Permalink
Commits on Sep 12, 2018
  1. mac80211: brcmfmac: backport first important changes from the 4.20

    Rafał Miłecki
    Rafał Miłecki committed Sep 12, 2018
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Commits on Sep 2, 2018
  1. LEDE v17.01.6: revert to branch defaults

    hauke committed Sep 2, 2018
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
  2. LEDE v17.01.6: adjust config defaults

    hauke committed Sep 2, 2018
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Commits on Aug 30, 2018
  1. grub2: rebase patches

    jow- committed Aug 23, 2018
    Patch 300-CVE-2015-8370.patch was added without proper rebasing on the
    version used by OpenWrt, make it apply and refresh the patch to fix
    compilation.
    
    Fixes: 7e73e91 ("grub2: Fix CVE-2015-8370")
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
    (cherry picked from commit 9ffbe84)
  2. bzip2: Fix CVE-2016-3189

    neheb authored and jow- committed Aug 23, 2018
    Issue causes a crash with specially crafted bzip2 files.
    
    More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189
    
    Taken from Fedora.
    
    Signed-off-by: Rosen Penev <rosenp@gmail.com>
    (cherry picked from commit f9469ef)
  3. grub2: Fix CVE-2015-8370

    neheb authored and jow- committed Aug 23, 2018
    This CVE is a culmination of multiple integer overflow issues that cause
    multiple issues like Denial of Service and authentication bypass.
    
    More info: https://nvd.nist.gov/vuln/detail/CVE-2015-8370
    
    Taken from Fedora.
    
    Signed-off-by: Rosen Penev <rosenp@gmail.com>
    (cherry picked from commit 7e73e91)
  4. scripts: bundle-libraries: fix logic flaw

    jow- committed Aug 29, 2018
    Previous refactoring of the script moved the LDSO detection into a
    file-not-exists condition, causing onyl the very first executable to
    get bundled.
    
    Solve the problem by unconditionally checking for LDSO again.
    
    Fixes: 9030a78 ("scripts: bundle-libraries: prevent loading host locales")
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
    (cherry picked from commit 5ebcd32)
  5. scripts: bundle-libraries: prevent loading host locales (FS#1803)

    jow- committed Aug 25, 2018
    Binary patch the bundled glibc library to inhibit loading of host locale
    archives in order to avoid triggering internal libc assertions when
    invoking shipped, bundled executables.
    
    The problem has been solved with upstream Glibc commit
    0062ace229 ("Gracefully handle incompatible locale data") but we still
    need to deal with older Glibc binaries for some time to come.
    
    Fixes FS#1803
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
    (cherry picked from commit 9030a78)
  6. kernel: bump kernel 4.4 to version 4.4.153

    hauke committed Aug 30, 2018
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
  7. mt76: Fix mirror hash

    hauke committed Aug 30, 2018
    The mirror hash added in this commit was wrong.
    The file on the mirror server and the newly generated file from git have
    a different hash value, use that one.
    
    Fixes: 4b5861c ("mt76: update to the latest version")
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Commits on Aug 27, 2018
  1. dropbear: backport upstream fix for CVE-2018-15599

    dedeckeh authored and hauke committed Aug 24, 2018
    CVE description :
    The recv_msg_userauth_request function in svr-auth.c in Dropbear through
    2018.76 is prone to a user enumeration vulnerability because username
    validity affects how fields in SSH_MSG_USERAUTH messages are handled,
    a similar issue to CVE-2018-15473 in an unrelated codebase.
    
    Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Commits on Aug 22, 2018
  1. kernel: bump kernel 4.4 to version 4.4.151

    hauke committed Aug 22, 2018
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Commits on Aug 21, 2018
  1. kernel: bump kernel 4.4 to version 4.4.150

    hauke committed Aug 21, 2018
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
  2. tools/e2fsprogs: update to 1.44.1

    p-wassi authored and NeoRaider committed Mar 26, 2018
    Update e2fsprogs to upstream 1.44.1 (feature and bugfix release)
    
    Signed-off-by: Paul Wassi <p.wassi@gmx.at>
    (cherry picked from commit 8262179)
  3. e2fsprogs: bump to 1.44.0

    Ansuel authored and NeoRaider committed Mar 9, 2018
    Fix compilation error
    
    Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
    (cherry picked from commit a9c0057)
  4. tools/e2fsprogs: Update to 1.43.7

    neheb authored and NeoRaider committed Nov 22, 2017
    Compile tested on Fedora 27.
    
    Signed-off-by: Rosen Penev <rosenp@gmail.com>
    (cherry picked from commit 08cc9a2)
  5. tools/e2fsprogs: Update to 1.43.6

    diizzyy authored and NeoRaider committed Sep 8, 2017
    Update e2fsprogs to 1.43.6
    * Remove FreeBSD patch as it's not needed, FreeBSD 9.1 is EoL and this
      is compiling on FreeBSD 11.1.
    * Remove libmagic patch, RHEL 5 is EoL (End of Production Phase) since
      March 31, 2017.
    
    Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
    (cherry picked from commit ed617fd)
  6. tools/e2fsprogs: Update to 1.43.5

    diizzyy authored and NeoRaider committed Aug 7, 2017
    Update e2fsprogs to 1.43.5
    
    Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
    (cherry picked from commit 8477d54)
  7. tools/e2fsprogs: Update to 1.43.4

    diizzyy authored and NeoRaider committed Feb 6, 2017
    * Update to 1.43.4
    * Refresh patches
    * xz tarball which saves about 2M in size
    
    Changelog: http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.43.4
    
    Tested by Etienne Haarsma (ar71xx), Daniel Engberg (kirkwood)
    
    Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com>
    Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
    Signed-off-by: Felix Fietkau <nbd@nbd.name> [use @kernel instead of harcoded URL]
    (cherry picked from commit 34ba64f)
  8. Revert "tools/e2fsprogs: fix building on a glibc 2.27 host"

    NeoRaider committed Aug 21, 2018
    This reverts commit 58a95f0.
    
    Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
  9. tools/bison: Update to 3.0.5

    diizzyy authored and NeoRaider committed Jun 7, 2018
    Update bison to 3.0.5
    Bugfix release
    Remove 001-fix-macos-vasnprintf.patch as it is fixed upstream
    
    Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Commits on Aug 17, 2018
  1. mac80211: brcmfmac: fix compilation with SDIO support

    Rafał Miłecki
    Rafał Miłecki committed Aug 17, 2018
    This fixes following error when compiling with CONFIG_BRCMFMAC_SDIO=y:
    drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c:1100:23: error: 'sdiod' undeclared (first use in this function)
       brcmf_dev_coredump(&sdiod->func1->dev);
    
    Fixes: 9d8940c ("mac80211: brcmfmac: backport important changes from the 4.18")
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Commits on Aug 16, 2018
  1. mac80211: brcmfmac: backport patch setting WIPHY_FLAG_HAVE_AP_SME

    Rafał Miłecki
    Rafał Miłecki committed Aug 16, 2018
    It's an important hint for authenticator (e.g. hostapd) about hardware
    capabilities.
    
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
  2. mac80211: brcmfmac: backport important changes from the 4.19

    Rafał Miłecki
    Rafał Miłecki committed Aug 16, 2018
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
  3. mac80211: brcmfmac: backport important changes from the 4.18

    Rafał Miłecki
    Rafał Miłecki committed Aug 16, 2018
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
  4. mac80211: brcmfmac: backport important changes from the 4.16

    Rafał Miłecki
    Rafał Miłecki committed Aug 16, 2018
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
  5. mac80211: brcmfmac: backport important changes from the 4.15

    Rafał Miłecki
    Rafał Miłecki committed Aug 16, 2018
    Two more patches that may be worth backporting in the future:
    fdd0bd88ceae brcmfmac: add CLM download support
    cc124d5cc8d8 brcmfmac: fix CLM load error for legacy chips when user helper is enabled
    
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
  6. mac80211: brcmfmac: backport important changes from the 4.14

    Rafał Miłecki
    Rafał Miłecki committed Aug 16, 2018
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
  7. mac80211: brcmfmac: backport important changes from the 4.13

    Rafał Miłecki
    Rafał Miłecki committed Aug 16, 2018
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
  8. mac80211: brcmfmac: backport important changes from the 4.12

    Rafał Miłecki
    Rafał Miłecki committed Aug 16, 2018
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
  9. mac80211: brcmfmac: backport use-after-free fix from 4.11

    Rafał Miłecki
    Rafał Miłecki committed Aug 16, 2018
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
  10. mac80211: brcmfmac: group 4.11 backport patches

    Rafał Miłecki
    Rafał Miłecki committed Aug 16, 2018
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Commits on Aug 15, 2018
  1. openssl: update to version 1.0.2p

    hauke committed Aug 15, 2018
    This fixes the following security problems:
     * CVE-2018-0732: Client DoS due to large DH parameter
     * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation
    
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
  2. kernel: bump kernel 4.4 to version 4.4.148

    hauke committed Aug 15, 2018
    The following patch was integrated upstream:
     * target/linux/generic/patches-4.4/005-ext4-fix-check-to-prevent-initializing-reserved-inod.patch
    
    This fixes tries to work around the following security problems:
     * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
     * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects
    
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Commits on Aug 10, 2018
  1. mbedtls: update to version 2.7.5

    hauke committed Aug 10, 2018
    This fixes the following security problems:
    * CVE-2018-0497: Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel
    * CVE-2018-0498: Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel
    
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>