Signed-off-by: NRafał Miłecki <rafal@milecki.pl>
(cherry picked from commit cde8c2f2)

Fixes: 4f683718 ("kernel: Update to version 4.4.194")
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

Compile and runtime tested on lantiq.
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

This version fixes 3 low-severity vulnerabilities:

- CVE-2019-1547: ECDSA remote timing attack
- CVE-2019-1549: Fork Protection
- CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
                 CMS_decrypt_set1_pkey

Patches were refreshed, PKG_SOURCE_URL was updated to match
openwrt-18.06, and Eneas U de Queiroz added as maintainer.
Signed-off-by: NEneas U de Queiroz <cotequeiroz@gmail.com>

Patch getting RAM info got upstreamed. A debugging fs entry for testing
reset feature was added.
Signed-off-by: NRafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 681acdcc)

Since usign miscalculates SHA-512 digests for input sizes of exactly
64 + N * 128 + 110 or 64 + N * 128 + 111 bytes, we need to apply some
white space padding to avoid triggering the hashing edge case.

While usign itself has been fixed already, there is still many firmwares
in the wild which use broken usign versions to verify current package
indexes so we'll need to carry this workaround in the forseeable future.

Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Ref: https://git.openwrt.org/5a52b379902471cef495687547c7b568142f66d2Signed-off-by: NJo-Philipp Wich <jo@mein.io>
(backported from commit e1f588e4)

This update fixes usign signature verification on files with certain
file sizes triggering a bug in the shipped SHA-512 implementation.

5a52b37 sha512: fix bad hardcoded constant in sha512_final()
3e6648b README: replace unicode character
716c3f2 README: add reference to OpenBSD signify
86d3668 README: provide reference for ed25519 algorithm
939ec35 usign: main.c: describe necessary arguments for -G

Ref: https://forum.openwrt.org/t/signature-check-failed/41945Signed-off-by: NJo-Philipp Wich <jo@mein.io>
(backported from commit 991dd5a8)

This provides a complete console messages dump.
Signed-off-by: NRafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f51e2d03)

Use commits from wireless-drivers-next.git.
Signed-off-by: NRafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 95745e26)

This fixes:
1) Crash during USB disconnect
2) Crash in brcmf_txfinalize() on rmmod with packets queued
3) Some errors in exit path
Signed-off-by: NRafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 8231f672)

They were skipped due to missing BCDC patches that are backported now.
Signed-off-by: NRafał Miłecki <rafal@milecki.pl>

Those changes are needed for backporting more recent crash fixes. There
are quite many BCDC patches but it's hopefully a very well tested code
by now.
Signed-off-by: NRafał Miłecki <rafal@milecki.pl>

Signed-off-by: NRafał Miłecki <rafal@milecki.pl>

Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

Signed-off-by: NJo-Philipp Wich <jo@mein.io>

Signed-off-by: NJo-Philipp Wich <jo@mein.io>

Somehow perf depended on libunwind, and libunwind also builds on
aarch64.
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

The following command was run on the configuration:
./scripts/kconfig.pl target/linux/generic/config-4.4 > target/linux/generic/config-4.4-new
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

In kernel v4.4.179 the structure of the scripts/mod/file2alias.c file
changed, this adapts the patch to the changes done in the stable
kernel.

This fixes the following compile problem:
  HOSTCC  scripts/mod/file2alias.o
scripts/mod/file2alias.c:1199:17: error: expected declaration specifiers or '...' before string constant
 ADD_TO_DEVTABLE("fslmc", fsl_mc_device_id, do_fsl_mc_entry);
                 ^
scripts/mod/file2alias.c:1199:26: error: unknown type name 'fsl_mc_device_id'
 ADD_TO_DEVTABLE("fslmc", fsl_mc_device_id, do_fsl_mc_entry);
                          ^
scripts/mod/file2alias.c:1199:44: error: expected declaration specifiers or '...' before 'do_fsl_mc_entry'
 ADD_TO_DEVTABLE("fslmc", fsl_mc_device_id, do_fsl_mc_entry);
                                            ^
scripts/mod/file2alias.c:1190:12: warning: 'do_fsl_mc_entry' defined but not used [-Wunused-function]
 static int do_fsl_mc_entry(const char *filename, void *symval,
            ^
  SHIPPED scripts/dtc/dtc-parser.tab.h

Fixes: 6c5c3a2e ("kernel: Update to version 4.4.182")
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

This reverts a commit added in kernel v4.4.179 which breaks compilation
on the apm821xx target.

This fixes the following compile problem:
drivers/crypto/amcc/crypto4xx_core.c: In function 'crypto4xx_ablkcipher_done':
drivers/crypto/amcc/crypto4xx_core.c:650:21: warning: dereferencing 'void *' pointer
  if (pd_uinfo->sa_va->sa_command_0.bf.save_iv == SA_SAVE_IV) {
                     ^
drivers/crypto/amcc/crypto4xx_core.c:650:21: error: request for member 'sa_command_0' in something not a structure or union
drivers/crypto/amcc/crypto4xx_core.c:651:38: error: implicit declaration of function 'crypto_skcipher_reqtfm' [-Werror=implicit-function-declaration]
   struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
                                      ^
drivers/crypto/amcc/crypto4xx_core.c:651:61: error: 'req' undeclared (first use in this function)
   struct crypto_skcipher *skcipher = crypto_skcipher_reqtfm(req);
                                                             ^
drivers/crypto/amcc/crypto4xx_core.c:651:61: note: each undeclared identifier is reported only once for each function it appears in
drivers/crypto/amcc/crypto4xx_core.c:653:3: error: implicit declaration of function 'crypto4xx_memcpy_from_le32' [-Werror=implicit-function-declaration]
   crypto4xx_memcpy_from_le32((u32 *)req->iv,
   ^
drivers/crypto/amcc/crypto4xx_core.c:654:19: warning: dereferencing 'void *' pointer
    pd_uinfo->sr_va->save_iv,
                   ^
drivers/crypto/amcc/crypto4xx_core.c:654:19: error: request for member 'save_iv' in something not a structure or union
drivers/crypto/amcc/crypto4xx_core.c:655:4: error: implicit declaration of function 'crypto_skcipher_ivsize' [-Werror=implicit-function-declaration]
    crypto_skcipher_ivsize(skcipher));
    ^
cc1: some warnings being treated as errors

Fixes: 6c5c3a2e ("kernel: Update to version 4.4.182")
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

In kernel 4.4.182 get_user_pages() does not get the write and force
parameter any more, but one flags parameter with WRITE and FORCE
attributes. This adapts the patches to use the changed API and fixes
the compile problems with the brcm2708 target.

This fixes the following compile problem:
drivers/misc/vc04_services/interface/vchiq_arm/vchiq_arm.c: In function 'dump_phys_mem':
drivers/misc/vc04_services/interface/vchiq_arm/vchiq_arm.c:1501:3: warning: passing argument 7 of 'get_user_pages' from incompatible pointer type [-Wincompatible-pointer-types]
   pages,                    /* pages (array of page pointers) */
   ^
In file included from drivers/misc/vc04_services/interface/vchiq_arm/vchiq_arm.c:42:0:
include/linux/mm.h:1200:6: note: expected 'struct vm_area_struct **' but argument is of type 'struct page **'
 long get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
      ^
drivers/misc/vc04_services/interface/vchiq_arm/vchiq_arm.c:1495:7: error: too many arguments to function 'get_user_pages'
  rc = get_user_pages(current,      /* task */
       ^
In file included from drivers/misc/vc04_services/interface/vchiq_arm/vchiq_arm.c:42:0:
include/linux/mm.h:1200:6: note: declared here
 long get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
      ^
scripts/Makefile.build:277: recipe for target 'drivers/misc/vc04_services/interface/vchiq_arm/vchiq_arm.o' failed

Fixes: 6c5c3a2e ("kernel: Update to version 4.4.182")
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

RTC (the legacy driver) should not really be used, but seems to crop up
after the kernel update. Fix this by disabling it in the generic config.

Fixes the following build issue seen in arm64 or powerpc64:

ARM JTAG DCC console (HVC_DCC) [N/y/?] n
Virtio console (VIRTIO_CONSOLE) [N/m/y/?] n
Enhanced Real Time Clock Support (legacy PC RTC driver) (RTC) [N/m/y/?] (NEW) aborted!

Console input/output is redirected. Run 'make oldconfig' to update configuration.

scripts/kconfig/Makefile:37: recipe for target 'silentoldconfig' failed

This should fix the build on the arm64/generic and the layerscape/64b
targets.

Fixes: 6c5c3a2e ("kernel: Update to version 4.4.182")
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

This fixes multiple bugs and this security problem:
* CVE-2018-19608 Local timing attack on RSA decryption
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

Fixes:
- CVE-2019-11479
- CVE-2019-11478
- CVE-2019-11477
- CVE-2019-11833
- CVE-2019-11091
- CVE-2018-12126
- CVE-2018-12130
- CVE-2018-12127
- CVE-2019-3882
- CVE-2019-6974
- CVE-2019-3819
- CVE-2019-7221
- CVE-2019-7222
- CVE-2019-3701
- CVE-2018-19985
- CVE-2018-1120
And probably more
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

1) Crash/Oops fixes
2) One-line patch for BCM43456 support
3) Fix communication with some specific FullMAC firmwares
4) Potential fix for "Invalid packet id" errors
5) Important helper for reporting FullMAC firmware crashes
Signed-off-by: NRafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 2cd234d9)

This avoids CVE-2019-9498 and CVE-2019-9499 in hostapd
Signed-off-by: NEneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
[DMARC removal, refreshed patches]

This fixes the following security problems:

1.0.2r:
* CVE-2019-1559: 0-byte record padding oracle
Signed-off-by: NDaniel Bailey <dbailey@datto.com>
Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
[fixed patch, refreshed patches]

- Tested on Turris MOX, OpenWrt master
- Removed PKG_BUILD_DIR
In build_dir there were two folders
ca-certificates and ca-certificates-20190110 and it failed as files
were in ca-certificates-20190110
Signed-off-by: NJosef Schlehofer <josef.schlehofer@nic.cz>
Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
(cherry-picked from commit: f22c33b4)

remove myself as PKG_MAINTAINER
Signed-off-by: NChristian Schoenebeck <christian.schoenebeck@gmail.com>
Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
(cherry-picked from commit: c89195eb)

OpenSSL defaults X509_CERT_FILE to /etc/ssl/cert.pem.  This change is
needed for wget-ssl and possibly others to work seamlessly with fresh
ca-bundle installation

Fixes openwrt/packages#6152
Signed-off-by: NYousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
(cherry-picked from commit: 191078e8)

ca-certificates: Update to Version 20180409
Signed-off-by: NChristian Schoenebeck <christian.schoenebeck@gmail.com>
Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
(cherry-picked from commit: 80cb5c57)

Previous commit backported USB fixes instead of firmware crash recovery
patches.

Fixes: eaef7427 ("mac80211: brcmfmac: early work on FullMAC firmware crash recovery")
Signed-off-by: NRafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 2d2e615d)

Signed-off-by: NRafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 02aed769)

Renaming a netdev-trigger-tracked interface was resulting in an
unbalanced dev_hold().

Example:
> iw phy phy0 interface add foo type __ap
> echo netdev > trigger
> echo foo > device_name
> ip link set foo name bar
> iw dev bar del
[  237.355366] unregister_netdevice: waiting for bar to become free. Usage count = 1
[  247.435362] unregister_netdevice: waiting for bar to become free. Usage count = 1
[  257.545366] unregister_netdevice: waiting for bar to become free. Usage count = 1

Above problem was caused by trigger checking a dev->name which obviously
changes after renaming an interface. It meant missing all further events
including the NETDEV_UNREGISTER which is required for calling dev_put().

This change fixes that by:
1) Comparing device struct *address* for notification-filtering purposes
2) Dropping unneeded NETDEV_CHANGENAME code (no behavior change)
Signed-off-by: NRafał Miłecki <rafal@milecki.pl>
(cherry picked from commit eea53820)

This backports the most important brcmfmac commits that:
1) Fix some bugs
2) Help debugging bugs
Signed-off-by: NRafał Miłecki <rafal@milecki.pl>
(cherry picked from commit d32bbd74)

Signed-off-by: NRafał Miłecki <rafal@milecki.pl>

This fixes a possible crash in the brcmf_fw_request_nvram_done():
[   31.687293] Backtrace:
[   31.689760] [<c004fb4c>] (__wake_up_common) from [<c004fc38>] (__wake_up_locked+0x1c/0x24)
[   31.698043]  r10:c6794000 r9:00000009 r8:00000001 r7:bf54dda0 r6:a0000013 r5:c78e7d38
[   31.705928]  r4:c78e7d3c r3:00000000
[   31.709528] [<c004fc1c>] (__wake_up_locked) from [<c00502a8>] (complete+0x3c/0x4c)
[   31.717148] [<c005026c>] (complete) from [<bf54590c>] (brcmf_fw_request_nvram_done+0x5c8/0x6a4 [brcmfmac])
[   31.726818]  r7:bf54dda0 r6:c6794000 r5:00001990 r4:c6782380
[   31.732544] [<bf545344>] (brcmf_fw_request_nvram_done [brcmfmac]) from [<c0204e40>] (request_firmware_work_func+0x38/0x60)
[   31.743607]  r10:00000008 r9:c6bdd700 r8:00000000 r7:c72c3cd8 r6:c67f4300 r5:c6bda300
[   31.751493]  r4:c67f4300
[   31.754046] [<c0204e08>] (request_firmware_work_func) from [<c0034458>] (process_one_work+0x1e0/0x318)
[   31.763365]  r4:c72c3cc0
[   31.765913] [<c0034278>] (process_one_work) from [<c0035234>] (worker_thread+0x2f4/0x448)
[   31.774107]  r10:00000008 r9:00000000 r8:c6bda314 r7:c72c3cd8 r6:c6bda300 r5:c6bda300
[   31.781993]  r4:c72c3cc0
[   31.784545] [<c0034f40>] (worker_thread) from [<c003984c>] (kthread+0x100/0x114)
[   31.791949]  r10:00000000 r9:00000000 r8:00000000 r7:c0034f40 r6:c72c3cc0 r5:00000000
[   31.799836]  r4:c735dc00 r3:c79ed540
[   31.803438] [<c003974c>] (kthread) from [<c00097d0>] (ret_from_fork+0x14/0x24)
[   31.810672]  r7:00000000 r6:00000000 r5:c003974c r4:c735dc00
[   31.816378] Code: e5b53004 e1a07001 e1a06002 e243000c (e5934000)
[   31.822487] ---[ end trace a0ffbb07a810d503 ]---
Signed-off-by: NRafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 83bcacb5)

This fixes the following security problems:
 * CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication
 * CVE-2018-0734: Timing vulnerability in DSA signature generation
 * Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module
Signed-off-by: NSven Roederer <freifunk@it-solutions.geroedel.de>
(backport of commit 98906047)

d217daf libopkg: fix replacelist parsing and writing
9dd9a07 libopkg: fix segmentation fault when traversing conflicts
34571ba libopkg: consider provided packages in pkg_vec_mark_if_matches()
18740e6 opkg_download: print error when fork() fails
e3d7330 libopkg: don't print unresolved dependencies twice
3b417b9 opkg_download: decode file:/ URLs
71c27cb file_util: implement urldecode_path()
d1fe095 file_util: consolidate hex/unhex routines
ebdfc12 add opkg option http_timeout
9f003e3 opkg: encode archive filenames while constructing download URLs
73e6c81 file_util: implement urlencode_path() helper
468158f libopkg: fix SHA256 calculation for big endian system
4bd8601 pkg_parse: fix segfault when parsing descriptions with leading newlines
52fc006 pkg_alternatives: pass if the desired symlink already exists
c668fce opkg: add --no-check-certificate argument
04e279e pkg_alternatives: use ERROR level for symlink failure
546bc72 pkg: alternatives support
Signed-off-by: NJo-Philipp Wich <jo@mein.io>
(backported from commit 1bd18f2b)

As LEDE is rebranding to OpenWrt now, adjust the Git source references
accordingly.
Signed-off-by: NJo-Philipp Wich <jo@mein.io>
(backported from commit da95c9aa)