Commit graph

42474 commits

Author SHA1 Message Date
Mathias Kresin
b8996ea08a ramips: fix compatibles in SoC dtsi
The former used compatibles aren't defined anywhere and aren't used by
the devicetree source files including them.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-23 22:40:59 +02:00
Mathias Kresin
b88e03e2d4 ramips: fix GL-MT300N-V2 SoC compatible
According to abbfcc8525 ("ramips: add support for GL-inet
GL-MT300N-V2") the board has a MediaTek MT7628AN. Change the SoC
compatible to match the used hardware.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-23 22:40:59 +02:00
Mathias Kresin
28de86e816 ramips: drop not existing groups from pinmux
RT5350 neither have rgmii nor a mdio pinmux group. MT7628an doesn't
have a jtag group. Having these groups defined might cause a boot
panic.

The pin controller fails to initialise for kernels > 4.9 if invalid
groups are used. If a subsystem references a pin controller
configuration node, it can not find this node and errors out. In worst
case it's the SPI driver which errors out and we have no root
filesystem to mount.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-23 22:40:59 +02:00
Mathias Kresin
6b13238a13 generic: revert workarounds for AR8337 switch
The intention of 967b6be118 ("ar8327: Add workarounds for AR8337
switch") was to remove the register fixups for AR8337. But instead they
were removed for AR8327.

The RGMII RX delay is forced even if the port is used as phy instead of
mac, which results in no package flow at least for one board.

Fixes: FS#1664

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-23 22:40:59 +02:00
Jo-Philipp Wich
a27de701b0 wolfssl: disable broken shipped Job server macro
The AX_AM_JOBSERVER macro shipped with m4/ax_am_jobserver.m4 is broken on
plain POSIX shells due to the use of `let`.

Shells lacking `let` will fail to run the generated m4sh code and end up
invoking "make" with "-jyes" as argument, fialing the build.

Since there is no reason in the first place for some random package to
muck with the make job server settings and since we do not want it to
randomly override "-j" either, simply remove references to this defunct
macro to let the build succeed on platforms which not happen to use bash
as default shell.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-23 20:14:00 +02:00
Jo-Philipp Wich
9ffbe84ea4 grub2: rebase patches
Patch 300-CVE-2015-8370.patch was added without proper rebasing on the
version used by OpenWrt, make it apply and refresh the patch to fix
compilation.

Fixes: 7e73e9128f ("grub2: Fix CVE-2015-8370")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-23 19:08:58 +02:00
Jo-Philipp Wich
214146c6f2 uhttpd: support multiple Lua prefixes
Update to latest git HEAD in order to support configuring multiple
concurrent Lua prefixes in a single uhttpd instance:

  b741dec lua: support multiple Lua prefixes

Additionally rework the init script and update the default configuration
example to treat the lua_prefix option as key=value uci list, similar to
the interpreter extension mapping. Support for the old "option lua_prefix"
plus "option lua_handler" notation is still present.

Finally drop the sed postinstall hack in uhttpd-mod-lua to avoid mangling
files belonging to other packages. Since Lua prefixes have precedence
over CGI prefixes, simply register `/cgi-bin/luci` as Lua handler which
will only become active if both luci-base and uhttpd-mod-lua is installed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-23 09:18:04 +02:00
Rosen Penev
7e73e9128f grub2: Fix CVE-2015-8370
This CVE is a culmination of multiple integer overflow issues that cause
multiple issues like Denial of Service and authentication bypass.

More info: https://nvd.nist.gov/vuln/detail/CVE-2015-8370

Taken from Fedora.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-23 07:15:53 +02:00
Rosen Penev
f9469efbfa bzip2: Fix CVE-2016-3189
Issue causes a crash with specially crafted bzip2 files.

More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189

Taken from Fedora.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-23 07:15:35 +02:00
Koen Vandeputte
6b4ba118ac kernel: bump 4.14 to 4.14.66
Refreshed all patches

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-22 13:47:13 +02:00
Koen Vandeputte
7a9afb8783 kernel: bump 4.9 to 4.9.123
Refreshed all patches

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-22 13:47:13 +02:00
Koen Vandeputte
3b1ea0996f ar71xx: fix build error due to bad include
While "rawnand.h" is available in kernel 4.14,
the default for this target is kernel 4.9 in which "nand.h" should be used.

Add an extra check to include the correct file depending on kernel version

Fixes these build errors:

drivers/mtd/nand/ar934x_nfc.c:16:10: fatal error: linux/mtd/rawnand.h: No such file or directory
 #include <linux/mtd/rawnand.h>
          ^~~~~~~~~~~~~~~~~~~~~
compilation terminated.

Fixes: 318e19ba67 ("ar71xx: add v4.14 support")

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-22 13:11:59 +02:00
Koen Vandeputte
743654f30d ar71xx: add missing include for checking kernel version
Fixes these build errors:

arch/mips/ath79/mach-rb2011.c:20:5: error: "LINUX_VERSION_CODE" is not defined, evaluates to 0 [-Werror=undef]
 #if LINUX_VERSION_CODE < KERNEL_VERSION(4,14,0)
     ^~~~~~~~~~~~~~~~~~
arch/mips/ath79/mach-rb2011.c:20:26: error: "KERNEL_VERSION" is not defined, evaluates to 0 [-Werror=undef]
 #if LINUX_VERSION_CODE < KERNEL_VERSION(4,14,0)
                          ^~~~~~~~~~~~~~
arch/mips/ath79/mach-rb2011.c:20:40: error: missing binary operator before token "("
 #if LINUX_VERSION_CODE < KERNEL_VERSION(4,14,0)
                                        ^

Fixes: 318e19ba67 ("ar71xx: add v4.14 support")

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-22 13:11:52 +02:00
Rosen Penev
499773f8ef samba36: Enable umdnsd support
Allows discovery without having to use NetBIOS. Useful for mobile devices.

Could eventually throw nbmd away. But that requires Windows 10...

Tested on Fedora 28 with avahi-discover.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-22 11:23:02 +02:00
Rosen Penev
7961009346 yamonenv: Remove dead URLs
uscan errors on the URL as it is no longer available.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-22 11:22:17 +02:00
Rosen Penev
f5098a69ed fconfig: Remove dead URLs
uscan errors on the URL as it is no longer available.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-22 11:22:04 +02:00
Rosen Penev
f2e1fd0f35 apex: Remove dead URL.
uscan errors on the URL as it is no longer available.

Also switched the download URL to HTTPS.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-22 11:21:53 +02:00
John Crispin
318e19ba67 ar71xx: add v4.14 support
adds v4.14 patches for testing but leaves v4.9 as default for now.

Signed-off-by: John Crispin <john@phrozen.org>
2018-08-22 08:09:00 +02:00
Jo-Philipp Wich
e5f56c07d7 iptables: make iptables-mod-conntrack-extra depend on kmod-ipt-raw
Since kernel 4.14 there is no auto assignment of conntrack helpers anymore
so fw3 needs raw table support in order to stage ct helper assignment rules.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-22 07:14:45 +02:00
Hans Dedecker
6c227e45cb dnsmasq: remove creation of /etc/ethers
Remove creation of file /etc/ethers in dnsmasq init script as the
file is now created by default in the base-files package by
commit fa3301a28e

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-21 15:55:10 +02:00
Luiz Angelo Daros de Luca
d810d44e5a base-files: create /etc/ethers by default
/etc/ethers is missing on /rom but always created when dnsmasq
runs. It is better to have it in place and avoid an extra change
in flash after firstboot.

It will generate an extra /etc/ethers-opkg when it has changed.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-21 15:55:00 +02:00
Jo-Philipp Wich
22681cdef2 uhttpd: update to latest Git head
952bf9d build: use _DEFAULT_SOURCE
30a18cb uhttpd: recognize PATCH, PUT and DELETE HTTP methods

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-21 14:48:47 +02:00
Daniel Engberg
e1a1add517 mwlwifi: Update to 10.3.8.0-20180810
Update mwlwifi to 10.3.8.0-20180810

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-08-21 07:44:37 +02:00
Hans Dedecker
40eb9bda44 netifd: update to latest git HEAD
7454d12 interface: let interface_set_down() return void
32f11a8 interface: make __interface_set_down() static
b9d5a8c interface: extend interface error messages in interface_set_up()
de394b3 interface: ensure NO_DEVICE error is always reported

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-20 16:27:38 +02:00
Koen Vandeputte
548182bc6d kernel: bump 3.18 to 3.18.119
Refreshed all patches.

Compile-tested on: adm5120, adm8668, au1000, mcs814x, ppc40x, ppc44x, xburst
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-20 13:03:23 +02:00
Koen Vandeputte
1f7ce19df2 kernel: bump 4.14 to 4.14.65
Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-20 13:03:22 +02:00
Koen Vandeputte
ba30490d05 kernel: bump 4.9 to 4.9.122
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-20 13:03:22 +02:00
Yury Shvedov
cad9519eba hostapd: process all CSA parameters
This adds processing of all CSA arguments from ubus switch_chan request
in the same manner as in the control interface API.

Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
2018-08-20 09:24:43 +02:00
Syrone Wong
2fb95f7142 toolchain/gcc: update 8.x to 8.2.0
This release fixes LTO link-time performance problems and C++ bug introduced in GCC 8.1

Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
2018-08-20 09:24:33 +02:00
Syrone Wong
713cee6463 toolchain/gcc: add config symbol to determine how to apply path remapping
Added boolean symbol for GCC 8 and higher, when we add newer GCC, we don't have
to modify rules.mk to keep things consistant.

Fixes: da9d760 ("rules.mk: replace iremap when using GCC 8")

Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
2018-08-20 09:24:29 +02:00
Daniel Engberg
fc9cbf3bc0 target.mk: Remove obsolete octeon CPU_CFLAGS
As of commit c6e02b49f6 the octeon target
uses octeonplus instead of octeon

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-08-19 18:58:30 +02:00
David Bauer
98d3770379 ath79: fix TL-MR3020 image metadata
Sysupgrading to ath79 from ar71xx currently fails because of mismatching
supported_devices. ar71xx is expecting "tl-mr3020" which is missing in
the ath79 image. Upgrading from ath79 is unaffected, as the image
contains the old string for ar71xx and the new one coming from the
device-tree.

Signed-off-by: David Bauer <mail@david-bauer.net>
2018-08-19 18:58:04 +02:00
Chuanhong Guo
f195ab766c ath79: cleanup PISEN WMM003N image metadata
PISEN WMM003N is never supported by ar71xx, this commit also removed
SUPPORTED_DEVICES for it because it's completely useless.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2018-08-19 18:52:24 +02:00
David Bauer
3f8c5d5476 ath79: add support for Fritz!Box 4020
This commit adds support for the AVM Fritz!Box 4020 WiFi-router.

SoC:   Qualcomm Atheros QCA9561 (Dragonfly) 750MHz
RAM:   Winbond W971GG6KB-25
FLASH: Macronix MX25L12835F
WiFi:  QCA9561 b/g/n 3x3 450Mbit/s
USB:   1x USB 2.0
IN:    WPS button, WiFi button
OUT:   Power LED green, Internet LED green, WLAN LED green,
       LAN LED green, INFO LED green, INFO LED red
UART:  Header Next to Black metal shield
       Pinout is 3.3V - RX - TX - GND (Square Pad is 3.3V)
       The Serial setting is 115200-8-N-1.

Tested and working:
 - Ethernet (LAN + WAN)
 - WiFi (correct MAC)
 - Installation via EVA bootloader
 - OpenWRT sysupgrade
 - Buttons
 - LEDs

The USB port doesn't work. Both Root Hubs are detected as having 0 Ports:

[    3.670807] kmodloader: loading kernel modules from /etc/modules-boot.d/*
[    3.723267] usbcore: registered new interface driver usbfs
[    3.729058] usbcore: registered new interface driver hub
[    3.734616] usbcore: registered new device driver usb
[    3.744181] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[    3.758357] SCSI subsystem initialized
[    3.766026] ehci-platform: EHCI generic platform driver
[    3.771548] ehci-platform ehci-platform.0: EHCI Host Controller
[    3.777708] ehci-platform ehci-platform.0: new USB bus registered, assigned bus number 1
[    3.788169] ehci-platform ehci-platform.0: irq 48, io mem 0x1b000000
[    3.816647] ehci-platform ehci-platform.0: USB 2.0 started, EHCI 0.00
[    3.824001] hub 1-0:1.0: USB hub found
[    3.828219] hub 1-0:1.0: config failed, hub doesn't have any ports! (err -19)
[    3.835825] ehci-platform ehci-platform.1: EHCI Host Controller
[    3.842009] ehci-platform ehci-platform.1: new USB bus registered, assigned bus number 2
[    3.852481] ehci-platform ehci-platform.1: irq 49, io mem 0x1b400000
[    3.886631] ehci-platform ehci-platform.1: USB 2.0 started, EHCI 0.00
[    3.894011] hub 2-0:1.0: USB hub found
[    3.898190] hub 2-0:1.0: config failed, hub doesn't have any ports! (err -19)
[    3.908928] usbcore: registered new interface driver usb-storage
[    3.915634] kmodloader: done loading kernel modules from /etc/modules-boot.d/*

A few words about the shift-register:

AVM used a trick to control the shift-register for the LEDs with only 2
pins, SERCLK and MOSI. Q7S, normally used for daisy-chaining multiple
shift-registers, pulls the latch, moving the shift register-state to
the storage register. It also pulls down MR (normally pulled up) to
clear the storage register, so the latch gets released and will not be
pulled by the remaining bits in the shift-register. Shift register is
all-zero after this.

For that we need to make sure output 7 is set to high on driver probe.
We accomplish this by using gpio-hogging.

Installation via EVA:
In the first seconds after Power is connected, the bootloader will
listen for FTP connections on 169.254.157.1 (Might also be 192.168.178.1).
Firmware can be uploaded like following:

  ftp> quote USER adam2
  ftp> quote PASS adam2
  ftp> binary
  ftp> debug
  ftp> passive
  ftp> quote MEDIA FLSH
  ftp> put openwrt-sysupgrade.bin mtd1

Note that this procedure might take up to two minutes. After transfer is
complete you need to powercycle the device to boot OpenWRT.

Signed-off-by: David Bauer <mail@david-bauer.net>
2018-08-19 18:52:22 +02:00
Christian Lamparter
1c6e0f57a7 ath79: add support for TP-Link Archer C7 v1
TP-Link Archer C7 v1 is a dual band router
based on Qualcomm/Atheros QCA9558 + QCA9880.

Specification:

 - 720 MHz CPU
 - 128 MB of RAM (Various chips)
 - 8 MB of FLASH (Various chips)
 - SoC QCA9558 integrated 3T3R 2.4 GHz Wi-Fi
 - minipcie slot with 3T3R 5 GHz QCA9880-AR1A (unsupported by ath10k!)
 - 5x 10/100/1000 Mbps Ethernet (AR8327N Switch)
 - 10x LEDs, 2x software buttons

For further informwation on the device, visit the wiki:
<https://openwrt.org/toh/tp-link/archer-c7-1750>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-08-19 18:48:43 +02:00
Daniel Engberg
d1ea8ac3b4 util-linux: Update to 2.32.1
Update util-linux to 2.32.1
For release notes see https://lwn.net/Articles/759922/

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-16 22:29:28 +02:00
INAGAKI Hiroshi
ff4bc483fc ath79: add support for I-O DATA WN-AC1167DGR
I-O DATA WN-AC1167DGR is a 2.4/5 GHz band 11ac router, based on
Qualcomm Atheros QCA9557.

Specification:

- Qualcomm Atheros QCA9557
- 128 MB of RAM (DDR2)
- 16 MB of Flash (SPI)
- 2T2R 2.4/5 GHz wifi
  - 2.4 GHz: SoC internal
  - 5 GHz: QCA988x
- 5x 10/100/1000 Mbps Ethernet
- 6x LEDs, 6x keys (4x buttons, 1x slide switch)
- UART header on PCB
  - Vcc, GND, TX, RX from ethernet port side
  - 115200n8

Flash instruction using factory image:

1. Connect the computer to the LAN port of WN-AC1167DGR
2. Connect power cable to WN-AC1167DGR and turn on it
3. Access to "http://192.168.0.1/" and open firmware update page
("ファームウェア")
4. Select the OpenWrt factory image and click update ("更新") button
5. Wait ~150 seconds to complete flashing

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2018-08-16 21:20:57 +02:00
Johann Neuhauser
94ee5e3d1d ath79: fix leds and network for TP-Link TL-WR841 v9/v11
Adding tl-wr841-v11 and the rename of tl-wr841n-v9 to tl-wr841-v9 in 01_leds
and 02_network script files are missing in commits cc35c91 and 8db6522.

Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
[merged with identical case in 02_network]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-16 21:20:57 +02:00
Mathias Kresin
3f09adaa55 ath79: don't use the pcs,cr5000 wps led as usb led
If it isn't a usb led, it shouldn't be used as one by default. It is up
to the user to add such a (mis)configuration for the board.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-16 21:20:57 +02:00
Dmitry Tunin
0c5a532553 ath79: add support for TP-Link MR-3040 v2
Add support for the ar71xx supported TP-Link MR-3040 v2.

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
2018-08-16 21:20:57 +02:00
INAGAKI Hiroshi
9e6f22e309 ath79: add support for Buffalo WHR-G301N
Buffalo WHR-G301N is a 2.4 GHz 11n router, based on Atheros AR7240.
Ported from ar71xx target.

Specification:

- Atheros AR7240
- 32 MB of RAM
- 4 MB of Flash
- 2.4 GHz 2T2R wifi
- 5x 10/100 Mbps Ethernet
- 9x LEDs, 4x keys
  - LED: 8x gpio-leds, 1x ath9k-leds
  - key: 2x buttons, 1x slide switch
- UART header on PCB
  - Vcc, GND, TX, RX from LEDs side
  - 115200n8

Flash instruction using factory image:

1. Connect the computer to the LAN port of WHR-G301N
2. Connect power cable to WHR-G301N and turn on it
3. Access to "http://192.168.11.1/" and open firmware update page
("ファーム更新")
4. Select the OpenWrt factory image and click execute ("実行") button
5. Wait ~150 seconds to complete flashing

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
[fix the SUPPORTED_DEVICES to be compatible with the ar71xx image]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-16 21:20:57 +02:00
Mathias Kresin
c9e9a78734 lantiq: add support for upgrade led
Indicate a (sys)upgrade via leds as well. It brings the lantiq diag.sh
script en par with the other implementations using devicetree aliases
to define multiple leds for boot status indication.

By default, use the boot finished led to indicate an upgrade for now.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-16 21:20:57 +02:00
Mathias Kresin
be06c726c4 treewide: drop unused get_status_led functions
The function isn't used for targets getting the status leds from the
devicetree.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-16 21:20:57 +02:00
Mathias Kresin
dd448cd276 treewide: fix upgrade led handling
The upgrade led is only used if a running led is defined. If no running
led is defined, the upgrade led is ignored and upgrade isn't indicated
at all.

Instead, turn off the running led prior to turning the upgrade led on.
In most cases there isn't any visual change, but it allows to use an
independent led for upgrade indication.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-16 21:20:57 +02:00
Mathias Kresin
56b8ac1e86 treewide: consolidate upgrade state set
Set the (sys)upgrade state when sourcing the stage2 script instead of
setting the state for each target individual.

This change fixes the, due to a missing state set, not working upgrade
led on ath79 and apm821xx.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-16 21:20:57 +02:00
Mathias Kresin
1ea1f3a223 ramips: mt7620: fix bad indent
Fix the indent to make the make it obvious which condition is the
parent of the loop.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-16 21:20:57 +02:00
Mathias Kresin
22ae14d0e7 cns3xxx: fix mtu setting with kernel 4.14
Since kernel 4.10 commit 61e84623ace3 ("net: centralize net_device
min/max MTU checking"), the range of mtu is [min_mtu, max_mtu], which
is [68, 1500] by default.

It's necessary to set a max_mtu if a mtu > 1500 is supported.

Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-16 21:20:57 +02:00
Jo-Philipp Wich
8c91807214 rpcd: update to latest git HEAD
41333ab uci: tighten uci reorder operation error handling
f91751b uci: tighten uci delete operation error handling
c2c612b uci: tighten uci set operation error handling
948bb51 uci: tighten uci add operation error handling
51980c6 uci: reject invalid section and option names

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-16 09:43:11 +02:00
Hauke Mehrtens
d74d6c4522 openssl: update to version 1.0.2p
This fixes the following security problems:
 * CVE-2018-0732: Client DoS due to large DH parameter
 * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-15 22:32:07 +02:00
Hauke Mehrtens
b547ab3143 kernel: bump kernel 4.9 to version 4.9.120
The following patch was integrated upstream:
 * target/linux/generic/backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch

This fixes tries to work around the following security problems:
 * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
 * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-15 22:32:07 +02:00