Adrian Schmutzler [Thu, 14 May 2020 14:00:14 +0000 (16:00 +0200)]
ramips: drop non-existant ralink,port-map for Ravpower WD03
The property "ralink,port-map" has been obsolete long before
this device was added, and the device is a one-port anyway.
Just remove it.
Fixes: 5ef79af4f80f ("ramips: add support for Ravpower WD03") Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit c00b2df6c8e421ea7aa96f53178dc85db99f2305)
In file included from ./arch/mips/include/asm/io.h:34,
from ./arch/mips/include/asm/mmiowb.h:5,
from ./include/linux/spinlock.h:60,
from ./include/linux/irq.h:14,
from drivers/irqchip/irq-bcm6345-ext.c:10:
drivers/irqchip/irq-bcm6345-ext.c: In function 'bcm6345_ext_intc_of_init':
./arch/mips/include/asm/mach-bcm63xx/ioremap.h:48:9: warning: 'base' may be used uninitialized in this function [-Wmaybe-uninitialized]
return is_bcm63xx_internal_registers((unsigned long)addr);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
drivers/irqchip/irq-bcm6345-ext.c:255:16: note: 'base' was declared here
void __iomem *base;
^~~~
drivers/irqchip/irq-bcm6345-periph.c: In function 'bcm6345_periph_irq_handle':
drivers/irqchip/irq-bcm6345-periph.c:55:21: warning: 'block' may be used uninitialized in this function [-Wmaybe-uninitialized]
struct intc_block *block;
^~~~~
drivers/mtd/parsers/redboot.c: In function 'parse_redboot_partitions':
drivers/mtd/parsers/redboot.c:194:59: warning: suggest parentheses around '-' in operand of '&' [-Wparentheses]
fis_origin = (buf[i].flash_base & (master->size << 1) - 1);
~~~~~~~~~~~~~~~~~~~~^~~
Magnus Kroken [Thu, 16 Apr 2020 15:47:47 +0000 (17:47 +0200)]
mbedtls: update to 2.16.6
Security fixes for:
* CVE-2020-10932
* a potentially remotely exploitable buffer overread in a DTLS client
* bug in DTLS handling of new associations with the same parameters
Full release announement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
Robert Marko [Tue, 12 May 2020 20:18:33 +0000 (22:18 +0200)]
libjson-c: backport security fixes
This backports upstream fixes for the out of bounds write vulnerability in json-c.
It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592
Addresses CVE-2020-12762
Signed-off-by: Robert Marko <robert.marko@sartura.hr> Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
[bump PKG_RELEASE, rebase patches on top of json-c 0.12] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit bc0288b76816578f5aeccb2abd679f82bfc5738e)
Before we were trying to check for timeconst.h by looking in the kernel
source directory. This isn't quite correct on configurations in which
the object directory is separate from the kernel source directory, for
example when using O="elsewhere" as a make option when building the
kernel. The correct fix is to use $(CURDIR), which should point to
where we want.
* compat: use bash instead of bc for HZ-->USEC calculation
This should make packaging somewhat easier, as bash is generally already
available (at least for dkms), whereas bc isn't provided by distros by
default in their build meta packages.
* socket: remove errant restriction on looping to self
It's already possible to create two different interfaces and loop
packets between them. This has always been possible with tunnels in the
kernel, and isn't specific to wireguard. Therefore, the networking stack
already needs to deal with that. At the very least, the packet winds up
exceeding the MTU and is discarded at that point. So, since this is
already something that happens, there's no need to forbid the not very
exceptional case of routing a packet back to the same interface; this
loop is no different than others, and we shouldn't special case it, but
rather rely on generic handling of loops in general. This also makes it
easier to do interesting things with wireguard such as onion routing.
At the same time, we add a selftest for this, ensuring that both onion
routing works and infinite routing loops do not crash the kernel. We
also add a test case for wireguard interfaces nesting packets and
sending traffic between each other, as well as the loop in this case
too. We make sure to send some throughput-heavy traffic for this use
case, to stress out any possible recursion issues with the locks around
workqueues.
* send: cond_resched() when processing tx ringbuffers
Users with pathological hardware reported CPU stalls on CONFIG_
PREEMPT_VOLUNTARY=y, because the ringbuffers would stay full, meaning
these workers would never terminate. That turned out not to be okay on
systems without forced preemption. This commit adds a cond_resched() to
the bottom of each loop iteration, so that these workers don't hog the
core. We don't do this on encryption/decryption because the compat
module here uses simd_relax, which already includes a call to schedule
in preempt_enable.
* selftests: initalize ipv6 members to NULL to squelch clang warning
This fixes a worthless warning from clang.
* send/receive: use explicit unlikely branch instead of implicit coalescing
As announced on the mailing list, WireGuard will be in Linux 5.6. As a
result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is
moving to its own wireguard-tools repo. Meanwhile, the out-of-tree
kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux-
compat repo. Yesterday, releases were cut out of these repos, so this
commit bumps packages to match. Since wg(8) and the compat kernel module
are versioned and released separately, we create a wireguard-tools
Makefile to contain the source for the new tools repo. Later, when
OpenWRT moves permanently to Linux 5.6, we'll drop the original module
package, leaving only the tools. So this commit shuffles the build
definition around a bit but is basically the same idea as before.
Kevin Darbyshire-Bryant [Sat, 4 Apr 2020 08:20:08 +0000 (09:20 +0100)]
umdns: suppress address-of-packed-member warning
gcc 8 & 9 appear to be more picky with regards access alignment to
packed structures, leading to this warning in dns.c:
dns.c:261:2: error: converting a packed ‘struct dns_question’ pointer
(alignment 1) to a ‘uint16_t’ {aka ‘short unsigned int’} pointer
(alignment 2) may result in an unaligned pointer value
[-Werror=address-of-packed-member]
261 | uint16_t *swap = (uint16_t *) q;
Work around what I think is a false positive by turning the warning off.
Not ideal, but not quite as not ideal as build failure.
Sungbo Eo [Sun, 22 Mar 2020 17:41:08 +0000 (02:41 +0900)]
oxnas: move service file to correct place
This service file has been misplaced from the very beginning.
Fixes: dcc34574efba ("oxnas: bring in new oxnas target") Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 01961f163d927d6b44097f48a67bbc5b4c63eaf7)
Jan Alexander [Tue, 24 Mar 2020 12:36:57 +0000 (13:36 +0100)]
ar71xx: use status led for GL.iNet GL-AR750S
Use power led for device status.
The status led behavior has already been fixed in af28d8a539fe
("ath79: add support for GL.iNet GL-AR750S") when porting the
device to ath79. This fixes it for ar71xx as well.
Signed-off-by: Jan Alexander <jan@nalx.net>
[minor commit title/message adjustments] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit d394c354ee0e8660f876889f6293803c581cbf85)
Adrian Schmutzler [Wed, 11 Mar 2020 14:52:41 +0000 (15:52 +0100)]
ar71xx: remove wrong MAC address adjustment for Archer C60 v2
The adjustment of the MAC address for Archer C60 v2 in 10_fix_wifi_mac
is broken since a "mac" partition is not set up for this device on
ar71xx. Instead, the MAC address is already patched correctly in
11-ath10k-caldata.
Catrinel Catrinescu [Wed, 11 Mar 2020 09:10:00 +0000 (10:10 +0100)]
ar71xx: ew-dorin, fix the trigger level for WPS button
Because the WPS button had the wrong trigger level,
the failsafe mode was triggered quite often,
after this commit:
https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=27f3f493de
Petr Štetiar [Thu, 20 Feb 2020 08:03:54 +0000 (09:03 +0100)]
ppp: backport security fixes
8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP 8d7970b8f3db pppd: Fix bounds check in EAP code 858976b1fc31 radius: Prevent buffer overflow in rc_mksid()
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 215598fd03899c19a9cd26266221269dd5ec8cee) Fixes: CVE-2020-8597 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 26 Feb 2020 15:41:45 +0000 (16:41 +0100)]
Revert "ppp: backport security fixes"
This reverts commit cc78f934a9466a0ef404bb169cc42680c7501d02 since it
didn't contain a reference to the CVE it addresses. The next commit
will re-add the commit including a CVE reference in its commit message.
Petr Štetiar [Thu, 20 Feb 2020 08:03:54 +0000 (09:03 +0100)]
ppp: backport security fixes
8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP 8d7970b8f3db pppd: Fix bounds check in EAP code 858976b1fc31 radius: Prevent buffer overflow in rc_mksid()
Hauke Mehrtens [Tue, 21 Jan 2020 22:58:30 +0000 (23:58 +0100)]
libubox: backport security patches
This backports some security relevant patches from libubox master. These
patches should not change the existing API and ABI so that old
applications still work like before without any recompilation.
Application can now also use more secure APIs.
The new more secure interfaces are also available, but not used.
OpenWrt master and 19.07 already have these patches by using a more
recent libubox version.
Josef Schlehofer [Mon, 6 Jan 2020 17:50:39 +0000 (18:50 +0100)]
tools/expat: Update to version 2.2.9
Fixes two CVEs:
- CVE-2019-15903 (Fix heap overflow triggered by XML_GetCurrentLineNumber)
- CVE-2018-20843 (Fix extraction of namespace prefixes from XML names)
Stephan Knauss [Sat, 18 Jan 2020 18:37:08 +0000 (19:37 +0100)]
kirkwood: fix HDD LED labels for Zyxel NSA325 in 01_leds
Change the LED labels for hdd1/hdd2 in 01_leds to match their
counterpart in DTS.
Signed-off-by: Stephan Knauss <openwrt@stephans-server.de>
[improve commit title and message] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit fbf297be38a93b9ca1119e5aaffecd2299087aa5)
Walter Sonius [Fri, 27 Dec 2019 11:41:35 +0000 (12:41 +0100)]
brcm47xx: fix switch port order for Netgear WN2500RP V1
The Netgear WN2500RP V1 switch0 already works for LAN
however the port order for the LAN ports is inverted. Correct
physical port order watched from the back of the device is:
4 / 3 / 2 / 1
WAN port is absent on this device and therefore removed
from switch config.
Signed-off-by: Walter Sonius <walterav1984@gmail.com>
[move block to maintain alphabetic sorting] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 098cbc68ee23db589ed6f0d081fe26cc385462f2)
Walter Sonius [Fri, 27 Dec 2019 11:25:39 +0000 (12:25 +0100)]
brcm47xx: fix switch port order for Netgear WNR3500 V2
The Netgear WNR3500 V2 switch0 already works for WAN/LAN
however the port order for the LAN ports is inverted. Correct
physical port order watched from the back of the device is:
Internet / 4 / 3 / 2 / 1 this resembles the Linksys E3000 V1.
Verfied with imagebuilder edit FILES=/etc/board.d/01_network
DENG Qingfang [Thu, 16 Jan 2020 16:24:43 +0000 (00:24 +0800)]
ramips: fix HiWiFi HC5962 switch configuration
HC5962 has only 3 LAN ports, switch port 0 is unused
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(backported from commit 68f49df31507454f86b72a5c1e250505176baed7) Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Florian Fainelli [Fri, 3 Jan 2020 22:58:58 +0000 (14:58 -0800)]
sunxi: Turn on CONFIG_PINCTRL_SUN4I_A10 for A20
CONFIG_PINCTRL_SUN4I_A10 controls both the A10 and the A20 enablong of
the pinctrl driver, this is necessary since upstream commit 5d8d349618a9464714c07414c5888bfd9416638f ("pinctrl: sunxi: add A20
support to A10 driver") which has been included in v4.13 and onwards.
Fixes: ad2b3bf310f7 ("sunxi: Add support for kernel 4.14") Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit 32e4eaef1b4c2a7fa44787813fdf715b2ba500d9)
Henryk Heisig [Sat, 23 Mar 2019 08:35:11 +0000 (08:35 +0000)]
ar71xx: base-files: fix board detect on new MikroTik devices
Move all MikroTik devices to new function to increase script execution
speed.
Machine name in new version of MikroTik RouterBOARD devices add "RB"
before model name:
Old machine name: MikroTik RouterBOARD 951Ui-2nD
New: MikroTik RouterBOARD RB951Ui-2nD
So this patch should fix it for all currently supported MikroTik boards.
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
[rebased,commit message facelift,script fixes] Signed-off-by: Petr Štetiar <ynezz@true.cz>
[spotted missing 922UAGS-5HPacD] Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit acf2b6c8881b432530bd98fa86753bf6a3546ff7)
[backport: do not add boards not supported in 18.06] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Julien Rabier [Mon, 4 Feb 2019 20:03:35 +0000 (21:03 +0100)]
ar71xx: fix RB941-2nD detection
Some hAP lite routers aren't detected because
/proc/cpuinfo shows "RouterBOARD RB941-2nD"
instead of "RouterBOARD 941-2nD".
Fix that.
Signed-off-by: Julien Rabier <taziden@flexiden.org>
[Alter string to include all flavours + slight rewrite of commit msg] Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 6570f3c93aa4110efd1466a6b89742c2e11d7c11)
Hauke Mehrtens [Fri, 22 Nov 2019 21:43:25 +0000 (22:43 +0100)]
e2fsprogs: Fix CVE-2019-5094 in libsupport
This adds the following patch from debian:
https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=debian/stable&id=09fe1fd2a1f9efc3091b4fc61f1876d0785956a8
libsupport: add checks to prevent buffer overrun bugs in quota code
Sungbo Eo [Fri, 6 Dec 2019 14:25:48 +0000 (23:25 +0900)]
kernel: fix *-gpio-custom module unloading
Unloading and reloading the modules fails, as platform_device_put() does not
release resources fully.
root@OpenWrt:/# insmod i2c-gpio-custom bus0=0,18,0,5
[ 196.860620] Custom GPIO-based I2C driver version 0.1.1
[ 196.871162] ------------[ cut here ]------------
[ 196.880517] WARNING: CPU: 0 PID: 1365 at fs/sysfs/dir.c:31 0x80112158
[ 196.893431] sysfs: cannot create duplicate filename '/devices/platform/i2c-gpio.0'
...
[ 197.513200] kobject_add_internal failed for i2c-gpio.0 with -EEXIST, don't try to register things with the same name in the same directory.
This patch fixes it by replacing platform_device_put() to
platform_device_unregister().
Fixes: da7740853715 ("i2c-gpio-custom: minor bugfix") Fixes: 3bc81edc70e8 ("package: fix w1-gpio-custom package (closes #6770)") Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit a22b7a60d98836343c4f7b9ec0fcae68d9131522)
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl> Fixes: 863e79f8d554 ("lantiq: add support for kernel 4.9")
(cherry picked from commit 692390225d76de8f2daf582454e74942b82d090a)
Felix Fietkau [Wed, 13 Mar 2019 11:45:13 +0000 (12:45 +0100)]
netifd: add support for suppressing the DHCP request hostname by setting it to *
dnsmasq (and probably other DHCP servers as well) does not like to hand out
leases with duplicate host names.
Adding support for skipping the hostname makes it easier to deploy setups
where it is not guaranteed to be unique
Martin Schiller [Wed, 4 Dec 2019 09:43:02 +0000 (10:43 +0100)]
ramips: fix number of LAN Ports for Mikrotik RBM33G
The Mikrotik RBM33G has only 2 LAN ports.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[moved node in 02_network to maintain alphabetic sorting; backport] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 3a55c7935d4efdc86575601cb4aa7bc94e3c5e44)
Walter Sonius [Wed, 4 Dec 2019 20:07:58 +0000 (21:07 +0100)]
ramips: fix switch port order for TP-Link Archer C20i
Physical port order watched from the backside of the C20i
(from left to right) is: Internet / 1 / 2 / 3 / 4
Physical Port Switch port
WAN 0
LAN 3 1
LAN 4 2
LAN 1 3
LAN 2 4
(not used) 5
CPU 6
Signed-off-by: Walter Sonius <walterav1984@gmail.com>
[commit message/title improvements; backport to 18.06] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit a065cd29bf2dfd1ce1f07becd65aef96cec658e7)
Hauke Mehrtens [Mon, 18 Nov 2019 06:05:41 +0000 (07:05 +0100)]
mac80211: Adapt to changes to skb_get_hash_perturb()
The skb_get_hash_perturb() function now takes a siphash_key_t instead of
an u32. This was changed in commit 55667441c84f ("net/flow_dissector:
switch to siphash"). Use the correct type in the fq header file
depending on the kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit eaa047179ad30d156d0c3da7ec225acfae7a9f00)
Sungbo Eo [Mon, 11 Nov 2019 16:20:45 +0000 (01:20 +0900)]
base-files: config_generate: split macaddr with multiple ifaces
netifd does not handle network.@device[x].name properly if it
contains multiple ifaces separated by spaces. Due to this, board.d
lan_mac setup does not work if multiple ifaces are set to LAN by
ucidef_set_interface_lan.
To fix this, create a device node for each member iface when
running config_generate instead. Those are named based on the
member ifname:
config device 'lan_eth0_dev'
option name 'eth0'
option macaddr 'yy:yy:yy:yy:yy:01'
config device 'lan_eth1_1_dev'
option name 'eth1.1'
option macaddr 'yy:yy:yy:yy:yy:01'
ref: https://github.com/openwrt/openwrt/pull/2542
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[always use new scheme, extend description, change commit title] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 298814e6be7640d89328de9e7c90d4349e30683f)
projects / users / dwmw2 / openwrt.git / log