Openwrt 19.07.1 #2981
Closed
Openwrt 19.07.1 #2981
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
e4bd927 cast ucert_argv to proper type when passing to execv Fixes warnings: warning: passing argument 2 of 'execv' from incompatible pointer type [-Wincompatible-pointer-types] 254 | execv(usign_argv[0], usign_argv) Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 9c272dd)
This also fixes mac80211_prepare_vif iw set channel in monitor or mesh mode. Signed-off-by: Santiago Piccinini <spiccinini@altermundi.net> Signed-off-by: Daniel Golle <daniel@makrotopia.org> [daniel@makrotopia.org: fixed commit message] (cherry picked from commit c7fb12b)
Refreshed all patches. Altered patches: - 400-mtd-add-rootfs-split-support.patch Compile-tested on: cns3xxx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The release notes since last time for wave-1:
* November 29, 2019: Fix IBSS merge issue, related to TSF id leakage bug in firmware code.
Thanks for Ahmed Zaki @ Mage-Networks for helping to diagnose and test.
The release notes since last time for wave-2:
* December 6, 2019: Fix 160Mhz problem caused by logic that did not take into account the fact that
160Mhz has only 1/2 of the NSS of lower bandwidths in the rate table.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 30109782df3c74becd60dd13216346e1ea2fcc96)
Physical port order watched from the backside of the C20i (from left to right) is: Internet / 1 / 2 / 3 / 4 Physical Port Switch port WAN 0 LAN 3 1 LAN 4 2 LAN 1 3 LAN 2 4 (not used) 5 CPU 6 Signed-off-by: Walter Sonius <walterav1984@gmail.com> [commit message/title improvements; backport to 19.07] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit a065cd2)
The Mikrotik RBM33G has only 2 LAN ports. Signed-off-by: Martin Schiller <ms@dev.tdt.de> [moved node in 02_network to maintain alphabetic sorting; backport] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 3a55c79)
Netgear WNR3500L is an already supported device, but out of the box, the device has no switch configuration and there is no wan. The correct configuration for this specific model is similar to some other models. This simple commit adds the correct switch and the out-of-the-box experience is improved. Experimentally determined: Port 0 => WAN Port 1..4 => LAN Port 5..7 => unused Port 8 => CPU Signed-off-by: Olli Asikainen <olli.asikainen@gmail.com> Tested-by: Fabian Zaremba <fabian@youremail.eu> [added port mapping to commit message] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit deb8358)
This allows JCG_MAXSIZE to be specified in kilobytes. This makes this value more consistent and easier comparable with other size variables. This also changes the only occurence of the variable, for Cudy WR1000. This is backported to 19.07 for convenience, as other developers backporting device support might not be aware that JCG_MAXSIZE in kilobytes would not work there. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 0bf4d68)
The TL-WDR4300 v1 sold in Israel has a different TPLINK_HWID. Thanks to Josh4300 for testing on device. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit c642a97)
5f0d2e0491 [AArch64] Add ifunc support for Ares e6b7252040 aarch64,falkor: Use vector registers for memcpy c74b884f70 aarch64,falkor: Ignore prefetcher tagging for smaller copies 0fc5934ebd aarch64/strncmp: Use lsr instead of mov+lsr e0a0bd3acc aarch64/strncmp: Unbreak builds with old binutils 638caf3000 aarch64: Improve strncmp for mutually misaligned inputs d5f45a29ff aarch64/strcmp: fix misaligned loop jump target 7f690fafad aarch64: Improve strcmp unaligned performance 40df047b3b aarch64: Fix branch target to loop16 062139f233 aarch64: Optimized memcmp for medium to large sizes f3e2add213 aarch64: Use the L() macro for labels in memcmp 22bd3ab40e posix: Fix large mmap64 offset for mips64n32 (BZ#24699) bdd16894aa aarch64: handle STO_AARCH64_VARIANT_PCS 0b48caab9a aarch64: add STO_AARCH64_VARIANT_PCS and DT_AARCH64_VARIANT_PCS 949da7f2fd io: Remove copy_file_range emulation [BZ #24744] f056ac8363 libio: do not attempt to free wide buffers of legacy streams [BZ #24228] 5f90e009b1 NEWS: add entries for bugs 22964, 24180, and 24531 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
5b4f7382af Add undef to fix test failure. 9456483fb2 Improve performance of memmem 373f8b06a3 Improve performance of strstr 4ec1b9e913 Fix strstr bug with huge needles (bug 23637) ecd6271ed8 Speedup first memmem match bba6b9288f Simplify and speedup strstr/strcasestr first match 7a4da6ef7a Improve strstr performance Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Problem found by AddressSanitizer[1]:
Latest `grep` (git commit 1019e6e) compiled with asan may cause a
heap-buffer-overflow when `-i` is specified.
./grep -i '\(\(\)*.\)*\(\)\(\)\1' /bin/chvt
=================================================================
==16206==ERROR: AddressSanitizer: heap-buffer-overflow on address
1. https://debbugs.gnu.org/34140
Ref: https://sourceware.org/bugzilla/show_bug.cgi?id=24114
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
[commit title and description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
bef0b1cb31 libio: Disable vtable validation for pre-2.1 interposed handles [BZ #25203] 4d5cfeb510 rtld: Check __libc_enable_secure before honoring LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204] 92f04eedb5 mips: Force RWX stack for hard-float builds that can run on pre-4.8 kernels Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hardware
--------
SoC: NXP P1020 (2x e500 @ 800MHz)
RAM: 256M DDR3 (Micron)
FLASH: 32M NOR (Spansion S29GL128S)
BTN: 1x Reset
WiFi: 1x Atheros AR9590 2.4 bgn 3x3
2x Atheros AR9590 5.0 an 3x3
ETH: 1x Gigabit Ethernet (Atheros AR8033)
LED: System (green/red) - Radio{0,1} (green)
LAN (connected to PHY)
- GE blue
- FE green
Serial is a Cisco-compatible RJ45 next to the ethernet port.
115200-N-8 are the settings for OS and U-Boot.
Installation
------------
1. Grab the OpenWrt initramfs, rename it to 01C8A8C0.img. Place it in
the root directory of a TFTP server and serve it at
192.168.200.200/24.
2. Connect to the serial port and boot the AP. Stop autoboot in U-Boot
by pressing Enter when prompted. Credentials are identical to the one
in the APs interface. By default it is admin / new2day.
3. Set the bootcmd so the AP can boot OpenWrt by executing
$ setenv boot_openwrt "setenv bootargs;
cp.b 0xee000000 0x1000000 0x1000000; bootm 0x1000000"
$ setenv bootcmd "run boot_openwrt"
$ saveenv
If you plan on going back to the vendor firmware - the bootcmd for it
is stored in the boot_flash variable.
4. Load the initramfs image to RAM and boot by executing
$ tftpboot 0x1000000 192.168.200.200:01C8A8C0.img; bootm
5. Make a backup of the "firmware" partition if you ever wish to go back
to the vendor firmware.
6. Upload the OpenWrt sysupgrade image via SCP to the devices /tmp
folder.
7. Flash OpenWrt using sysupgrade.
$ sysupgrade -n /tmp/openwrt-sysupgrade.bin
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 16b01fb)
The led wireless trigger is already set correctly to phy0tpt through the alias in the device tree. Signed-off-by: Manuel Kock <github.web@manu.li> [rephrased commit title] Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 509894c)
e53fec8 treewide: optimize syslog priority values Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Enabling legacy PTYs causes problems with procd-hotplug. And as this is a headless target, no need to have virtual terminals. Remove corresponding kernel config options, they are disabled in generic kernel config. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit c881769)
Having legacy PTYs enabled causes problems with procd-hotplug. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit dcf48fd)
Having legacy PTYs enabled causes problems with procd-hotplug. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit d0d7f5d)
Enabling legacy PTYs causes problems with procd-hotplug. And as this is a headless target, no need to have virtual terminals. Remove corresponding kernel config options, they are disabled in generic kernel config. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit c1db4d9)
Having legacy PTYs enabled causes problems with procd-hotplug. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 411e824)
Having legacy PTYs enabled causes problems with procd-hotplug. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 414d027)
Having legacy PTYs enabled causes problems with procd-hotplug. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 2105354)
Having legacy PTYs enabled causes problems with procd-hotplug. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit e964338)
TL-WDR4300 board uses only green LED names in DTSI. This patch adds migration for them. The actual LED colors on the devices have been reported to vary across subrevisions (v1.x). Despite, the USB LEDs on the back might have different color than the other LEDs on the front. Signed-off-by: Sungbo Eo <mans0n@gorani.run> [extended commit message] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 01d39cd)
This update doesn't include: 3b1e0a7bdfee brcmfmac: add support for SAE authentication offload be898fed355e brcmfmac: send port authorized event for FT-802.1X due to nl80211 dependencies. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit c3aa33b)
Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 17e2246)
Device support for Belkin F9K1109v1 was added using set_usb_led() although this was removed in 772b27c ("ramips: set F5D8235 v1 usb led trigger via devicetree"). Use ucidef_set_led_usbport() instead. Fixes: f2c8353 ("ramips: add support for Belkin F9K1109v1") Signed-off-by: Sungbo Eo <mans0n@gorani.run> [rephrase commit title and message, backport] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 1f45541)
ZyXEL Keenetic has 8MB flash, but OpenWrt uses only 4MB. This commit fixes the problem. WikiDevi page [1] says that ZyXEL Keenetic has FLA1: 8 MiB, there is an article with specs [2] (in Russian). [1] https://wikidevi.wi-cat.ru/ZyXEL_Keenetic [2] https://3dnews.ru/608774/page-2.html Fixes: FS#2487 Fixes: a7cbf59 ("ramips: add new device ZyXEL Keenetic as kn") Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com> (cherry picked from commit fea232a)
This reverts commit c38074d. Since ZyXEL Keenetic has actually 8 MiB flash as fixed in the previous patch, we can re-enable it. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Changelog: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released Security advisory: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit 36af196)
This adds the board name from ar71xx to support upgrade without -F for the TP-Link TL-WA901ND v2. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 508462a)
Refreshed all patches. Remove upstreamed: - 0001-net-thunderx-workaround-BGX-TX-Underflow-issue.patch - 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch - 003-ARM-dts-oxnas-Fix-clear-mask-property.patch Fixes: - CVE-2020-8647 - CVE-2020-8648 (potentially) - CVE-2020-8649 Compile-tested on: cns3xxx, octeontx Runtime-tested on: cns3xxx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Backport Device Tree change first added in kernel 4.19 to enable the SPI device on ClearFog devices by default. This is tested and working in snapshot builds with kernel 5.4+, include the change in future 19.07 patch releases. Signed-off-by: Joel Johnson <mrjoel@lixil.net>
Tegra 2 processors have only 16 double-precision registers. The change introduced by 8dcc108 ("toolchain: ARM: Fix toolchain compilation for gcc 8.x") switched accidentally the toolchain for tegra target to cpu type with 32 double-precision registers. This stems from gcc defaults which assume "vfpv3-d32" if only "vfpv3" as mfpu is specified. That change resulted in unusable image, in which kernel will kill userspace as soon as it causing "Illegal instruction". Ref: https://forum.openwrt.org/t/gcc-was-broken-on-mvebu-armada-370-device-after-commit-on-2019-03-25/43272 Fixes: 8dcc108 ("toolchain: ARM: Fix toolchain compilation for gcc 8.x") Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl> (cherry picked from commit 43d1d88)
Armada 370 processors have only 16 double-precision registers. The change introduced by 8dcc108 ("toolchain: ARM: Fix toolchain compilation for gcc 8.x") switched accidentally the toolchain for mvebu cortexa9 subtarget to cpu type with 32 double-precision registers. This stems from gcc defaults which assume "vfpv3-d32" if only "vfpv3" as mfpu is specified. That change resulted in unusable image, in which kernel will kill userspace as soon as it causing "Illegal instruction". Ref: https://forum.openwrt.org/t/gcc-was-broken-on-mvebu-armada-370-device-after-commit-on-2019-03-25/43272 Fixes: 8dcc108 ("toolchain: ARM: Fix toolchain compilation for gcc 8.x") Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl> (cherry picked from commit 2d61f88)
Security fixes for: * CVE-2020-10932 * a potentially remotely exploitable buffer overread in a DTLS client * bug in DTLS handling of new associations with the same parameters Full release announement: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit 02fcbe2)
Don't move strings anymore to /bin/strings to avoid clash with busybox /usr/bin/strings but move it to /usr/bin/binutils-strings. Use ALTERNATIVES support to install it as /usr/bin/strings Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 5f126c5)
gcc 8 & 9 appear to be more picky with regards access alignment to
packed structures, leading to this warning in dns.c:
dns.c:261:2: error: converting a packed ‘struct dns_question’ pointer
(alignment 1) to a ‘uint16_t’ {aka ‘short unsigned int’} pointer
(alignment 2) may result in an unaligned pointer value
[-Werror=address-of-packed-member]
261 | uint16_t *swap = (uint16_t *) q;
Work around what I think is a false positive by turning the warning off.
Not ideal, but not quite as not ideal as build failure.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 02640f0)
(cherry picked from commit a10b6ec1c8cd6d14a3b76a2ec3d81442b85f7321)
ab7a39a umdns: fix unused error 45c4953 dns: explicitly endian-convert all fields in header and question Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 22ae8bd) (cherry picked from commit 17c4593e63f5847868f2c38185275199d37d379a)
Fixes NULL dereference in SSL_check_chain() for TLS 1.3, marked with high severity, assigned CVE-2020-1967. Ref: https://www.openssl.org/news/secadv/20200421.txt Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 3773ae1)
Building libpcap with high number (64) of simultaneous jobs fails:
In file included from ./fmtutils.c:42:0:
./ftmacros.h:106:0: warning: "_BSD_SOURCE" redefined
#define _BSD_SOURCE
<command-line>:0:0: note: this is the location of the previous definition
./gencode.c:67:10: fatal error: grammar.h: No such file or directory
#include "grammar.h"
^~~~~~~~~~~
compilation terminated.
Makefile:99: recipe for target 'gencode_pic.o' failed
So fix this by less intrusive way by disabling the parallel builds for
this package.
Ref: FS#3010
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fix the test for an enabled sysntp initscript in dnsmasq.init, and get rid of "test -o" while at it. Issue reproduced on openwrt-19.07 with the help of pool.ntp.br and an RTC-less ath79 router. dnssec-no-timecheck would be clearly missing from /var/etc/dnsmasq.conf.* while the router was still a few days in the past due to non-working DNSSEC + DNS-based NTP server config. The fix was tested with the router in the "DNSSEC broken state": it properly started dnsmasq in dnssec-no-timecheck mode, and eventually ntp was able to resolve the server name to an IP address, and set the system time. DNSSEC was then enabled by SIGINT through the ntp hotplug hook, as expected. A missing system.ntp.enabled UCI node is required for the bug to show up. The reasons for why it would be missing in the first place were not investigated. Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase] (cherry picked from commit 556b858)
f4d759b dhcp.c: further improve validation Further improve input validation for CVE-2020-11752 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 9e7d11f)
kmod-usb-dwc2 and kmod-usb-ledtrig-usbport are not target default packages, and Belkin F7C027 does not have a USB port anyway. Just drop it. Signed-off-by: Sungbo Eo <mans0n@gorani.run> (cherry picked from commit 1dedad2)
It's known that ZBT sells 256M variants of these routers. As a result, our images won't be able to boot on these routers. This commit removes memory node for them. With previously backported memory detection patch, kernel is able to detect memory size itself. Fixes: FS#3053 Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Before 2019.01 version was introduced patch, which changes cache
routines: 93b283d4 ("ARM: CPU: arm926ejs: Consolidate cache
routines to common file"). Unfortunately that patch make ethernet
and usb in kirkwood broken.
This patch backport commit 599f7aa5 ("ARM: kirkwood: disable dcache
for Kirkwood boards"), which are fix for that problem.
Fixes: dc08514 ("uboot-kirkwood: update to 2019.01")
Run tested: pogoplugv4
Tested-by: Cezary Jackiewicz <cezary@eko.one.pl> [nsa310]
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
On Windows, refuse paths that start with \\ ... as that might cause an unexpected SMB connection to a given host name. Ref: PR#2730 Ref: https://curl.haxx.se/docs/CVE-2019-15601.html Suggested-by: Jerome Benoit <jerome.benoit@sap.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
Another release is overdue for quite some time, so I'm backporting three fixes from upstream which I plan to backport into 19.07 as well. Ref: FS#2880 Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 76a0ddf)
Without this change, wpa-cli features depend on which wpad build variant was used to build the wpa-cli package Signed-off-by: Felix Fietkau <nbd@nbd.name> Tested-by: Jérôme Benoit <jerome.benoit@piment-noir.org> [WRT1900AC v1] [added missing package version bump] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 03e9e4b)
Signed-off-by: Felix Fietkau <nbd@nbd.name> Tested-by: Jérôme Benoit <jerome.benoit@piment-noir.org> [WRT1900AC v1] [added missing package version bump] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit e0ab33e)
Backport patch from hostapd.git master that fixes copy/paste error in crypto_bignum_sub() in crypto_wolfssl.c. This missing fix was discovered while testing SAE over a mesh interface. With this fix applied and wolfssl >3.14.4 mesh+SAE works fine with wpad-mesh-wolfssl. Cc: Sean Parkinson <sean@wolfssl.com> Signed-off-by: Antonio Quartulli <a@unstable.cc> Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 4b3b8ec)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
感谢您对OpenWRT的贡献!为了帮助保持代码库的一致性和可读性,NAND可以帮助人们查看您的贡献,我们要求您遵循您在此链接n https://openwrt.org/submitting-patches n n处找到的规则--请在发布拉请求之前删除此消息。