstream.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit
49d96ffc5c47e40b7f3d99a91a42ea8a54a38bd9)
Josef Schlehofer [Tue, 18 Jun 2019 22:31:03 +0000 (00:31 +0200)]
mbedtls: Update to version 2.16.2
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
(cherry picked from commit
a2f54f6d5d98211e9c58420eed8c67f4fca83665)
Eneas U de Queiroz [Tue, 17 Sep 2019 19:01:24 +0000 (16:01 -0300)]
openssl: bump to 1.0.2t, add maintainer
This version fixes 3 low-severity vulnerabilities:
- CVE-2019-1547: ECDSA remote timing attack
- CVE-2019-1549: Fork Protection
- CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
CMS_decrypt_set1_pkey
Patches were refreshed, and Eneas U de Queiroz added as maintainer.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Koen Vandeputte [Fri, 20 Sep 2019 13:09:54 +0000 (15:09 +0200)]
kernel: bump 4.14 to 4.14.145
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Wed, 18 Sep 2019 13:07:31 +0000 (15:07 +0200)]
kernel: bump 4.14 to 4.14.144
Refreshed all patches.
Fixes:
- CVE-2019-15030
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Wed, 18 Sep 2019 13:05:34 +0000 (15:05 +0200)]
kernel: bump 4.9 to 4.9.193
Refreshed all patches.
Fixes:
- CVE-2019-15030
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Rafał Miłecki [Mon, 16 Sep 2019 06:04:27 +0000 (08:04 +0200)]
mac80211: brcmfmac: backport the last 5.4 changes
This makes brcmfmac use the same wiphy after PCIe reset to help user
space handle corner cases (e.g. firmware crash).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
f39f4b2f6d4300995270f635261b07197e8cf61e)
Koen Vandeputte [Wed, 11 Sep 2019 10:51:12 +0000 (12:51 +0200)]
ar71xx: fix potential IRQ misses during dispatch for qca953x
If both interrupts are set in the current implementation
only the 1st will be handled and the 2nd will be skipped
due to the "if else" condition.
Fix this by using the same approach as done for QCA955x
just below it.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Wed, 11 Sep 2019 10:29:53 +0000 (12:29 +0200)]
ar71xx: Fix potentially missed IRQ handling during dispatch
If both interrupts are set in the current implementation
only the 1st will be handled and the 2nd will be skipped
due to the "if else" condition.
Fix this by using the same approach as done for QCA955x
just below it.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Wed, 11 Sep 2019 09:49:14 +0000 (11:49 +0200)]
kernel: bump 4.14 to 4.14.143
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Wed, 11 Sep 2019 09:23:15 +0000 (11:23 +0200)]
kernel: bump 4.9 to 4.9.192
Refreshed all patches.
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Yousong Zhou [Wed, 11 Sep 2019 13:25:17 +0000 (13:25 +0000)]
tools: mkimage: fix __u64 typedef conflict with new glibc
Including "sys/stat.h" from newer glibc will cause __u64 from linux uapi
header to be included, causing compilation failure for u-boot tools
USE_HOSTCC
Remove typedef for __u64 in include/compiler.h to fix the issue. It should be
safe because as of u-boot-2018.03, no ref to __u64 is found under u-boot tools/
directory
Error message snippet follows
HOSTCC tools/mkenvimage.o
In file included from /usr/include/asm-generic/types.h:7,
from /usr/include/asm/types.h:5,
from /usr/include/linux/types.h:5,
from /usr/include/linux/stat.h:5,
from /usr/include/bits/statx.h:30,
from /usr/include/sys/stat.h:446,
from tools/mkenvimage.c:21:
/usr/include/asm-generic/int-ll64.h:31:42: error: conflicting types for '__u64'
31 | __extension__ typedef unsigned long long __u64;
| ^~~~~
In file included from <command-line>:
././include/compiler.h:69:18: note: previous declaration of '__u64' was here
69 | typedef uint64_t __u64;
| ^~~~~
make[5]: *** [scripts/Makefile.host:116: tools/mkenvimage.o] Error 1
Ref: https://forum.openwrt.org/t/compile-error-19-07/44423
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=
1699194
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Koen Vandeputte [Mon, 9 Sep 2019 11:07:58 +0000 (13:07 +0200)]
kernel: bump 4.14 to 4.14.142
Refreshed all patches.
Remove upstreamed:
- 0032-usb-host-fotg2-restart-hcd-after-port-reset.patch
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Mon, 9 Sep 2019 10:43:30 +0000 (12:43 +0200)]
kernel: bump 4.9 to 4.9.191
Refreshed all patches.
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Adrian Schmutzler [Sat, 7 Sep 2019 15:06:51 +0000 (17:06 +0200)]
ramips: fix duplicate network setup for dlink, dir-615-h1
In
555ca422d1cb ("ramips: fix D-Link DIR-615 H1 switch port
mapping"), port setup for dir-615-h1 was changed without removing
the old one. This was working as the new one was triggered earlier
than the old one.
(In the meantine, changed sorting during ramips rename patches
actually inversed that order.)
Anyway, just remove the wrong case now.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
e35e4a996e26f17b69d200505ecea78af96a2704)
Mirko Parthey [Sat, 7 Sep 2019 15:06:50 +0000 (17:06 +0200)]
ramips: fix D-Link DIR-615 H1 switch port mapping
Reuse a device-specific switch port mapping which also applies to the
D-Link DIR-615 H1.
Signed-off-by: Mirko Parthey <mirko.parthey@web.de>
[cherry-pick/rebase]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
555ca422d1cbc2db354c0ed03d1a79650f590859)
Adrian Schmutzler [Sat, 7 Sep 2019 15:06:49 +0000 (17:06 +0200)]
ramips: remove duplicate case for MAC setup of freestation5
ARC FreeStation5 is present twice in MAC address setup.
>From older commits/changes, it is not possible to reconstruct
the correct choice only by reading the annotations.
Thus, remove the second case and keep the first one, so behavior
stays the same (as nobody seems to have complained about it).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
ad4eb2241b33b05b0942a3fa7ed2e53fb6e84386)
Rafał Miłecki [Mon, 9 Sep 2019 07:37:53 +0000 (09:37 +0200)]
mac80211: brcmfmac: backport more kernel 5.4 changes
Patch getting RAM info got upstreamed. A debugging fs entry for testing
reset feature was added.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
681acdcc54d2e59135bb706c38bed942f74ccf74)
Josef Schlehofer [Sun, 1 Sep 2019 18:34:01 +0000 (20:34 +0200)]
bzip2: Fix CVE-2019-12900
More details about this CVE:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Michal Cieslakiewicz [Fri, 2 Aug 2019 15:12:34 +0000 (17:12 +0200)]
ar71xx: WNR2200: remove redundant GPIO for WLAN LED
Without this patch, an extra entry appears for AR9287 GPIO
that duplicates WLAN LED but in fact drives nothing:
gpiochip1: GPIOs 502-511, ath9k-phy0:
gpio-502 ( |netgear:blue:wlan ) out hi
gpio-503 ( |netgear:amber:test ) out hi
gpio-504 ( |netgear:green:power ) out lo
gpio-505 ( |rfkill ) in hi
gpio-507 ( |wps ) in hi
gpio-508 ( |reset ) in hi
gpio-510 ( |ath9k-phy0 ) out hi <===!
The pin pointed above is default LED GPIO (8) for AR9287.
For WNR2200 it is not connected anywhere - pin 0 drives blue WLAN
LED instead - but initialization code is missing that information.
This fix calls ap9x_pci_setup_wmac_led_pin() function at device
setup, forcing WLAN LED pin to be 0 and removing redundant entry.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
Koen Vandeputte [Thu, 29 Aug 2019 09:00:17 +0000 (11:00 +0200)]
kernel: bump 4.14 to 4.14.141
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Wed, 28 Aug 2019 10:12:41 +0000 (12:12 +0200)]
ath9k: backport dynack improvements
Close cooperation with Lorenzo Bianconi resulted
in these patches which fix all remaining seen issues
when using dynack.
Fix link losses when:
- Late Ack's are not seen or not present
- switching from too low static coverage class to dynack on a live link
These are fixed by setting the Ack Timeout/Slottime to
the max possible value for the currently used channel width when
a new station has been discovered.
When traffic flows, dynack is able to adjust to optimal values
within a few packets received (typically < 1 second)
These changes have been thoroughly tested on ~60 offshore devices
all interconnected using mesh over IBSS and dynack enabled on all.
Distances between devices varied from <100m up to ~35km
[move patches to correct folder + renumber]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
(cherry picked from commit
f6e8ba0238fe349b7529357793e2fb18635819ed)
Koen Vandeputte [Tue, 27 Aug 2019 10:32:17 +0000 (12:32 +0200)]
kernel: bump 4.14 to 4.14.140
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Tue, 27 Aug 2019 10:31:51 +0000 (12:31 +0200)]
kernel: bump 4.9 to 4.9.190
Refreshed all patches.
Fixes:
- CVE-2019-3900
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Fri, 16 Aug 2019 10:05:22 +0000 (12:05 +0200)]
kernel: bump 4.14 to 4.14.139
Refreshed all patches.
Also add a missing symbol for x86 which got used now in this bump.
- ISCSI_IBFT
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Hauke Mehrtens [Sun, 18 Aug 2019 21:24:43 +0000 (23:24 +0200)]
musl: Fix CVE-2019-14697
musl libc through 1.1.23 has an x87 floating-point stack adjustment
imbalance, related to the math/i386/ directory. In some cases, use of
this library could introduce out-of-bounds writes that are not present
in an application's source code.
This problem only affects x86 and no other architectures.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
c262daf308e0f0bd93bb5c5ee6238773935079ee)
Jan Pavlinec [Thu, 15 Aug 2019 10:51:52 +0000 (12:51 +0200)]
iptables: patch CVE-2019-11360 (security fix)
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
Luiz Angelo Daros de Luca [Tue, 13 Aug 2019 06:01:07 +0000 (03:01 -0300)]
musl: ldso/dlsym: fix mips returning undef dlsym
This happens only the second time a library is loaded by dlopen().
After lib1 is loaded, dlsym(lib1,"undef1") correctly resolves the undef
symbol from lib1 dependencies. After the second library is loaded,
dlsym(lib2,"undef1") was returning the address of "undef1" in lib2
instead of searching lib2 dependencies.
Backporting upstream fix which now uses the same logic for relocation
time and dlsym.
Fixes openwrt/packages#9297
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Eneas U de Queiroz [Mon, 5 Aug 2019 17:45:41 +0000 (14:45 -0300)]
wolfssl: fixes for CVE-2018-16870 & CVE-2019-13628
CVE-2018-16870: medium-severity, new variant of the Bleichenbacher
attack to perform downgrade attacks against TLS, which may lead to
leakage of sensible data. Backported from 3.15.7.
CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes
when performing ECDSA signing operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack. Backported from 4.1.0.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Koen Vandeputte [Mon, 12 Aug 2019 08:45:33 +0000 (10:45 +0200)]
kernel: bump 4.14 to 4.14.138
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Mon, 12 Aug 2019 08:11:14 +0000 (10:11 +0200)]
kernel: bump 4.9 to 4.9.189
Refreshed all patches.
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Rosen Penev [Mon, 6 May 2019 21:57:18 +0000 (14:57 -0700)]
xfsprogs: Replace valloc with posix_memalign
Fixes compilation under uClibc-ng.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
e49b6bb61828b8b903db0ef48113b4065a215c63)
Rosen Penev [Wed, 1 May 2019 17:04:45 +0000 (10:04 -0700)]
libbsd: Fix compilation under ARC
The 8 year old file does not have any ARC definitions.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[updated content of the patch with version sent to upstream]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
395bef4bbacc0dd1cca72907529539194504be27)
Rosen Penev [Wed, 1 May 2019 17:08:10 +0000 (10:08 -0700)]
nftables: Fix compilation with uClibc-ng
Missing header for va_list.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
(cherry picked from commit
2f977974714468e1a0ee20e4cce233da63d06dd0)
Russell Senior [Sun, 11 Aug 2019 20:57:08 +0000 (13:57 -0700)]
tools/patch: apply upstream patch for cve-2019-13638
GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed style
diff payload with shell metacharacters. The ed editor does not need to be
present on the vulnerable system. This is different from CVE-2018-
1000156.
https://nvd.nist.gov/vuln/detail/CVE-2019-13638
Signed-off-by: Russell Senior <russell@personaltelco.net>
(cherry picked from commit
bcfd1d76852974170780dbe368e6194dbb0e123e)
Russell Senior [Mon, 29 Jul 2019 19:09:09 +0000 (12:09 -0700)]
tools/patch: apply upstream patch for CVE-2019-13636
In GNU patch through 2.7.6, the following of symlinks is mishandled in
certain cases other than input files. This affects inp.c and util.c.
https://nvd.nist.gov/vuln/detail/CVE-2019-13636
Signed-off-by: Russell Senior <russell@personaltelco.net>
(cherry picked from commit
995bcc532943639f3df36dbcaa361f9167f9f4d5)
Koen Vandeputte [Wed, 7 Aug 2019 12:25:32 +0000 (14:25 +0200)]
kernel: bump 4.14 to 4.14.137
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Wed, 7 Aug 2019 11:54:26 +0000 (13:54 +0200)]
kernel: bump 4.9 to 4.9.188
Refreshed all patches.
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Jo-Philipp Wich [Tue, 6 Aug 2019 19:22:27 +0000 (21:22 +0200)]
config: introduce separate CONFIG_SIGNATURE_CHECK option
Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value
of CONFIG_SIGNED_PACKAGES and thus is enabled by default.
This option is needed to support building target opkg with enabled
signature verification while having the signed package lists disabled.
Our buildbots currently disable package signing globally in the
buildroot and SDK to avoid the need to ship private signing keys to
the build workers and to prevent the triggering of random key generation
on the worker nodes since package signing happens off-line on the master
nodes.
As unintended side-effect, updated opkg packages will get built with
disabled signature verification, hence the need for a new override option.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
f565f276e2c06ac8f3176e0b16d6f2d40cd653d4)
Jo-Philipp Wich [Wed, 7 Aug 2019 05:15:07 +0000 (07:15 +0200)]
packages: apply usign padding workarounds to package indexes if needed
Since usign miscalculates SHA-512 digests for input sizes of exactly
64 + N * 128 + 110 or 64 + N * 128 + 111 bytes, we need to apply some
white space padding to avoid triggering the hashing edge case.
While usign itself has been fixed already, there is still many firmwares
in the wild which use broken usign versions to verify current package
indexes so we'll need to carry this workaround in the forseeable future.
Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Ref: https://git.openwrt.org/
5a52b379902471cef495687547c7b568142f66d2
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit
e1f588e446c7ceb696b644b37aeab9b3476e2a57)
Jo-Philipp Wich [Tue, 6 Aug 2019 18:55:39 +0000 (20:55 +0200)]
usign: update to latest Git HEAD
This update fixes usign signature verification on files with certain
file sizes triggering a bug in the shipped SHA-512 implementation.
5a52b37 sha512: fix bad hardcoded constant in sha512_final()
3e6648b README: replace unicode character
716c3f2 README: add reference to OpenBSD signify
86d3668 README: provide reference for
ed25519 algorithm
939ec35 usign: main.c: describe necessary arguments for -G
Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
991dd5a89340367920315a3fd0390a7423e6b34a)
Koen Vandeputte [Mon, 5 Aug 2019 10:21:47 +0000 (12:21 +0200)]
kernel: bump 4.14 to 4.14.136
Refreshed all patches.
Altered patches:
- 306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch
Remove upstreamed:
- 505-arm64-dts-marvell-Fix-A37xx-UART0-register-size
Fixes:
- CVE-2019-13648
- CVE-2019-10207
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Mon, 5 Aug 2019 09:06:09 +0000 (11:06 +0200)]
kernel: bump 4.9 to 4.9.187
Refreshed all patches.
Altered patches:
- 021-bridge-multicast-to-unicast.patch
Remove upstreamed:
- 001-um-Allow-building-and-running-on-older-hosts.patch
- 003-um-Fix-check-for-_xstate-for-older-hosts.patch
Fixes:
- CVE-2019-10207
- CVE-2019-13648
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Leon M. George [Fri, 26 Jul 2019 18:21:26 +0000 (20:21 +0200)]
ar71xx: wpj531: fix SIG1/RSS1 LED GPIO
In commit
6c937df749c7 ("ar71xx: wpj531: fix GPIOs for LED") wrong GPIO
13 for SIG1/RSS1 LED was commited, the correct GPIO number for this LED
is 12.
It's listed in "Hardware Guide - wpj531 7A06 (02/07/2019)" as GPIO12/RSS1
on the LED header and same GPIO 12 is used in the vendor's SDK as well.
Fixes: 6c937df749c7 ("ar71xx: wpj531: fix GPIOs for LED")
Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit subject/message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
c070662980047838004b83f7af59e7015d3c7922)
David Bauer [Tue, 30 Jul 2019 17:16:21 +0000 (19:16 +0200)]
ar71xx: fix HiveAP 121 PLL for 1000M
The Aerohive HiveAP 121 has the wrong PLL value set for Gigabit speeds,
leading to packet-loss. 10M and 100M work fine.
This commit sets the Gigabit Ethernet PLL value to the correct value,
fixing packet loss.
Confirmed with iperf and floodping.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit
cb49e46a8a4526d86270ced3ba3aa90225ca82d7)
Koen Vandeputte [Mon, 29 Jul 2019 11:55:26 +0000 (13:55 +0200)]
kernel: bump 4.14 to 4.14.134
Refreshed all patches.
Fixes:
- CVE-2019-3846
- CVE-2019-3900
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Mon, 29 Jul 2019 11:53:37 +0000 (13:53 +0200)]
kernel: bump 4.9 to 4.9.186
Refreshed all patches.
Fixes:
- CVE-2019-3846
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Mon, 29 Jul 2019 13:15:02 +0000 (15:15 +0200)]
imx6: bump SDMA firmware to 3.5
- add uart rom script address in header of sdma firmware to support
the uart driver of latest kernel working well while old firmware
assume ram script used for uart driver as NXP internal legacy
kernel.
- add multi-fifo SAI/PDM scripts.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit
819b6345a206ad182dd3c2d786a3d7f04e33f751)
Koen Vandeputte [Mon, 8 Apr 2019 16:06:38 +0000 (18:06 +0200)]
imx6: bump sdma firmware to 3.4
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit
fa8d5ad21bd7f12c2d9c3580226d0c708255e55d)
Rafał Miłecki [Sun, 28 Jul 2019 14:21:04 +0000 (16:21 +0200)]
mac80211: brcm: improve brcmfmac debugging of firmware crashes
This provides a complete console messages dump.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Sun, 28 Jul 2019 14:13:47 +0000 (16:13 +0200)]
mac80211: brcm: update brcmfmac 5.4 patches
Use commits from wireless-drivers-next.git.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Eneas U de Queiroz [Fri, 14 Dec 2018 18:25:27 +0000 (16:25 -0200)]
omcproxy: fix compilation on little-endian CPUs
Don't use cpu_to_be32 outside of a function.
In file included from /omcproxy-2017-02-14-
1fe6f48f/src/omcproxy.h:51:0,
from omcproxy-2017-02-14-
1fe6f48f/src/mrib.c:39:
omcproxy-2017-02-14-
1fe6f48f/src/mrib.c:57:34: error: braced-group within expression allowed only inside a function
static uint32_t ipv4_rtr_alert = cpu_to_be32(0x94040000);
^
cc1: warning: unrecognized command line option '-Wno-gnu'
Ref: https://downloads.openwrt.org/releases/faillogs-18.06/arm_cortex-a9_vfpv3/base/omcproxy/compile.txt
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
[more verbose commit message]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
cb4d00d1841ef6269114f2bd3880800dbdfba3b1)
Jo-Philipp Wich [Thu, 31 Jan 2019 11:25:19 +0000 (12:25 +0100)]
scripts: ipkg-make-index.sh: dereference symbolic links
Use `stat -L` instead of `ls -l` to follow symbolic links when obtaining
the file size of .ipk archives.
Without this change, the size of the symlink, not the size of the target
file is encoded in the package index file.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
ece5cab743f9df6c9655d6117e92fda110292173)
Fixes: e6af9c017b0c ("opkg: bump to version 2019-06-14")
[ rmilecki: this has to be backported due to the recent opkg update and
cb6640381808 ("libopkg: check for file size mismatches") to fix false
"opkg_install_pkg: Package size mismatch" errors ]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Sun, 21 Jul 2019 21:09:53 +0000 (23:09 +0200)]
mac80211: brcmfmac: backport fixes from kernel 5.4
This fixes:
1) Crash during USB disconnect
2) Crash in brcmf_txfinalize() on rmmod with packets queued
3) Some errors in exit path
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Yousong Zhou [Fri, 12 Jul 2019 07:50:21 +0000 (07:50 +0000)]
busybox: strip off ALTERNATIVES spec
Now that busybox is a known alternatives provider by opkg, we remove the
ALTERNATIVES spec and add a note to make the implicit situation clear
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry-picked from
62be427067ee3883b68bcfb08dfc0c43dce22fa3)
Yousong Zhou [Fri, 12 Jul 2019 07:52:03 +0000 (07:52 +0000)]
opkg: bump to version 2019-06-14
Changelog
dcbc142 alternatives: remove duplicate 'const' specifier
21b7bd7 alternatives: special-case busybox as alternatives provider
d4ba162 libopkg: only perform size check when information is available
cb66403 libopkg: check for file size mismatches
Opkg starting from this version special-cases busybox as alternatives
provider. There should be no need to add entries to ALTERNATIVES of
busybox package
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Adrian Schmutzler [Mon, 8 Jul 2019 08:17:28 +0000 (10:17 +0200)]
base-files: Fix path check in get_mac_binary
Logic was inverted when changing from string check to file check.
Fix it.
Fixes: 8592602d0a88 ("base-files: Really check path in get_mac_binary")
Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
6ed3349308b24a6bac753643970a1f9f56ff6070)
Koen Vandeputte [Tue, 9 Jul 2019 09:21:04 +0000 (11:21 +0200)]
kernel: bump 4.14 to 4.14.132
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Adrian Schmutzler [Thu, 4 Jul 2019 21:28:44 +0000 (23:28 +0200)]
base-files: Really check path in get_mac_binary
Currently, path argument is only checked for being not empty.
This changes behavior to actually check whether path exists.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Jason A. Donenfeld [Sat, 1 Jun 2019 11:39:59 +0000 (13:39 +0200)]
wireguard: bump to 0.0.
20190601
There was an issue with the backport compat layer in yesterday's snapshot,
causing issues on certain (mostly Atom) Intel chips on kernels older than
4.2, due to the use of xgetbv without checking cpu flags for xsave support.
This manifested itself simply at module load time. Indeed it's somewhat tricky
to support 33 different kernel versions (3.10+), plus weird distro
frankenkernels.
If OpenWRT doesn't support < 4.2, you probably don't need to apply this.
But it also can't hurt, and probably best to stay updated.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit
593b487538079f2a22300f3f22ffb21b20da36a0)
Mathias Kresin [Wed, 22 Aug 2018 05:30:36 +0000 (07:30 +0200)]
ramips: fix mt7620 pinmux for second SPI
The mt7620 doesn't have a pinmux group named spi_cs1. The cs1 is part
of the "spi refclk" group. The function "spi refclk" enables the second
chip select.
On reset, the pins of the "spi refclk" group are used as reference
clock and GPIO.
Signed-off-by: Mathias Kresin <dev@kresin.me>
(cherry picked from commit
3601c3de23f15e2735adc4becdca14c803b6b1a5)
Jo-Philipp Wich [Sun, 30 Jun 2019 10:16:44 +0000 (12:16 +0200)]
OpenWrt v18.06.4: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Sun, 30 Jun 2019 10:16:40 +0000 (12:16 +0200)]
OpenWrt v18.06.4: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Koen Vandeputte [Thu, 20 Jun 2019 11:08:30 +0000 (13:08 +0200)]
uqmi: bump to latest git HEAD
1965c7139374 uqmi: add explicit check for message type when expecting a response
01944dd7089b uqmi_add_command: fixed command argument assignment
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit
47986dc6ea1d643cd348501da09cd2e3ee2f9ee1)
Jo-Philipp Wich [Wed, 14 Nov 2018 11:49:45 +0000 (12:49 +0100)]
uqmi: inherit firewall zone membership to virtual sub interfaces
Fix an issue where subinterfaces were not added to the same
firewall zone as their parent.
Fixes: FS#2122
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit
64bb88841fbc2d9a9dfee12775a18e5dc89ac16e)
Daniel Golle [Wed, 20 Feb 2019 14:12:44 +0000 (15:12 +0100)]
uqmi: fix PIN_STATUS_FAILED error with MC7455 WCDMA/LTE modem
Apparently this modem replies differently to attempted --get-pin-status
which makes the script fail if a pincode is set. Fix this.
Manufacturer: Sierra Wireless, Incorporated
Model: MC7455
Revision: SWI9X30C_02.24.05.06 r7040 CARMD-EV-FRMWR2 2017/05/19 06:23:09
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
0b373bf4d6a1a7a53e06946972ebb812b4cc2f0f)
Koen Vandeputte [Thu, 27 Jun 2019 10:36:48 +0000 (12:36 +0200)]
kernel: bump 4.14 to 4.14.131
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Thu, 27 Jun 2019 10:35:59 +0000 (12:35 +0200)]
kernel: bump 4.9 to 4.9.184
Refreshed all patches.
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Tue, 25 Jun 2019 10:53:55 +0000 (12:53 +0200)]
kernel: bump 4.14 to 4.14.130
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Mon, 24 Jun 2019 11:44:29 +0000 (13:44 +0200)]
kernel: bump 4.14 to 4.14.129
Refreshed all patches.
Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Koen Vandeputte [Mon, 24 Jun 2019 11:42:02 +0000 (13:42 +0200)]
kernel: bump 4.9 to 4.9.183
Refreshed all patches.
Remove upstreamed:
- 010-revert-staging-vc04_services-prevent-integer-overflow-in-create_pagelist.patch
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Jo-Philipp Wich [Fri, 21 Jun 2019 12:26:23 +0000 (14:26 +0200)]
OpenWrt v18.06.3: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Fri, 21 Jun 2019 12:26:22 +0000 (14:26 +0200)]
OpenWrt v18.06.3: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Karel Kočí [Wed, 5 Jun 2019 11:18:41 +0000 (13:18 +0200)]
fstools: block-mount: fix restart of fstab service
Restarting service causes file-systems to be unmounted without being
mounted back. When this service was obsoleted it should have been
implemented in a way that all actions are ignored. Up to this commit
default handler was called when restart was requested. This default
handler just simply calls stop and start. That means that stop called
unmount but start just printed that this service is obsoleted.
This instead implements restart that just prints same message like start
does. It just calls start in reality. This makes restart unavailable for
call.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit
3ead9e7b743b1fbd3b07f5a72a16999abbec9347)
Petr Štetiar [Thu, 28 Mar 2019 11:57:08 +0000 (12:57 +0100)]
fstools: update to the latest master branch
ff1ded6 libfstools: Fix overflow of F2FS_MINSIZE constant
bc2c876 libfstools: Print error in case of loop blkdev failure
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
1e55171a1213472e180e9320d8b1d08621d2b8d5)
Matthias Badaire [Tue, 15 May 2018 22:07:37 +0000 (00:07 +0200)]
fstools: media change detection (eg:sdcard) using kernel polling
Linux kernel has a polling mechanism that can be activated by changing
the parameter /sys/module/block/parameters/events_dfl_poll_msecs which
is deactivated by default or the /sys/block/[device]/events_poll_msecs
for one device.
This patch set the events_poll_msecs when a disk is inserted.
Once the media disk change event is sent by the kernel then we force a
re-read of the devices using /sbin/block info.
With this patch, insertion and ejection of sd card will automatically
generate partition devices in /dev.
Signed-off-by: Matthias Badaire <mbadaire@gmail.com>
[rewrap commit message, fix bashisms, fix non-matching condition,
bump pkg release]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
cf8483cb4ffc99bf3f512bb134860ccc8c099abe)
Hauke Mehrtens [Fri, 17 May 2019 21:22:02 +0000 (23:22 +0200)]
hostapd: fix multiple security problems
This fixes the following security problems:
* CVE-2019-9494: cache attack against SAE
* CVE-2019-9495: cache attack against EAP-pwd
* CVE-2019-9496: SAE confirm missing state validation in hostapd/AP
* CVE-2019-9497: EAP-pwd server not checking for reflection attack)
* CVE-2019-9498: EAP-pwd server missing commit validation for scalar/element
* CVE-2019-9499: EAP-pwd peer missing commit validation for scalar/element
* CVE-2019-11555: EAP-pwd message reassembly issue with unexpected fragment
Most of these problems are not relevant for normal users, SAE is only
used in ieee80211s mesh mode and EAP-pwd is normally not activated.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Matthias Schiffer [Thu, 20 Jun 2019 21:42:38 +0000 (23:42 +0200)]
brcm2708: Revert "staging: vc04_services: prevent integer overflow in create_pagelist()"
The bump to 4.9.181 broke build for bcm2708 and bcm2709. Revert the
offending patch.
The same revert is also queued for the next upstream 4.9.y release.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>