Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Compiling target layerscape before this patch shows that it's broken.
Fixing it is out-of-scope for bumping the kernel and will
be done in a later patch.
The altered patch is a sample change which leaves the target
exactly as it was before this bump.
Even with squashfs brcm2708 requires ROOTFS_PART_SIZE because the overlay
exists as a loopback device on the space not used by squashfs in the root
partition. Also for ext4 (the other fs option) ROOTFS_PART_SIZE is required,
so use feature flag rootfs-part to enable it.
Fixes FS#2166
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
(cherry picked from commit 3bb44f42990a75e66972016cde75bed6a3f09ef9) Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The above commit added to kernel 4.10 added new dependency
for building the NETFILTER_XT_MATCH_SOCKET (xt_socket.ko)
module. The NF_SOCKET_IPVx options (both of them) need to
be enabled in order to build the NETFILTER_XT_MATCH_SOCKET
module. Without the change the module is not built.
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
(cherry picked from commit 66e875a07033cdcfd8c4a16940d4acfe63c60202)
(required for fixing FS#2531) Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Hauke Mehrtens [Sun, 18 Nov 2018 17:15:56 +0000 (18:15 +0100)]
kernel: netfilter: Add nf_tproxy_ipv{4,6} and nf_socket_ipv{4,6}
The nf_socket.ko module was split in commit 8db4c5be88f ("netfilter:
move socket lookup infrastructure to nf_socket_ipv{4,6}.c") into a
common, n IPv4 and an IPv6 part.
The nf_tproxy.ko module was split in commit 45ca4e0cf27 ("netfilter:
Libify xt_TPROXY") into a common, an IPv4 and an IPv6 part.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 89806545cc1711f4e33c1c2ac5265aec4afe8078)
(required for fixing FS#2531) Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Syrone Wong [Thu, 26 Jul 2018 14:46:38 +0000 (22:46 +0800)]
libpcap: update to 1.9.0
001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch dropped due to upstream
002-Add-missing-compiler_state_t-parameter.patch dropped due to upstream
$(board_name) was providing content on "boardtype" (and optionally
"boardnum") NVRAM values. That function requires & expects more specific
and detailed model name extracted from the /proc/cpuinfo.
Fixes: f12a32630ff5 ("treewide: use the generic board_name function") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
tools: mkimage: fix __u64 typedef conflict with new glibc
Including "sys/stat.h" from newer glibc will cause __u64 from linux uapi
header to be included, causing compilation failure for u-boot tools
USE_HOSTCC
Remove typedef for __u64 in include/compiler.h to fix the issue. It should be
safe because as of u-boot-2018.03, no ref to __u64 is found under u-boot tools/
directory
Error message snippet follows
HOSTCC tools/mkenvimage.o
In file included from /usr/include/asm-generic/types.h:7,
from /usr/include/asm/types.h:5,
from /usr/include/linux/types.h:5,
from /usr/include/linux/stat.h:5,
from /usr/include/bits/statx.h:30,
from /usr/include/sys/stat.h:446,
from tools/mkenvimage.c:21:
/usr/include/asm-generic/int-ll64.h:31:42: error: conflicting types for '__u64'
31 | __extension__ typedef unsigned long long __u64;
| ^~~~~
In file included from <command-line>:
././include/compiler.h:69:18: note: previous declaration of '__u64' was here
69 | typedef uint64_t __u64;
| ^~~~~
make[5]: *** [scripts/Makefile.host:116: tools/mkenvimage.o] Error 1
ramips: fix duplicate network setup for dlink, dir-615-h1
In 555ca422d1cb ("ramips: fix D-Link DIR-615 H1 switch port
mapping"), port setup for dir-615-h1 was changed without removing
the old one. This was working as the new one was triggered earlier
than the old one.
(In the meantine, changed sorting during ramips rename patches
actually inversed that order.)
ar71xx: WNR2200: remove redundant GPIO for WLAN LED
Without this patch, an extra entry appears for AR9287 GPIO
that duplicates WLAN LED but in fact drives nothing:
gpiochip1: GPIOs 502-511, ath9k-phy0:
gpio-502 ( |netgear:blue:wlan ) out hi
gpio-503 ( |netgear:amber:test ) out hi
gpio-504 ( |netgear:green:power ) out lo
gpio-505 ( |rfkill ) in hi
gpio-507 ( |wps ) in hi
gpio-508 ( |reset ) in hi
gpio-510 ( |ath9k-phy0 ) out hi <===!
The pin pointed above is default LED GPIO (8) for AR9287.
For WNR2200 it is not connected anywhere - pin 0 drives blue WLAN
LED instead - but initialization code is missing that information.
This fix calls ap9x_pci_setup_wmac_led_pin() function at device
setup, forcing WLAN LED pin to be 0 and removing redundant entry.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
Koen Vandeputte [Wed, 28 Aug 2019 10:12:41 +0000 (12:12 +0200)]
ath9k: backport dynack improvements
Close cooperation with Lorenzo Bianconi resulted
in these patches which fix all remaining seen issues
when using dynack.
Fix link losses when:
- Late Ack's are not seen or not present
- switching from too low static coverage class to dynack on a live link
These are fixed by setting the Ack Timeout/Slottime to
the max possible value for the currently used channel width when
a new station has been discovered.
When traffic flows, dynack is able to adjust to optimal values
within a few packets received (typically < 1 second)
These changes have been thoroughly tested on ~60 offshore devices
all interconnected using mesh over IBSS and dynack enabled on all.
Distances between devices varied from <100m up to ~35km
[move patches to correct folder + renumber] Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
(cherry picked from commit f6e8ba0238fe349b7529357793e2fb18635819ed)
Hauke Mehrtens [Sun, 18 Aug 2019 21:24:43 +0000 (23:24 +0200)]
musl: Fix CVE-2019-14697
musl libc through 1.1.23 has an x87 floating-point stack adjustment
imbalance, related to the math/i386/ directory. In some cases, use of
this library could introduce out-of-bounds writes that are not present
in an application's source code.
This problem only affects x86 and no other architectures.
This happens only the second time a library is loaded by dlopen().
After lib1 is loaded, dlsym(lib1,"undef1") correctly resolves the undef
symbol from lib1 dependencies. After the second library is loaded,
dlsym(lib2,"undef1") was returning the address of "undef1" in lib2
instead of searching lib2 dependencies.
Backporting upstream fix which now uses the same logic for relocation
time and dlsym.
Fixes openwrt/packages#9297
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
wolfssl: fixes for CVE-2018-16870 & CVE-2019-13628
CVE-2018-16870: medium-severity, new variant of the Bleichenbacher
attack to perform downgrade attacks against TLS, which may lead to
leakage of sensible data. Backported from 3.15.7.
CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes
when performing ECDSA signing operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack. Backported from 4.1.0.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Rosen Penev [Wed, 1 May 2019 17:04:45 +0000 (10:04 -0700)]
libbsd: Fix compilation under ARC
The 8 year old file does not have any ARC definitions.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[updated content of the patch with version sent to upstream] Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 395bef4bbacc0dd1cca72907529539194504be27)
Rosen Penev [Wed, 1 May 2019 17:08:10 +0000 (10:08 -0700)]
nftables: Fix compilation with uClibc-ng
Missing header for va_list.
Signed-off-by: Rosen Penev <rosenp@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
(cherry picked from commit 2f977974714468e1a0ee20e4cce233da63d06dd0)
Jo-Philipp Wich [Tue, 6 Aug 2019 19:22:27 +0000 (21:22 +0200)]
config: introduce separate CONFIG_SIGNATURE_CHECK option
Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value
of CONFIG_SIGNED_PACKAGES and thus is enabled by default.
This option is needed to support building target opkg with enabled
signature verification while having the signed package lists disabled.
Our buildbots currently disable package signing globally in the
buildroot and SDK to avoid the need to ship private signing keys to
the build workers and to prevent the triggering of random key generation
on the worker nodes since package signing happens off-line on the master
nodes.
As unintended side-effect, updated opkg packages will get built with
disabled signature verification, hence the need for a new override option.
Jo-Philipp Wich [Wed, 7 Aug 2019 05:15:07 +0000 (07:15 +0200)]
packages: apply usign padding workarounds to package indexes if needed
Since usign miscalculates SHA-512 digests for input sizes of exactly
64 + N * 128 + 110 or 64 + N * 128 + 111 bytes, we need to apply some
white space padding to avoid triggering the hashing edge case.
While usign itself has been fixed already, there is still many firmwares
in the wild which use broken usign versions to verify current package
indexes so we'll need to carry this workaround in the forseeable future.
Jo-Philipp Wich [Tue, 6 Aug 2019 18:55:39 +0000 (20:55 +0200)]
usign: update to latest Git HEAD
This update fixes usign signature verification on files with certain
file sizes triggering a bug in the shipped SHA-512 implementation.
5a52b37 sha512: fix bad hardcoded constant in sha512_final() 3e6648b README: replace unicode character 716c3f2 README: add reference to OpenBSD signify 86d3668 README: provide reference for ed25519 algorithm 939ec35 usign: main.c: describe necessary arguments for -G
Leon M. George [Fri, 26 Jul 2019 18:21:26 +0000 (20:21 +0200)]
ar71xx: wpj531: fix SIG1/RSS1 LED GPIO
In commit 6c937df749c7 ("ar71xx: wpj531: fix GPIOs for LED") wrong GPIO
13 for SIG1/RSS1 LED was commited, the correct GPIO number for this LED
is 12.
It's listed in "Hardware Guide - wpj531 7A06 (02/07/2019)" as GPIO12/RSS1
on the LED header and same GPIO 12 is used in the vendor's SDK as well.
Fixes: 6c937df749c7 ("ar71xx: wpj531: fix GPIOs for LED") Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit subject/message facelift] Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit c070662980047838004b83f7af59e7015d3c7922)
- add uart rom script address in header of sdma firmware to support
the uart driver of latest kernel working well while old firmware
assume ram script used for uart driver as NXP internal legacy
kernel.
- add multi-fifo SAI/PDM scripts.
In file included from /omcproxy-2017-02-14-1fe6f48f/src/omcproxy.h:51:0,
from omcproxy-2017-02-14-1fe6f48f/src/mrib.c:39:
omcproxy-2017-02-14-1fe6f48f/src/mrib.c:57:34: error: braced-group within expression allowed only inside a function
static uint32_t ipv4_rtr_alert = cpu_to_be32(0x94040000);
^
cc1: warning: unrecognized command line option '-Wno-gnu'
Ref: https://downloads.openwrt.org/releases/faillogs-18.06/arm_cortex-a9_vfpv3/base/omcproxy/compile.txt Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
[more verbose commit message] Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit cb4d00d1841ef6269114f2bd3880800dbdfba3b1)
Use `stat -L` instead of `ls -l` to follow symbolic links when obtaining
the file size of .ipk archives.
Without this change, the size of the symlink, not the size of the target
file is encoded in the package index file.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit ece5cab743f9df6c9655d6117e92fda110292173) Fixes: e6af9c017b0c ("opkg: bump to version 2019-06-14")
[ rmilecki: this has to be backported due to the recent opkg update and cb6640381808 ("libopkg: check for file size mismatches") to fix false
"opkg_install_pkg: Package size mismatch" errors ] Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
dcbc142 alternatives: remove duplicate 'const' specifier 21b7bd7 alternatives: special-case busybox as alternatives provider d4ba162 libopkg: only perform size check when information is available cb66403 libopkg: check for file size mismatches
Opkg starting from this version special-cases busybox as alternatives
provider. There should be no need to add entries to ALTERNATIVES of
busybox package
There was an issue with the backport compat layer in yesterday's snapshot,
causing issues on certain (mostly Atom) Intel chips on kernels older than
4.2, due to the use of xgetbv without checking cpu flags for xsave support.
This manifested itself simply at module load time. Indeed it's somewhat tricky
to support 33 different kernel versions (3.10+), plus weird distro
frankenkernels.
If OpenWRT doesn't support < 4.2, you probably don't need to apply this.
But it also can't hurt, and probably best to stay updated.
Mathias Kresin [Wed, 22 Aug 2018 05:30:36 +0000 (07:30 +0200)]
ramips: fix mt7620 pinmux for second SPI
The mt7620 doesn't have a pinmux group named spi_cs1. The cs1 is part
of the "spi refclk" group. The function "spi refclk" enables the second
chip select.
On reset, the pins of the "spi refclk" group are used as reference
clock and GPIO.
Karel Kočí [Wed, 5 Jun 2019 11:18:41 +0000 (13:18 +0200)]
fstools: block-mount: fix restart of fstab service
Restarting service causes file-systems to be unmounted without being
mounted back. When this service was obsoleted it should have been
implemented in a way that all actions are ignored. Up to this commit
default handler was called when restart was requested. This default
handler just simply calls stop and start. That means that stop called
unmount but start just printed that this service is obsoleted.
This instead implements restart that just prints same message like start
does. It just calls start in reality. This makes restart unavailable for
call.
Matthias Badaire [Tue, 15 May 2018 22:07:37 +0000 (00:07 +0200)]
fstools: media change detection (eg:sdcard) using kernel polling
Linux kernel has a polling mechanism that can be activated by changing
the parameter /sys/module/block/parameters/events_dfl_poll_msecs which
is deactivated by default or the /sys/block/[device]/events_poll_msecs
for one device.
This patch set the events_poll_msecs when a disk is inserted.
Once the media disk change event is sent by the kernel then we force a
re-read of the devices using /sbin/block info.
With this patch, insertion and ejection of sd card will automatically
generate partition devices in /dev.
Hauke Mehrtens [Fri, 17 May 2019 21:22:02 +0000 (23:22 +0200)]
hostapd: fix multiple security problems
This fixes the following security problems:
* CVE-2019-9494: cache attack against SAE
* CVE-2019-9495: cache attack against EAP-pwd
* CVE-2019-9496: SAE confirm missing state validation in hostapd/AP
* CVE-2019-9497: EAP-pwd server not checking for reflection attack)
* CVE-2019-9498: EAP-pwd server missing commit validation for scalar/element
* CVE-2019-9499: EAP-pwd peer missing commit validation for scalar/element
* CVE-2019-11555: EAP-pwd message reassembly issue with unexpected fragment
Most of these problems are not relevant for normal users, SAE is only
used in ieee80211s mesh mode and EAP-pwd is normally not activated.
Robinson Wu [Tue, 4 Jun 2019 03:13:39 +0000 (11:13 +0800)]
base-files: fix uci led oneshot/timer trigger
This patch adds a missing type property which prevented
the creation of oneshot and timer led triggers when they
are specified in the /etc/board.d/01_leds files.
projects / thirdparty / openwrt.git / log
