Commit graph

41105 commits

Author SHA1 Message Date
Hauke Mehrtens
9aaa23ec8b samba36: fix some security problems
This Adds fixes for the following security problems based on debians patches:
CVE-2016-2125: Unconditional privilege delegation to Kerberos servers in trusted realms
CVE-2017-12163: Server memory information leak over SMB1
CVE-2017-12150: SMB1/2/3 connections may not require signing where they should
CVE-2018-1050: Denial of Service Attack on external print server.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-03 23:26:45 +02:00
Hauke Mehrtens
d6d3db0543 build: Improve GCC version detection
This now makes sure that the beginning of the version number gets checked
and "4.4.5" will not match was a supported version.
GCC 8 and GCC 9 are now marked as supported, but we probably have to fix
some problems for them.

Closes: FS#1433
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-03 23:26:45 +02:00
Hauke Mehrtens
ece815508a kernel: Add support for XM25QH64A and XM25QH128A SPI NOR flash
These devices are produced by Wuhan Xinxin Semiconductor Manufacturing
Corp. (XMC) and found on some routers from Chinese manufactures.

The data sheets can be found here:
http://www.xmcwh.com/Uploads/2018-03-01/5a9799e4cb355.pdf
http://www.xmcwh.com/Uploads/2018-02-05/5a77e6dbe968b.pdf

Closes: FS#1460
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-03 23:26:45 +02:00
Hauke Mehrtens
56d0dd56e9 mtd-utils: Mark some lzma functions as static
These functions are not declared in any header file and only used in
same compile unit, mark them as static to remove one gcc warning and
make it easier for the compiler to optimize them out.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-03 23:26:45 +02:00
Paul Wassi
de79f4ab88 brcm47xx: add kernel 4.14 support
Add patches for 4.14, drop patch 030 since it's already included
upstream.

Tested on:
1) WRT54GL (with RAM upgraded to 32 MiB)
2) WL500gPv2 (with RAM upgraded to 64 MiB)
3) BCM47186B0 SoC board
4) BCM4706 SoC board

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-04-03 22:57:10 +02:00
Hans Dedecker
986f80595b netifd: update to latest git HEAD
3dc8c91 interface-ip: fix memory leak in interface_ip_add_target_route()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-03 21:28:53 +02:00
Rafał Miłecki
16efb0c1c6 brcm47xx: add Luxul XAP-1500 and XWR-1750 WiFi LEDs
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-04-03 15:32:42 +02:00
Hans Dedecker
ac593d895a odhcp6c: update to latest git HEAD
5cbd305 odhcp6c: improve code readibility
eb83b7e treewide: improve error handling
b7b11cb dhcpv6: initialize ifreq struct
f0469e2 ra: handle socket fail creation
d573461 odhcp6c: fix file pointer leakage

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-31 19:31:42 +02:00
Hauke Mehrtens
aed03d5d0f kernel: update kernel 4.9 to version 4.9.91
* Refreshed patches.
 * Deleted 210-Revert-led-core-Fix-brightness-setting-when-setting-.patch (was accepted upstream)
 * Deleted 812-pci-dwc-fix-enumeration.patch (was accepted upstream)

Compile and run tested on lantiq

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-31 16:31:26 +02:00
Paul Wassi
ef6939b0af package/libs/mbedtls: add package with some mbedtls binaries.
Add some basic binaries required for private key and CSR generation.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2018-03-31 16:31:26 +02:00
Hauke Mehrtens
2e75914bee mbedtls: update to version 2.8.0
This fixes some minor security problems.

Old size:
162262 bin/packages/mips_24kc/base/libmbedtls_2.7.0-1_mips_24kc.ipk

New size:
163162 bin/packages/mips_24kc/base/libmbedtls_2.8.0-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-31 16:30:30 +02:00
Jan Pavlinec
8c2b8d862b xfsprogs: add xfs-admin util
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2018-03-31 16:30:30 +02:00
Paul Wassi
8262179f4a tools/e2fsprogs: update to 1.44.1
Update e2fsprogs to upstream 1.44.1 (feature and bugfix release)

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2018-03-31 16:30:30 +02:00
Paul Wassi
198172c048 package/utils/e2fsprogs: update to 1.44.1
Update e2fsprogs to upstream 1.44.1 (feature and bugfix release)

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2018-03-31 16:30:27 +02:00
Paul Wassi
960b90f435 packages/util/util-linux: Update to 2.32
- Update to upstream 2.32
- License file 'getopt/COPYING' not present (any more)
- Disable 'chown root:root'-commands during 'make install'
- Add new dependency to wipefs
- Refresh patch 003

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2018-03-31 16:30:17 +02:00
Rosen Penev
af35ce1065 ncurses: Update to 6.1.
Compile tested on ar71xx.

Old size:
  6527 bin/packages/mips_24kc/base/terminfo_6.0-1_mips_24kc.ipk
141465 bin/packages/mips_24kc/base/libncurses_6.0-1_mips_24kc.ipk

New size:
  6873 bin/packages/mips_24kc/base/terminfo_6.1-1_mips_24kc.ipk
146950 bin/packages/mips_24kc/base/libncurses_6.1-1_mips_24kc.ipk

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-03-31 16:28:36 +02:00
Rosen Penev
2a82db7ed5 libtool: Update to 2.4.6
Compile tested on mvebu.

old size:
12947 bin/packages/mips_24kc/base/libltdl_2.4-2_mips_24kc.ipk

new size:
13002 bin/packages/mips_24kc/base/libltdl_2.4.6-1_mips_24kc.ipk

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-03-31 16:27:24 +02:00
Matti Laakso
76f267ef6c pistachio: remove kernel 4.9 support
Signed-off-by: Matti Laakso <matti.laakso@outlook.com>
2018-03-31 16:13:19 +02:00
Matti Laakso
0394edbba0 pistachio: Switch to kernel 4.14
Signed-off-by: Matti Laakso <matti.laakso@outlook.com>
2018-03-31 16:13:19 +02:00
Matti Laakso
cae808946a pistachio: add kernel 4.14 support
Add patches and config for 4.14, refreshed from 4.9.

Signed-off-by: Matti Laakso <matti.laakso@outlook.com>
2018-03-31 16:13:19 +02:00
Damir Samardzic
2534141322 mvebu: add support for MACCHIATObin (cortex-a72)
Add initial support for Marvell MACCHIATObin, cortex-a72 based Marvell
ARMADA 8040 Community board. Comes in two forms: Single Shot and Double
Shot.

Specifications:
- Quad core Cortex-A72 (up to 2GHz)
- DDR4 DIMM slot with optional ECC and single/dual chip select support
- Dual 10GbE (1/2.5/10GbE) via copper or SFP
  2.5GbE (1/2.5GbE) via SFP
  1GbE via copper
- SPI Flash
- 3 X SATA 3.0 connectors
- MicroSD connector
- eMMC
- PCI x4 3.0 slot
- USB 2.0 Headers (Internal)
- USB 3.0 connector
- Console port (UART) over microUSB connector
- 20-pin Connector for CPU JTAG debugger
- 2 X UART Headers
- 12V input via DC Jack
- ATX type power connector
- Form Factor: Mini-ITX (170 mm x 170 mm)

More details at http://macchiatobin.net

Booting from micro SD card:
 1. reset U-Boot environment:
      env default -a
      saveenv

 2. prepare U-Boot with boot script:
      setenv bootcmd "load mmc 1:1 0x4d00000 boot.scr; source 0x4d00000"
      saveenv

   or manually:
      setenv fdt_name armada-8040-mcbin.dtb
      setenv image_name Image
      setenv bootcmd 'mmc dev 1; ext4load mmc 1:1 $kernel_addr $image_name;ext4load mmc 1:1 $fdt_addr $fdt_name;setenv   bootargs $console root=/dev/mmcblk1p2 rw rootwait; booti $kernel_addr - $fdt_addr'
      saveenv

Signed-off-by: Damir Samardzic <damir.samardzic@sartura.hr>
2018-03-31 16:13:19 +02:00
Josua Mayer
dff904a955 u-boot-mvebu: update to 2018.03
This release brings various improvements to clearfog support, such as distro-boot.
Obsoletes:
0002-clearfog-reset-usom-onboard-1512-phy.patch
0003-clearfog-enable-distro-boot-code.patch

Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
2018-03-31 16:12:40 +02:00
Josua Mayer
093e6c69fb mvebu: clearfog-pro: set new DTB name in boot-script
The DTB for Clearfog Pro has been renamed in mainline. However U-Boot
hasn't picked up that change yet :(, so we need to hardcode it for now.

Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
2018-03-31 16:12:40 +02:00
Josua Mayer
0a3e07b2f5 u-boot-mvebu: set configuration options in Makefile
CONFIG_* variables can easily be set by overriding Build/Configure.
so set NET_RANDOM_ETHADDR=y and CMD_SETEXPR=y here.

This replaces the following patches:
0001-clearfog-generate-random-MAC-address.patch
0004-clearfog-enable-setexpr-command-by-default.patch

Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
2018-03-31 16:12:39 +02:00
Imre Kaloz
4b486e32fb mvebu: Add support for WRT3200ACM with new NAND flash
Newer Linksys boards might come with a Winbond W29N02GV which can be
configured in different ways. Make sure we configure it the same way as
the older chips so everything keeps working.

Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
2018-03-31 16:12:39 +02:00
Rosen Penev
e1fe4a93de mvebu: Get rid of RTC hack for Turris Omnia.
As Solidrun's RTC patch got merged, this hack is no longer needed.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-03-31 16:12:39 +02:00
Ben Greear
d6939baac2 ath10k-ct: Update firmware to latest.
Wave-1 firmware has a fix for 'addba' not finding the peer.  Thanks to Hauke
for finding and reporting this.

Wave-2 firmware has a fix for leaking a peer multicast key when a monitor device
is created.

And I re-ordered the '4019' firmware images in the Makefile to match the order
of the others.  No functional change for that reorder.

Signed-off-by: Ben Greear <greearb@candelatech.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
2018-03-31 16:12:33 +02:00
Paul Wassi
db893ec7f0 openssl: update to 1.0.2o
Fixes CVE-2018-0739

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2018-03-31 10:20:20 +02:00
Kevin Darbyshire-Bryant
a64fae8354 Revert "iproute2: fix hidden uint to uin64_t promotion in json_print"
This reverts commit 745d0e7f4b.

It looks like upstream don't want the patch so let's revert it here too.

I hope a fix from upstream is forthcoming.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-03-31 09:18:31 +02:00
Felix Fietkau
fd588dbf6b build: filter out kmod-ipt-offload from the default selection on targets that do not support it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-30 00:34:25 -07:00
Hauke Mehrtens
605b6a0993 kernel: add missing config option
CONFIG_NVMEM_BCM_OCOTP was added in kernel 4.10 and it is possible to
activate it on the bcm53xx target. Deactivate it by default to fix the
build of the bcm53xx target.
This was found by build bot.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-30 01:06:29 +02:00
Christian Lamparter
c555b524c7 apm821xx: increase WNDR4700's dtb+kernel partition to 3.5 MiB
This patch cleans and reworks the WNDR4700 dts to increase the
now combined dtb+kernel partition to 3.5 MiB. This has become
necessary due to the switch to GCC 7.3 and the ever increasing
kernel binary size.

The dtb+kernel partition was combined in order to finally
fix the problem with out-of-sync device-trees. From now
on, the kernel and device-tree will always be updated together.

Upgrade Note:
Existing installations will have to use the TFTP firmware
recovery option in order to install the update. Affected users
are advised to make a backup of their existing configuration
prior to running sysupgrade:
<https://openwrt.org/docs/guide-user/installation/generic.backup#backup_openwrt_configuration>
Due to the repartitioning of the NAND, the generated backup
should be placed on either the internal HDD, an attached
USB-Stick or on another PC (externally).

To manually trigger the firmware recovery, the reset button has
to be pressed (and hold) during boot. U-boot will enter the "Upgrade
Mode" and starts a tftpserver listening on 192.168.1.1 for a
tftp client from one of the four LAN/Ethernet ports to connect and
upload the new system: (enable tftp binary mode!).
openwrt-apm821xx-nand-netgear_wndr4700-squashfs-factory.img

Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-03-30 00:30:52 +02:00
Christian Lamparter
e2b35f91b3 apm821xx: switch MR24's initramfs to multi-image method
The recent change to switch to gcc 7.3 broke the image
generation code, as the kernel would no longer fit into
KERNEL_SIZE.

This patch fixes the issue by reworking the initramfs
creation and packaging, which will get rid of the
KERNEL_SIZE check in the process.

This new initramfs can be loaded through the MR24 U-boot
in the following way:

=> setenv ipaddr 192.168.1.1
=> setenv bootargs console=ttyS0,$baudrate
=> tftpboot c00000 192.168.1.2:meraki_mr24-initramfs-kernel.bin
[...]
Load address: 0xc00000
Loading: ################################################ [...]
done
    Bytes transferred = 5952544 (5ad420 hex)
    => bootm $fileaddr
    \## Booting kernel from Legacy Image at 00c00000 ...
    ...

For more information and the latest flashing guide:
please visit the OpenWrt Wiki Page for the MR24:
<https://openwrt.org/toh/meraki/mr24#flashing>

Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
2018-03-30 00:30:41 +02:00
Hans Dedecker
479aaf6375 map: fix psidlen becoming negative (FS#1430)
Fix psidlen becomes negative in case embedded address bit lenght is smaller than
IPv4 suffix length.
While at it improve parameter checking making the code more logical and
easier to read.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-29 22:19:18 +02:00
Rafał Miłecki
d9da0387f4 bcm53xx: switch to kernel 4.14
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-03-29 15:31:29 +02:00
Rafał Miłecki
2c140c4a3e bcm53xx: update kernel 4.14 config
There are few symbol changes but only 3 symbols were possible to set:
THERMAL_EMERGENCY_POWEROFF_DELAY_MS
CLK_BCM_SR
PHY_NS2_USB_DRD

Both new drivers don't seem to apply to Northstar so they are disabled.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-03-29 15:30:50 +02:00
Rafał Miłecki
707d119716 bcm53xx: fix earlycon regression in kernel 4.14
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-03-29 15:10:19 +02:00
Felix Fietkau
4bcf6acb14 Revert "ppp: make ppp-multilink provide ppp"
opkg currently has some issues with Provides and this change makes the
image builder fail because of that. Revert the change for now until opkg
is fixed

This reverts commit 092d75aa3e.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-29 11:57:40 +02:00
Felix Fietkau
d7ca4c6d3e ar71xx: fix ar934x usb controller resource conflict
Use the right size for the EHCI block

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-28 23:08:37 +02:00
Yousong Zhou
01b835970a procd: update to the latest version
Changes since last version

    dfb68f8 service: initialize supplementary group ids
    3db4e6d service: add func for string config change check
    c3faabe procd: get rid of putenv usage.

The supplementary group id change fixes FS#988

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-03-28 17:42:40 +08:00
Daniel Golle
eba3b028e4 hostapd: update to git snapshot of 2018-03-26
The following patches were merged upstream:
000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
 replaced by commit 0e3bd7ac6
001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
 replaced by commit cb5132bb3
002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
 replaced by commit 87e2db16b
003-Prevent-installation-of-an-all-zero-TK.patch
 replaced by commit 53bb18cc8
004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
 replaced by commit 0adc9b28b
005-TDLS-Reject-TPK-TK-reconfiguration.patch
 replaced by commit ff89af96e
006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
 replaced by commit adae51f8b
007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
 replaced by commit 2a9c5217b
008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
 replaced by commit a00e946c1
009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
 replaced by commit b488a1294
010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
 replaced by commit 6f234c1e2
011-Additional-consistentcy-checks-for-PTK-component-len.patch
 replaced by commit a6ea66530
012-Clear-BSSID-information-in-supplicant-state-machine-.patch
 replaced by commit c0fe5f125
013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
 replaced by commit 114f2830d

Some patches had to be modified to work with changed upstream source:
380-disable_ctrl_iface_mib.patch (adding more ifdef'ery)
plus some minor knits needed for other patches to apply which are not
worth being explicitely listed here.

For SAE key management in mesh mode, use the newly introduce
sae_password parameter instead of the psk parameter to also support
SAE keys which would fail the checks applied on the psk field (ie.
length and such). This fixes compatibility issues for users migrating
from authsae.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-03-27 19:25:32 +02:00
Hans Dedecker
9b92afa3aa uci: update to latest git HEAD
5d2bf09 uci: fix a potential use-after-free in uci_set()
3b3d63e list: only record ordering deltas if element position changed
4c4d343 cmake: Fix cli shared linking against ubox

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-27 13:49:49 +02:00
Felix Fietkau
d290024c42 netifd: update to the latest version (fixes FS#1452)
9c8d781 netifd: return the interface for locally addressable host dependencies

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-27 11:33:51 +02:00
Felix Fietkau
905a3f249a build: include kmod-ipt-offload in default images
Netfilter flow offload has now started to become useful and suitable for
a wider testing audience. Configuring it via UCI is also integrated in
firewall3 by adding 'option flow_offloading 1' to the 'defaults'
section in /etc/config/firewall

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-27 08:26:41 +02:00
Felix Fietkau
83e1fce17a kernel: add kmod-sound-ens1371
This audio chip is provided as a virtual audio device by VMware

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-25 21:18:35 +02:00
Hans Dedecker
287f5ebd2f dnsmasq: improve init script portability (FS#1446)
Improve portability of init script by declaring resolvfile as local
in dnsmasq_stop function.
Fixes resolvfile being set for older busybox versions in dnsmasq_start
in a multi dnsmasq instance config when doing restart; this happens when
the last instance has a resolvfile configured while the first instance
being started has noresolv set to 1.

Base on a patch by "Phil"

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-24 18:50:45 +01:00
Fan Fan
8e1065d681 sunxi: add build for sopine
This will generate image for Pine64 Sopine board.

Signed-off-by: Fan Fan <fkpwolf@gmail.com>
2018-03-23 23:53:20 +01:00
Rosen Penev
43788a91fb ethtool: Update to 4.15.
Contains kernel 4.14 updates. Compile tested on mvebu.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-03-23 23:49:55 +01:00
Stijn Segers
41a881a8d9 Kernel: bump 4.14 to 4.14.29
Right patch version this time, sorry!

* Patch 180-usb-xhci-add-support-for-performing-fake-doorbell.patch had to be adjusted slightly because of upstream adapted code.
* Refreshed patches.

Compile-tested: ramips/mt7621, x86/64
Run-tested: ramips/mt7621, x86/64
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Tested-by: Rosen Penev <rosenp@gmail.com>
2018-03-23 23:49:55 +01:00
Kevin Darbyshire-Bryant
4a788fcf63 iproute2: cake: support new overhead reporting & stats structures
Cake in kernel space now splits stats structure handling across netlink
messages to reduce stack usage issue flagged by upstream kernel checks.
Update user space (tc) qdisc handling to understand this new regime.

Cake also reports packet overheads & compensation in a different way so
add display code for this. e.g.

'tc -s qdisc show dev eth0' reports this extra detail:

 min/max transport layer size:         28 /    1500
 min/max overhead-adjusted size:       65 /    1550
 average transport hdr offset:         14

Cake also supports output in JSON format.

Patch is bulkier than before because a (slightly out of date - see above
stats) man page is included for reference. Better than nothing!

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-03-23 22:08:22 +01:00