Commit Graph

180 Commits

Author SHA1 Message Date
Alexander Couzens cb5ddd5168 Merge remote-tracking branch 'upstream_openwrt/master'
* openssl update
* hostapd: fix remote denial of service vulnerability in WMM action frame parsing
* kernel: remove the netfilter optimization that skips the filter table, it has caused too many issues
* ath9k: fix a beacon enable handling bug
* minor bugfixes and board backports
2015-07-19 19:59:25 +02:00
jow 10b1d597b9 BB: openssl: update to v1.0.2d (CVE-2015-1793)
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.

This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r46285

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@46287 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-07-09 13:15:32 +00:00
jogo 861527622c BB: kernel: kmod-scsi-core: fix load on install
sd_mod depends on scsi_mod, but due to it being an AutoLoad and not
AutoProbe module, it was not loading when installing the package,
causing unknown symbol errors for sd_mod and anything depending on it.

Closes #14927, #18293, #19351.

Backport of r46176.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@46178 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-07-04 12:56:21 +00:00
jow 28e3d3f330 BB: uclibc++: make g++-uc* wrappers relocatable
The g++-uc wrapper hardcodes $(STAGING_DIR) and $(TOOLCHAIN_DIR) paths which
will not work outside of the original build environment.

Replace the hardcoded staging_dir occurences with paths relative to the
$STAGING_DIR environment variable to make the g++-uc* wrappers usable in an
SDK environment.

Fixes the libdb47 build failure reported at
  https://lists.openwrt.org/pipermail/openwrt-devel/2015-April/032455.html

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r46162

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@46164 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-07-03 13:49:24 +00:00
cyrus d70e69464e openssl: bump to 1.0.2c
fixes CVE-2015-4000 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792 CVE-2015-1791

Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@45951 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-06-12 20:59:57 +00:00
Alexander Couzens 22bd48f95c linux: backport support for light sensor APDS9300 using iio framework 2015-05-07 20:49:06 +02:00
nbd 179bab8b17 hostapd: fix remote denial of service vulnerability in WMM action frame parsing
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r45619

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@45620 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-05-06 09:47:05 +00:00
Alexander Couzens 9a0f07ec12 packages/uboot-envtools: add support for sysmocom boards 2015-04-04 19:47:34 +02:00
jow 229d60fdb4 BB: openssl: update to v1.0.2a (14 CVEs)
Fixes CVE-2015-0204, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209,
CVE-2015-0285, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289,
CVE-2015-0290, CVE-2015-0291, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44952 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-03-23 14:08:16 +00:00
nbd 64ae631f20 kernel: remove the netfilter optimization that skips the filter table, it has caused too many issues
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r44873

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44874 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-03-17 17:15:15 +00:00
Alexander Couzens 1c00a18a38 package/lldp: add eth0 to listening interfaces 2015-03-17 13:21:56 +01:00
nbd 8737792072 ath9k: fix a beacon enable handling bug
Backport of r44696

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44697 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-03-12 16:32:07 +00:00
jow 878af3117f BB: ubox: fix segmentation fault in insmod
Fix segfault in kmodloader insmod mode due to uninitialized module
directory list.

Apply the required fix as patch for now since we don't have the
ulog infrastructure in BB (yet) required for the git head of ubox.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44550 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-02-26 21:29:57 +00:00
jow 11fa76da82 BB: fstools: fix build with enabled ubifs extroot support
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r44538

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44539 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-02-25 18:55:39 +00:00
jow 8d49c6d438 BB: fstools: cumulative backport
- Adds support for /dev/vd* virtual io
- Adds support for overlayfs v23
- Fixes overlayfs mount on 3.18
- Make the block tool ignore case when comparing uuid strings
- Fixes sysupgrade on linux 3.18
- Support extroot/ubi
- Allows using UBIFS volume as overlay and adds support for Btrfs
- Fix exit code of uci-defaults script
- Support external overlays on non-MTD systems again
- Account for new directory structure of overlayfs partitions (additional upper/ component)
- Support executing block from either overlay or rom
- Support loading fstab from either overlay or rom
- Log extroot failures to dmesg

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r42812, r42890, r43090, r43368, r43480, r43485, r43717, r43868, r44180, r44535

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44537 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-02-25 17:43:00 +00:00
jow dfcbb3563e BB: ubox: kmodloader: support loading kmods from multiple directories
This is required during early boot in the extroot setup phase to support
loading kmods from the overlay that depend on kmods on the rom partition.

The subsequent mount_root updates will use the LD_LIBRARY_PATH env
variable to pass kmod directories to kmodloader.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r42813, r44533

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44536 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-02-25 17:42:49 +00:00
nbd e0b8c83ec8 samba36: update to 3.6.25, fixes remote code execution bug (CVE-2015-0240)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r44515

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44516 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-02-24 07:24:29 +00:00
Harald Welte c8cd9a10ce add i2c-utils package (found in old openwrt svn)
not sure why it was removed from openwrt mainline, it is very
useful to be able to do raw i2c operations from the shell.
2015-02-21 20:00:02 +01:00
jow edefd1ad42 BB: build: improve feed handling for opkg.conf
- Consider not installed feeds as well
 - Add option to decide whether to comment disabled feeds

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r42931

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44441 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-02-13 11:59:16 +00:00
cyrus e602c6df19 openssl: fix upstream regression for non-ec builds
Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44365 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-02-09 15:28:09 +00:00
cyrus a31e28ae0c openssl: bump to 1.0.2
Fixes CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566

Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44347 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-02-09 12:13:06 +00:00
blogic 7d01d821b0 kernel: add support for NFSv4
To: openwrt-devel@lists.openwrt.org

This work is based on Daniel Colascione's submission to the OpenWrt
devel mailing list on January 15th, 2014. I modified his patch so that
it applied to the current OpenWrt Barrier Breaker tree.

Signed-off-by: W. Michael Petullo <mike@flyn.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44162 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-01-28 12:01:51 +00:00
blogic 43067a7e80 ca-certificates: update to 20141019
update to version 20141019 and
create symbolic link for certificate hashes during installation

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44161 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-01-28 12:01:44 +00:00
jow d393895c8a BB: fix subject in generated certificates
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r44149

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44152 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-01-25 23:56:05 +00:00
jow ccac7ce177 BB: px5g: generate unique serial numbers
Generate a random serial from /dev/urandom when creating selfsigned certs.
Fixes "sec_error_reused_issuer_and_serial" with Firefox.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r43168

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44151 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-01-25 23:56:02 +00:00
jow 5a87b12359 BB: gmp: use http instead of ftp download (#18805)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r44082

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44095 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-01-24 13:08:49 +00:00
jow 179d925d85 BB: polarssl: update to v1.3.9 and patch CVE-2015-1182
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44061 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-01-20 13:02:38 +00:00
cyrus 3a2fa00474 map: backport fixes from trunk
Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43962 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-01-13 19:02:32 +00:00
jow 0da41e430e BB: openssl: update to v1.0.1k (8 CVEs)
Fixes CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572,
CVE-2015-0204, CVE-2015-0205, CVE-2014-8275 and CVE-2014-3570.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43889 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-01-09 00:10:55 +00:00
jow 4cbedb56ae BB: qos-scripts: bump PKG_REVISION and copyright year
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r43860

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43862 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-01-06 12:43:49 +00:00
jow 4d84b8624b BB: openvpn: bump PKG_REVISION and copyright year
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r43859

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43861 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-01-06 12:43:44 +00:00
nbd c2a8bebec3 openvpn: backport an upstream fix for a regression in using --cipher none (fixes #18676)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r43823

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43824 3c298f89-4303-0410-b956-a3cf2f4a3e73
2015-01-04 12:03:51 +00:00
nbd 331ecb083c mac80211: fix HT mode selection for ad-hoc
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r43769

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43770 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-12-22 21:46:52 +00:00
nbd e623b19d84 ubi-utils: add mirror md5sum
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r43761

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43764 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-12-22 17:43:21 +00:00
nbd be76d04ca4 uclient: update to the latest version, fixes HTTP digest auth processing
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r43600

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43601 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-12-10 16:04:08 +00:00
cyrus 66e21465bb odhcp6c: correctly handle renew-replies with short lease times
Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43593 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-12-10 10:42:41 +00:00
nbd 938c6b4242 qos-scripts: fix insmod commands
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r43562

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43566 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-12-08 12:06:02 +00:00
nbd 678b8b53a3 openvpn: update to 2.3.6, fixes CVE-2014-8104
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r43482

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43483 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-12-01 19:50:45 +00:00
nbd 6ff5f0a977 ath9k: fix hardware tx queue allocation order
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r43438

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43439 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-11-30 19:45:37 +00:00
cyrus cb902a80c8 odhcp6c: backport from trunk to fix busyloop
Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43416 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-11-28 00:42:24 +00:00
nbd 3818debcd0 Revert "ath9k: fix crashes when using shared IRQs"
This backport seems to be incomplete and causing some IRQ related
issues.

This reverts commit r43240

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43276 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-11-15 21:17:21 +00:00
nbd fa74ff9964 ath9k: fix crashes when using shared IRQs
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r43239

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43240 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-11-13 18:26:27 +00:00
cyrus 83a67bc701 netifd: fix default ORO for 6rd
Signed-off-by: Steven Barth <steven@midlink.org>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43215 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-11-08 12:27:41 +00:00
nbd 2a003f0bbb mac80211: merge a few pending upstream fixes
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

Backport of r43208

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43209 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-11-07 11:17:41 +00:00
blogic 47b1ff965b BB: lantiq: vr9: - fix vmmc build
(required not-distributable firmware blob - dump it by yourself from original firmware)

Signed-off-by: Eddi De Pieri <eddi@depieri.net>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43161 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-11-03 08:32:50 +00:00
blogic 73c3df0afe BB: lantiq: vr9: - fix tapi build
(required not-distributable firmware blob - dump it by yourself from original firmware)

Signed-off-by: Eddi De Pieri <eddi@depieri.net>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43160 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-11-03 08:32:46 +00:00
blogic ea9e61b8eb BB: lantiq: ltq-vmmc add support for ar9-vr9
(required not-distributable firmware blob - dump it by yourself from original firmware)

Signed-off-by: Eddi De Pieri <eddi@depieri.net>

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43156 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-11-03 08:32:30 +00:00
jow f27e8004a0 BB: busybox: make high ASCII chars printable (#7993)
Currently busybox utils like "ls" fail to display filenames containing UTF-8
characters, replacing any special characters with "?".

Change libbb's printable_string() function to allow high ASCII characters so
that unicode filenames are displayed correctls.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r43084

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43085 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-10-27 11:22:41 +00:00
jow c7ae6947ca BB: px5g-standalone: use /dev/urandom to initialize serial (#18232)
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r43080

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43083 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-10-27 11:09:37 +00:00
jow 071e09e698 BB: uhttpd: fix HTTP incompatibilities in file handler
* Fixes sending an extraneous message body for 204 and 304 resoponses which
   breaks Chrome in keep-alive mode.

 * Adds mimetypes for JSON and JSONP.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

Backport of r43078

git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43082 3c298f89-4303-0410-b956-a3cf2f4a3e73
2014-10-27 11:09:09 +00:00