summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* kernel: bump 4.9 to 4.9.215Koen Vandeputte2020-03-096-24/+24
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* OpenWrt v18.06.8: revert to branch defaultsJo-Philipp Wich2020-02-275-11/+9
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* OpenWrt v18.06.8: adjust config defaultsv18.06.8Jo-Philipp Wich2020-02-275-9/+11
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* libubox: backport blobmsg_check_array() fixJo-Philipp Wich2020-02-272-1/+34
| | | | | | Fixes: FS#2833 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit 955634b473284847e3c8281a6ac85655329d8b06)
* ppp: backport security fixesPetr Štetiar2020-02-264-1/+129
| | | | | | | | | | | 8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP 8d7970b8f3db pppd: Fix bounds check in EAP code 858976b1fc31 radius: Prevent buffer overflow in rc_mksid() Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 215598fd03899c19a9cd26266221269dd5ec8cee) Fixes: CVE-2020-8597 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* Revert "ppp: backport security fixes"Jo-Philipp Wich2020-02-264-129/+1
| | | | | | | | This reverts commit cc78f934a9466a0ef404bb169cc42680c7501d02 since it didn't contain a reference to the CVE it addresses. The next commit will re-add the commit including a CVE reference in its commit message. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: update to latest Git HEADJo-Philipp Wich2020-02-261-3/+3
| | | | | | | 2ee323c file: poke ustream after starting deferred program Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 04069fde19e86af7728111814afadf780bf08018)
* kernel: bump 4.14 to 4.14.171Koen Vandeputte2020-02-2414-32/+27
| | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2013-1798 Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.214Koen Vandeputte2020-02-2410-20/+20
| | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2013-1798 Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ppp: backport security fixesPetr Štetiar2020-02-204-1/+129
| | | | | | | | | 8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP 8d7970b8f3db pppd: Fix bounds check in EAP code 858976b1fc31 radius: Prevent buffer overflow in rc_mksid() Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 215598fd03899c19a9cd26266221269dd5ec8cee)
* hostapd: remove erroneous $(space) redefinitionJo-Philipp Wich2020-02-081-3/+0
| | | | | | | | | | | | | | | | | The $(space) definition in the hostapd Makefile ceased to work with GNU Make 4.3 and later, leading to syntax errors in the generated Kconfig files. Drop the superfluous redefinition and reuse the working $(space) declaration from rules.mk to fix this issue. Fixes: GH#2713 Ref: https://github.com/openwrt/openwrt/pull/2713#issuecomment-583722469 Reported-by: Karel Kočí <cynerd@email.cz> Suggested-by: Jonas Gorski <jonas.gorski@gmail.com> Tested-by: Shaleen Jain <shaleen@jain.sh> Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit 766e778226f5d4c6ec49ce22b101a5dbd4306644)
* kernel: add support for GD25D05 SPI NORKoen Vandeputte2020-02-041-0/+29
| | | | | | | | | | | | | | | | | | | | | | This chip is used on newer RB912UAG-5HPnD r2 boards: Before: [ 0.642553] m25p80 spi0.0: unrecognized JEDEC id bytes: c8, 40, 10 [ 0.649381] NAND flash driver for the RouterBOARD 91x series After: [ 0.641714] m25p80 spi0.0: found gd25d05, expected m25p80 [ 0.649916] m25p80 spi0.0: gd25d05 (64 Kbytes) [ 0.655122] Creating 4 MTD partitions on "spi0.0": [ 0.660164] 0x000000000000-0x00000000c000 : "routerboot" [ 0.667782] 0x00000000c000-0x00000000d000 : "hard_config" [ 0.675073] 0x00000000d000-0x00000000e000 : "bios" [ 0.682613] 0x00000000e000-0x00000000f000 : "soft_config" [ 0.690304] NAND flash driver for the RouterBOARD 91x series Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.169Koen Vandeputte2020-02-04102-369/+330
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-14896 - CVE-2019-14897 Remove upstreamed: - 023-0007-crypto-crypto4xx-Fix-wrong-ppc4xx_trng_probe-ppc4xx_.patch Altered patches: - 102-MIPS-BCM63XX-move-code-touching-the-USB-private-regi.patch - 105-MIPS-BCM63XX-add-support-for-the-on-chip-OHCI-contro.patch - 106-MIPS-BCM63XX-register-OHCI-controller-if-board-enabl.patch - 108-MIPS-BCM63XX-add-support-for-the-on-chip-EHCI-contro.patch - 207-MIPS-BCM63XX-move-device-registration-code-into-its-.patch - 350-MIPS-BCM63XX-support-settings-num-usbh-ports.patch - 356-MIPS-BCM63XX-move-fallback-sprom-support-into-its-ow.patch - 390-MIPS-BCM63XX-do-not-register-SPI-controllers.patch - 391-MIPS-BCM63XX-do-not-register-uart.patch - 392-MIPS-BCM63XX-remove-leds-and-buttons.patch - 416-BCM63XX-add-a-fixup-for-ath9k-devices.patch - 422-BCM63XX-add-a-fixup-for-rt2x00-devices.patch - Compile-tested on: brcm63xx, cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.212Koen Vandeputte2020-02-0412-54/+54
| | | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-14896 - CVE-2019-14897 Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* OpenWrt v18.06.7: revert to branch defaultsJo-Philipp Wich2020-01-295-11/+9
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* OpenWrt v18.06.7: adjust config defaultsv18.06.7Jo-Philipp Wich2020-01-295-9/+11
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* opkg: update to latest Git HEADJo-Philipp Wich2020-01-291-3/+3
| | | | | | | | | 80d161e opkg: Fix -Wformat-overflow warning c09fe20 libopkg: fix skipping of leading whitespace when parsing checksums Fixes: CVE-2020-7982 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit c69c20c6670081d1eaab000734d89de57eb64148)
* libubox: backport security patchesHauke Mehrtens2020-01-2717-1/+1097
| | | | | | | | | | | | | | This backports some security relevant patches from libubox master. These patches should not change the existing API and ABI so that old applications still work like before without any recompilation. Application can now also use more secure APIs. The new more secure interfaces are also available, but not used. OpenWrt master and 19.07 already have these patches by using a more recent libubox version. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* lantiq: ltq-ptm: vr9: fix skb handling in ptm_hard_start_xmit()Martin Schiller2020-01-262-1/+4
| | | | | | | | | | | Call skb_orphan(skb) to call the owner's destructor function and make the skb unowned. This is necessary to prevent sk_wmem_alloc of a socket from overflowing, which leads to ENOBUFS errors on application level. Signed-off-by: Martin Schiller <ms@dev.tdt.de> (cherry picked from commit 996f02e5bafad2815e72821c19d41fb5297e4dad)
* tools/expat: Update to version 2.2.9Josef Schlehofer2020-01-261-2/+2
| | | | | | | | | Fixes two CVEs: - CVE-2019-15903 (Fix heap overflow triggered by XML_GetCurrentLineNumber) - CVE-2018-20843 (Fix extraction of namespace prefixes from XML names) Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit b4af2c689fc8736777940b7bbf009bb1672296ec)
* mbedtls: update to 2.16.4Magnus Kroken2020-01-262-31/+31
| | | | | | | | | | | | | | | | Fixes side channel vulnerabilities in mbed TLS' implementation of ECDSA. Release announcement: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released Security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12 Fixes: * CVE-2019-18222: Side channel attack on ECDSA Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit 6e96fd90471a49185bcfe9dcb4844d444674ecab)
* kernel: bump 4.14 to 4.14.167Koen Vandeputte2020-01-242-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.211Koen Vandeputte2020-01-247-11/+11
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kirkwood: fix HDD LED labels for Zyxel NSA325 in 01_ledsStephan Knauss2020-01-211-2/+2
| | | | | | | | | | Change the LED labels for hdd1/hdd2 in 01_leds to match their counterpart in DTS. Signed-off-by: Stephan Knauss <openwrt@stephans-server.de> [improve commit title and message] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit fbf297be38a93b9ca1119e5aaffecd2299087aa5)
* brcm47xx: fix switch port order for Netgear WN2500RP V1Walter Sonius2020-01-211-0/+5
| | | | | | | | | | | | | | The Netgear WN2500RP V1 switch0 already works for LAN however the port order for the LAN ports is inverted. Correct physical port order watched from the back of the device is: 4 / 3 / 2 / 1 WAN port is absent on this device and therefore removed from switch config. Signed-off-by: Walter Sonius <walterav1984@gmail.com> [move block to maintain alphabetic sorting] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 098cbc68ee23db589ed6f0d081fe26cc385462f2)
* brcm47xx: fix switch port order for Netgear WNR3500 V2Walter Sonius2020-01-211-1/+2
| | | | | | | | | | | | The Netgear WNR3500 V2 switch0 already works for WAN/LAN however the port order for the LAN ports is inverted. Correct physical port order watched from the back of the device is: Internet / 4 / 3 / 2 / 1 this resembles the Linksys E3000 V1. Verfied with imagebuilder edit FILES=/etc/board.d/01_network Signed-off-by: Walter Sonius <walterav1984@gmail.com> (cherry picked from commit cf2f1fc6871da0320afeefaa799af87fc7c0d1db)
* ramips: fix HiWiFi HC5962 switch configurationDENG Qingfang2020-01-211-1/+4
| | | | | | | | HC5962 has only 3 LAN ports, switch port 0 is unused Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn> (backported from commit 68f49df31507454f86b72a5c1e250505176baed7) Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* kernel: bump 4.14 to 4.14.166Koen Vandeputte2020-01-201-2/+2
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.165Koen Vandeputte2020-01-202-3/+3
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.210Koen Vandeputte2020-01-204-5/+5
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.14 to 4.14.164Koen Vandeputte2020-01-2022-104/+104
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.209Koen Vandeputte2020-01-204-5/+5
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ethtool: fix PKG_CONFIG_DEPENDSMatthias Schiffer2020-01-071-1/+1
| | | | | | | Add missing CONFIG_ prefix. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> (cherry picked from commit 41c19dd542973dbc1336ecceaa32777506933cdf)
* OpenWrt v18.06.6: revert to branch defaultsHauke Mehrtens2020-01-065-11/+9
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* OpenWrt v18.06.6: adjust config defaultsv18.06.6Hauke Mehrtens2020-01-065-9/+11
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ramips: remove duplicate dts nodes of MediaTek LinkIt Smart 7688Jack Chen2020-01-051-4/+0
| | | | | | | | There are two identical wmac nodes in the dts file of MediaTek LinkIt Smart 7688, so delete one of them. Signed-off-by: Jack Chen <redchenjs@live.com> (cherry picked from commit 4be271a4867dcf57a122eeb7b42407e7a506915e)
* sunxi: Turn on CONFIG_PINCTRL_SUN4I_A10 for A20Florian Fainelli2020-01-051-1/+1
| | | | | | | | | | | CONFIG_PINCTRL_SUN4I_A10 controls both the A10 and the A20 enablong of the pinctrl driver, this is necessary since upstream commit 5d8d349618a9464714c07414c5888bfd9416638f ("pinctrl: sunxi: add A20 support to A10 driver") which has been included in v4.13 and onwards. Fixes: ad2b3bf310f7 ("sunxi: Add support for kernel 4.14") Signed-off-by: Florian Fainelli <f.fainelli@gmail.com> (cherry picked from commit 32e4eaef1b4c2a7fa44787813fdf715b2ba500d9)
* kernel: bump 4.9 to 4.9.208Hauke Mehrtens2020-01-058-23/+23
| | | | | | | | | Refreshed all patches. Compile-tested on: lantiq Runtime-tested on: lantiq Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.14 to 4.14.162Hauke Mehrtens2020-01-057-22/+22
| | | | | | | | | Refreshed all patches. Compile-tested on: ramips Runtime-tested on: ramips Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ramips: fix inverted reset button for Ravpower WD03Moritz Warning2020-01-031-1/+1
| | | | | | | The button events "pressed" and "released" were switched. Tested with v18.06.4. Signed-off-by: Moritz Warning <moritzwarning@web.de> (cherry picked from commit 3e1325b219fced91f01d5594503f61d326a93b90)
* ar71xx: really fix Mikrotik board detectionKoen Vandeputte2020-01-021-0/+1
| | | | | | | | | | | | | | | | | | commit e09da0169a08 ("ar71xx: fix Mikrotik board detection") was generated based on testing a rb-912 board, on which detection failed. Testing on more hardware shows something fun: machine : MikroTik RouterBOARD 922UAGS-5HPacD machine : Mikrotik RouterBOARD 912UAG-5HPnD Both lowercase and uppercase are used. So ensure we support both now .. Fixes: e09da0169a08 ("ar71xx: fix Mikrotik board detection") Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit 845b2a1cfe307394f3f2144cce085bbb5e171ecc)
* ar71xx: fix Mikrotik board detectionKoen Vandeputte2020-01-021-1/+1
| | | | | | | | | | | | Fix a typo in the machine type being extracted from /proc/cpuinfo which causes all Mikrotik board to be undetected properly. This lead to sysupgrade issues and probably some others too. Fixes: acf2b6c8881b ("ar71xx: base-files: fix board detect on new MikroTik devices") Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit e09da0169a088663f6dab1f71b2a4b690eab21d3)
* ar71xx: base-files: fix board detect on new MikroTik devicesHenryk Heisig2020-01-021-132/+149
| | | | | | | | | | | | | | | | | | | | | | Move all MikroTik devices to new function to increase script execution speed. Machine name in new version of MikroTik RouterBOARD devices add "RB" before model name: Old machine name: MikroTik RouterBOARD 951Ui-2nD New: MikroTik RouterBOARD RB951Ui-2nD So this patch should fix it for all currently supported MikroTik boards. Signed-off-by: Henryk Heisig <hyniu@o2.pl> [rebased,commit message facelift,script fixes] Signed-off-by: Petr Štetiar <ynezz@true.cz> [spotted missing 922UAGS-5HPacD] Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit acf2b6c8881b432530bd98fa86753bf6a3546ff7) [backport: do not add boards not supported in 18.06] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ar71xx: fix RB941-2nD detectionJulien Rabier2020-01-021-1/+1
| | | | | | | | | | | | | Some hAP lite routers aren't detected because /proc/cpuinfo shows "RouterBOARD RB941-2nD" instead of "RouterBOARD 941-2nD". Fix that. Signed-off-by: Julien Rabier <taziden@flexiden.org> [Alter string to include all flavours + slight rewrite of commit msg] Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit 6570f3c93aa4110efd1466a6b89742c2e11d7c11)
* kernel: bump 4.14 to 4.14.161Hauke Mehrtens2020-01-0114-91/+91
| | | | | | | | | Refreshed all patches. Compile-tested on: ipq40xx Runtime-tested on: none Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* e2fsprogs: Fix CVE-2019-5094 in libsupportHauke Mehrtens2020-01-012-1/+204
| | | | | | | | | This adds the following patch from debian: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=debian/stable&id=09fe1fd2a1f9efc3091b4fc61f1876d0785956a8 libsupport: add checks to prevent buffer overrun bugs in quota code Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 0062aad8ecc9bbe36c55895fd78fcaf9a406b006)
* openssl: update to version 1.0.2uJosef Schlehofer2020-01-011-2/+2
| | | | | | Fixes CVE-2019-1551 (rsaz_512_sqr overflow bug) on x86_x64 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* kernel: bump 4.9 to 4.9.207Hauke Mehrtens2019-12-2631-68/+68
| | | | | | | | | Refreshed all patches. Compile-tested on: lantiq Runtime-tested on: none Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.14 to 4.14.160Hauke Mehrtens2019-12-268-12/+12
| | | | | | | | | Refreshed all patches. Compile-tested on: ipq40xx Runtime-tested on: none Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.14 to 4.14.159Koen Vandeputte2019-12-2542-141/+141
| | | | | | | | | | | | Refreshed all patches. Fixes: - CVE-2019-19332 Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-16 07:30:32 +0000