Petr Štetiar [Thu, 23 Dec 2021 10:37:55 +0000 (11:37 +0100)]
kernel: bump 4.14 to 4.14.259
All patches refreshed automagically without conflicts, but upstream in
commit 48c2461f28fe ("ARM: 8800/1: use choice for kernel unwinders")
added new config options UNWINDER_ARM and UNWINDER_FRAME_POINTER so we
need to adjust default configs as well.
Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia.
Signed-off-by: Petr Štetiar <ynezz@true.cz> Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 12 Dec 2021 20:43:21 +0000 (21:43 +0100)]
mac80211: Update to version 4.19.221
The following patch was backported from upstream before and is not
needed any more:
package/kernel/mac80211/patches/ath/980-ath10k-fix-max-antenna-gain-unit.patch
Roman Yeryomin [Fri, 3 Sep 2021 14:31:11 +0000 (17:31 +0300)]
iproute2: m_xt.so depends on dynsyms.list
When doing parallel build on a fast machine with bottleneck in i/o,
m_xt.so may start linking faster than dynsyms.list gets populated,
resulting in error:
ld:dynsyms.list:0: syntax error in dynamic list
Fix this by adding dynsyms.list as make dependency to m_xt.so
Described also here:
https://bugs.openwrt.org/index.php?do=details&task_id=3353
Change from v1:
- add dynsysms.list dependancy only when shared libs are enabled
At least since gcc 7.3.0 (OpenWrt 18.06) lwr/lwl are used in the
assembly of LzmaProps_Decode. While the decission made by the compiler
looks perfect fine, it triggers some obscure hang on lantiq danube-s
v1.5 with MX29LV640EB NOR flash chips.
Only if the offset 1 is used, the hang can be observed. Using any other
offset works fine:
Christian Lamparter [Sat, 23 Oct 2021 16:08:51 +0000 (18:08 +0200)]
wireless-regdb: update to version 2021.08.28
e983a25 Update regulatory rules for Ecuador (EC) a0bcb88 wireless-regdb: Update regulatory rules for Norway (NO) on 6 and 60 GHz cdf854d wireless-regdb: Update regulatory rules for Germany (DE) on 6GHz 86cba52 wireless-regdb: reduce bandwidth for 5730-5850 and 5850-5895 MHz in US 6fa2384 wireless-regdb: remove PTMP-ONLY from 5850-5895 MHz for US 9839e1e wireless-regdb: recent FCC report and order allows 5850-5895 immediately 42dfaf4 wireless-regdb: update 5725-5850 MHz rule for GB
1. These patches (ath, ath9k, mac80211) were included in kernel
versions since 4.14.245 and 4.19.205. They fix security vulnerability
CVE-2020-3702 [1] similar to KrØØk, which was found by ESET [2].
Thank you Josef Schlehofer for reporting this problem.
Petr Štetiar [Sun, 1 Nov 2020 16:31:40 +0000 (17:31 +0100)]
sdk: fix missing include directories
It's not possible to compile some applications which are using
`-Werror=missing-include-dirs` compiler flags with the SDK as some
target directories are missing in the SDK tarball:
cc1: error: staging_dir/target/usr/include: No such file or directory [-Werror=missing-include-dirs]
cc1: error: staging_dir/target/include: No such file or directory [-Werror=missing-include-dirs]
Fix this by adding the missing directories in the SDK.
Sven Eckelmann [Sat, 11 Sep 2021 19:03:34 +0000 (21:03 +0200)]
uboot-tegra: Fix build with GCC-10 as host compiler
The package uses the host compiler to build the dtc binary. With gcc-10,
the option -fno-common is now the default behavior. Thus multiple
definitions of the same variable are now forbidden and results in following
error during linking:
HOSTLD scripts/dtc/dtc
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status
The easiest workaround is to add the upstream commit 018921ee79d3 ("Remove
redundant YYLOC global declaration").
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Sven Eckelmann [Sat, 11 Sep 2021 19:03:34 +0000 (21:03 +0200)]
uboot-mvebu: Fix build with GCC-10 as host compiler
The package uses the host compiler to build the dtc binary. With gcc-10,
the option -fno-common is now the default behavior. Thus multiple
definitions of the same variable are now forbidden and results in following
error during linking:
HOSTLD scripts/dtc/dtc
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status
The easiest workaround is to add the upstream commit 018921ee79d3 ("Remove
redundant YYLOC global declaration").
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Sven Eckelmann [Sat, 11 Sep 2021 19:03:34 +0000 (21:03 +0200)]
uboot-kirkwood: Fix build with GCC-10 as host compiler
The package uses the host compiler to build the dtc binary. With gcc-10,
the option -fno-common is now the default behavior. Thus multiple
definitions of the same variable are now forbidden and results in following
error during linking:
HOSTLD scripts/dtc/dtc
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status
The easiest workaround is to add the upstream commit 018921ee79d3 ("Remove
redundant YYLOC global declaration").
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Sven Eckelmann [Sat, 11 Sep 2021 19:03:34 +0000 (21:03 +0200)]
uboot-sunxi: Fix build with GCC-10 as host compiler
The package uses the host compiler to build the dtc binary. With gcc-10,
the option -fno-common is now the default behavior. Thus multiple
definitions of the same variable are now forbidden and results in following
error during linking:
HOSTLD scripts/dtc/dtc
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status
The easiest workaround is to add the upstream commit 018921ee79d3 ("Remove
redundant YYLOC global declaration").
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Eneas U de Queiroz [Thu, 26 Aug 2021 17:38:06 +0000 (14:38 -0300)]
openssl: use --cross-compile-prefix in Configure
This sets the --cross-compile-prefix option when running Configure, so
that that it will not use the host gcc to figure out, among other
things, compiler defines. It avoids errors, if the host 'gcc' is
handled by clang:
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Tested-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 2f75348923e564f1b73fbc32f7cabc355cd6e2b9)
Petr Štetiar [Thu, 3 Jun 2021 07:49:58 +0000 (09:49 +0200)]
ubus: update to version 2021-06-03
This update cherry picks following changes:
* cmake: add a possibility to set library version
* ubusd: protect against too-short messages
* ubusd: add per-client tx queue limit
* ubusd: convert tx_queue to linked list
* lua: avoid truncation of large numeric values
Fixes: FS#1525 Signed-off-by: Petr Štetiar <ynezz@true.cz>
Petr Štetiar [Thu, 29 Jul 2021 19:49:18 +0000 (21:49 +0200)]
ubus: backport SOVERSION support
Add a support for setting of new `ABIVERSION` CMake define which allows
to control the SOVERSION used for the built shared library. This is
needed for downstream packaging to properly track breaking ABI changes
when updating to newer versions of the library.
Michael Yartys [Thu, 3 Jun 2021 21:50:12 +0000 (23:50 +0200)]
ath10k-ct: add security fixes
This rebases -ct changes on top of upstream stable kernel's latest code.
Including the wifi security fixes that recently went in.
Removed upstreamed 203-ath10k-Limit-available-channels-via-DT-ieee80211-fre.patch
and refreshed patches.
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> [backport]
(backported from commit 2e10ed925e1e07c28570731a429efa5e7de3b826)
The system init script currently sets /tmp/localinfo when zoneinfo is
populated. However, zoneinfo has spaces in it whereas the actual files
have _ instead of spaces. This made the if condition never return true.
Example failure when removing the if condition:
/tmp/localtime -> /usr/share/zoneinfo/America/Los Angeles
This file does not exist. America/Los_Angeles does.
mac80211: distance config: allow "auto" as a value
The user can now enable the ACK timeout estimation algorithm (dynack)
for drivers that support it.
It is also expected that the distance config accepts the same values as:
$ iw phyX set distance XXX
Hauke Mehrtens [Sun, 16 May 2021 21:49:48 +0000 (23:49 +0200)]
tools/mklibs: Fix compile with GCC 11
GCC 11 defaults to C++17, but mklibs does not compile when using the
C++17 standard. This patch switches back to the gnu++98 version like
done in master commit 9437012b9ee4 ("tools/mklibs: update to 0.1.44 and
convert to Python 3")
This fixes the following compile error message:
elf.hpp:52:56: error: ISO C++17 does not allow dynamic exception specifications
52 | const section &get_section(unsigned int i) const throw (std::out_of_range) { return *sections.at(i); };
Hauke Mehrtens [Sun, 16 May 2021 13:31:49 +0000 (15:31 +0200)]
openwrt-keyring: Only copy sign key for 19.07 and 21.02
Instead of adding all public signature keys from the openwrt-keyring
repository only add the key which is used to sign the OpenWrt 19.07
feeds and the 21.02 feeds to allow checking the next release.
If one of the other keys would be compromised this would not affect
users of 19.07 release builds.
Bas Mevissen [Mon, 19 Apr 2021 23:08:19 +0000 (01:08 +0200)]
Extend checks on build prerequisites for building OpenWRT core
OpenWRT requires a number of Perl modules to be installed. It wasn't checking on all of them.
This patch adds checks for Perl FindBin, File::Copy, File::Compare and Thread::Queue modules.
Failing to install these, will have the build break at some point. By adding these to the
prereq-build.mk script, they are checked on forehand.
Tested on a Fedora 33 and 34 (beta) that was freshly installed. Fedora appears to
break up Perl modules into small packages that need to be installed for the build to succeed.
Rosen Penev [Mon, 30 Mar 2020 01:13:56 +0000 (18:13 -0700)]
prereq-build: test for perl's Data::Dumper
Required for installation of autoconf:
make[5]: Entering directory `/openwrt/build_dir/host/autoconf-2.69'
Making all in bin
make[6]: Entering directory `/openwrt/build_dir/host/autoconf-2.69/bin'
autom4te_perllibdir='..'/lib AUTOM4TE_CFG='../lib/autom4te.cfg'
../bin/autom4te -B '..'/lib -B '..'/lib --language M4sh --cache
'' --melt ./autoconf.as -o autoconf.in
Can't locate Data/Dumper.pm in @INC (@INC contains: ../lib
/usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl
/usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at
../lib/Autom4te/C4che.pm line 33.
BEGIN failed--compilation aborted at ../lib/Autom4te/C4che.pm line 33.
Compilation failed in require at ../bin/autom4te line 40.
BEGIN failed--compilation aborted at ../bin/autom4te line 40.
make[6]: *** [autoconf.in] Error 2
Petr Štetiar [Fri, 9 Apr 2021 12:52:05 +0000 (14:52 +0200)]
tplink-safeloader: fix C7v5 factory flashing from vendor fw > v1.1.x
Currently it's not possible to flash factory images on devices shipped
with vendor firmware versions 1.1.0 Build 20201120 rel. 50406 (published
2020-12-22):
Hauke Mehrtens [Sun, 2 May 2021 15:35:16 +0000 (17:35 +0200)]
dropbear: Fix CVE-2020-36254
This backports a fix from dropbear 2020.81.
CVE-2020-36254 description:
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.
David Bauer [Sun, 2 May 2021 22:08:38 +0000 (00:08 +0200)]
ramips: backport unlocked mdiobus accessors
Commit 718e97c5c843 ("ramips: mt7530 swconfig: fix race condition in
register access") backports a fix which depends on unlocked MMD
accessors, however these were not yet included in Kernel 4.14 and they
were not backported yet.
Magnus Kroken [Wed, 21 Apr 2021 20:10:58 +0000 (22:10 +0200)]
openvpn: update to 2.4.11
Fixes two related security vulnerabilities (CVE-2020-15078) which under
very specific circumstances allow tricking a server using delayed
authentication (plugin or management) into returning a PUSH_REPLY before
the AUTH_FAILED message, which can possibly be used to gather
information about a VPN setup.
This release also includes other bug fixes and improvements.
Magnus Kroken [Wed, 21 Apr 2021 20:10:57 +0000 (22:10 +0200)]
openvpn: update to 2.4.9
This is primarily a maintenance release with bugfixes and improvements.
This release also fixes a security issue (CVE-2020-11810) which allows
disrupting service of a freshly connected client that has not yet
negotiated session keys. The vulnerability cannot be used to
inject or steal VPN traffic.
Release announcement:
https://openvpn.net/community-downloads/#heading-13812
Full list of changes:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9
The mt7530_{r,w}32 operation over MDIO uses 3 mdiobus operations and
does not hold a lock, which causes a race condition when multiple
threads try to access a register, they may get unexpected results.
To avoid this, handle the MDIO lock manually, and use the unlocked
__mdiobus_{read,write} in the critical section.
This fixes the "Ghost VLAN" artifact[1] in MT7530/7621 when the VLAN
operation and the swconfig LED link status poll race between each other.
Magnus Kroken [Sun, 14 Mar 2021 18:42:33 +0000 (19:42 +0100)]
mbedtls: update to 2.16.10
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.
Security fixes:
* Fix a buffer overflow in mbedtls_mpi_sub_abs()
* Fix an errorneous estimation for an internal buffer in
mbedtls_pk_write_key_pem()
* Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout()
* Guard against strong local side channel attack against base64 tables
by making access aceess to them use constant flow code
Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10
Daniel Golle [Wed, 24 Mar 2021 09:47:12 +0000 (09:47 +0000)]
mwlwifi: add PKG_FLAGS:=nonshared
This should fix the problem of mwlwifi-firmware-* not being found
when using the ImageBuilder.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9b3aaf1cdb873cc2a7b2f2ef4e72ddb716afba38) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Eneas U de Queiroz [Thu, 20 Feb 2020 21:29:04 +0000 (18:29 -0300)]
build: reduce number of files passed to ipk-remove
Instead of using xargs to pass a huge number of files to
script/ipkg-remove, which will usually pick only one, use a more
restrictive wildcard so that, currently, at the most 325 files are
examined, instead of up to over 2,300. The 325-file package is python,
which is picking up python3* ipks. It is about to be removed.
Runner-up is ddns-scripts with 7 files.
This makes a second run of make package/luci/compile go from
real 16.40s; user 17.42s; sys 2.73s
to
real 10.71s; user 9.51s; sys 1.27s
There is a caveat though: if one were to remove the ABI_VERSION of a
package that ends in a digit [0-9], then the old package ipk will not be
removed from the bin directory by make package/abc2/clean.
Eneas U de Queiroz [Thu, 20 Feb 2020 21:29:03 +0000 (18:29 -0300)]
build: call ipkg-remove using xargs if #args>=512
The wildcard call to clean up luci package (luci*) can pick up over
2,300 files when the full tree is built. Running make package/luci/clean
or a second run of make package/luci/compile would fail with an
'Argument list too long' error.
To avoid that, a maybe_use_xargs function was created that runs the
command straight as usual if the number of arguments is < 512, or saves
the list in a temporary file and feeds it to xargs otherwise.
Eneas U de Queiroz [Thu, 20 Feb 2020 21:29:02 +0000 (18:29 -0300)]
build: package-ipkg: avoid calling wildcard twice
Instead of calling $(wildcard) to check if the removal list is empty,
then calling it again to actually remove the files, define a function so
that the arguments are expanded only once when it gets called.
Stefan Lippers-Hollmann [Sat, 27 Feb 2021 22:55:08 +0000 (23:55 +0100)]
hostapd: P2P: Fix a corner case in peer addition based on PD Request
p2p_add_device() may remove the oldest entry if there is no room in the
peer table for a new peer. This would result in any pointer to that
removed entry becoming stale. A corner case with an invalid PD Request
frame could result in such a case ending up using (read+write) freed
memory. This could only by triggered when the peer table has reached its
maximum size and the PD Request frame is received from the P2P Device
Address of the oldest remaining entry and the frame has incorrect P2P
Device Address in the payload.
Fix this by fetching the dev pointer again after having called
p2p_add_device() so that the stale pointer cannot be used.
This fixes the following security vulnerabilities/bugs:
- CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c
in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision
discovery requests. It could result in denial of service or other
impact (potentially execution of arbitrary code), for an attacker
within radio range.
Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request") Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit 1ca5de13a153061feae260864d73d96f7c463785)
Petr Štetiar [Mon, 1 Mar 2021 12:29:19 +0000 (13:29 +0100)]
build: fix checks for GCC11
Fedora 34 already uses GCC11.
Reported-by: Marcin Juszkiewicz <marcin-openwrt@juszkiewicz.com.pl> Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit cae69d558135456976b8fc6cb08530d1358cf6d5)
The reverted commit introduced a cyclic dependency between
/lib/functions.sh and /lib/functions/system.sh. Further details
are found in 282e8173509a ("base-files: do not source system.sh
in functions.sh"), which was applied to master some time ago and
is included in 21.02.
With the current age of 19.07 branch, it seems safer to revert this
mostly cosmetic feature than investing further time into disentangling
the dependencies.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This is a backport of the upstream commit 58bbbb598144 ("nl80211: Ignore
4addr mode enabling error if it was already enabled").
nl80211_set_4addr_mode() could fail when trying to enable 4addr mode on
an interface that is in a bridge and has 4addr mode already enabled.
This operation would not have been necessary in the first place and this
failure results in disconnecting, e.g., when roaming from one backhaul
BSS to another BSS with Multi AP.
Avoid this issue by ignoring the nl80211 command failure in the case
where 4addr mode is being enabled while it has already been enabled.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
[bump PKG_RELEASE, more verbose commit description] Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit fb860b4e418c28a0f388f215e5acce103dcee1bf)
Stijn Segers [Thu, 18 Feb 2021 23:53:26 +0000 (00:53 +0100)]
ramips: remove factory image for TP-Link Archer C20 v1
Similarly to the Archer C2 v1, the Archer C20 v1 will brick when one
tries to flash an OpenWrt factory image through the TP-Link web UI.
The wiki page contains an explicit warning about this [1].
Disable the factory image altogether since it serves no purpose.
Eneas U de Queiroz [Wed, 17 Feb 2021 02:21:36 +0000 (23:21 -0300)]
openssl: bump to 1.1.1j
This fixes 4 security vulnerabilities/bugs:
- CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support
SSLv2, but the affected functions still exist. Considered just a bug.
- CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and
EVP_DecryptUpdate may overflow the output length argument in some
cases where the input length is close to the maximum permissable
length for an integer on the platform. In such cases the return value
from the function call will be 1 (indicating success), but the output
length value will be negative.
- CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to
create a unique hash value based on the issuer and serial number data
contained within an X509 certificate. However it was failing to
correctly handle any errors that may occur while parsing the issuer
field (which might occur if the issuer field is maliciously
constructed). This may subsequently result in a NULL pointer deref and
a crash leading to a potential denial of service attack.
- Fixed SRP_Calc_client_key so that it runs in constant time. This could
be exploited in a side channel attack to recover the password.
Baptiste Jonglez [Mon, 15 Feb 2021 09:12:59 +0000 (10:12 +0100)]
ramips: ethernet: Disable TSO support to improve stability
Stability of this Ethernet driver has been a long-standing issue, with
many people reporting frequent "transmit queue timeouts" and even
occasional crashes.
Disabling TSO in the driver helps with stability, although it is likely a
workaround and might not fix the issue completely.
There is a slight slowdown in forwarding performance for TCP packets
(75 kpps vs. 80 kpps with comparable CPU utilization), but this is still
enough to forward close to 1 Gbit/s of full-sized packets across multiple
flows.
Master is using a different ethernet driver, so this is not a backport.
Because of this different driver, the upcoming 21.02 release does not seem
to be affected by these stability issues.
Kurt Roeckx [Sun, 14 Feb 2021 13:28:20 +0000 (14:28 +0100)]
ramips: mark toggle input on EX6150 as a switch
The Netgear EX6150 has an Access Point/Extender switch. Set it as
an EV_SW. Otherwise when it's set to Access Point, it will trigger
failsafe mode during boot.
This patch was adapted to apply on top of some stable changes, but we
are not sure if this is working correctly. Felix suggested to remove
this patch for now.
Fixes: 0a59e2a76e6d ("mac80211: Update to version 4.19.161-1") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Stijn Segers [Sat, 13 Feb 2021 09:39:42 +0000 (10:39 +0100)]
ramips: remove factory image for TP-Link Archer C2 v1
Initial commit 8375623a0640 ("ramips: add support for TP-Link Archer
C2") contains detailed installation instructions, which do not mention
a factory image. From what I can see, no support to install OpenWrt
through the vendor web interface has been added since. The factory
image is also conspicuously absent from the device page in the wiki.
Yet, it is available for download.
I bricked my Archer C2 loading the factory image through the web UI.
Serial showed this error during bootloop:
Uncompressing Kernel Image ... LZMA ERROR 1 - must RESET board to recover
This patch disables the undocumented factory image so users won't get
tricked into thinking easy web UI flashing actually works.
Adrian Schmutzler [Sat, 2 Jan 2021 14:05:13 +0000 (15:05 +0100)]
ath79: fix USB power GPIO for TP-Link TL-WR810N v1
The TP-Link TL-WR810N v1 is known to cause soft-brick on ath79 and
work fine for ar71xx [1]. On closer inspection, the only apparent
difference is the GPIO used for the USB regulator, which deviates
between the two targets.
Fixes: cdbf2de77768 ("ath79: Add support for TP-Link WR810N") Fixes: FS#3522 Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 6934d30cf8d95bc8652b4dcd8180d14e5e8e2417)
Hauke Mehrtens [Mon, 8 Feb 2021 23:53:09 +0000 (00:53 +0100)]
wolfssl: Backport fix for CVE-2021-3336
This should fix CVE-2021-3336:
DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not
cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding
certificate).
The patch is backported from the upstream wolfssl development branch.
Daniel González Cabanelas [Fri, 5 Feb 2021 18:59:54 +0000 (19:59 +0100)]
bcm63xx: sprom: override the PCI device ID
The PCI device ID detected by the wifi drivers on devices using a fallback
SPROM is wrong. Currently the chipnum is used for this parameter.
Most SSB based Broadcom wifi chips are 2.4 and 5GHz capable. But on
devices without a physical SPROM, the only one way to detect if the device
suports both bands or only the 5GHz band, is by reading the device ID from
the fallback SPROM.
In some devices, this may lead to a non working wifi on a 5GHz-only card,
or in the best case a working 2.4GHz-only in a dual band wifi card.
The offset for the deviceid in SSB SPROMs is 0x0008, whereas in BCMA is
0x0060. This is true for any SPROM version.
Override the PCI device ID with the one defined at the fallback SPROM, to
detect the correct wifi card model and allow using the 5GHz band if
supported.
The patch has been tested with the following wifi radios:
BCM43222: b43: both 2.4/5GHz working
brcm-wl: both 2.4/5GHz working
BCM43225: b43: 2.4GHz, working
brcmsmac: working
brcm-wl: it lacks support
BCM43217: b43: 2.4GHz, working
brcmsmac: it lacks support
brcm-wl: it lacks support
Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com> Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Backported from a0e0e621ca
Daniel Golle [Thu, 4 Feb 2021 01:01:36 +0000 (01:01 +0000)]
hostapd: fix P2P group information processing vulnerability
A vulnerability was discovered in how wpa_supplicant processing P2P
(Wi-Fi Direct) group information from active group owners.
This issue was discovered by fuzz testing of wpa_supplicant by Google's
OSS-Fuzz.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[added the missing patch] Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry-picked from commit 7c8c4f1be648aff9f1072ee27a2cc8f6a4a788ef)
Baptiste Jonglez [Sun, 31 Jan 2021 15:40:40 +0000 (16:40 +0100)]
opkg: update to latest git HEAD of branch openwrt-19.07
c5dccea libopkg: fix md5sum calculation 7cad0c0 opkg_verify_integrity: better logging and error conditions 14d6480 download: purge cached packages that have incorrect checksum 456efac download: factor out the logic for building cache filenames b145030 libopkg: factor out checksum and size verification 74bac7a download: remove compatibility with old cache naming scheme
projects / users / dwmw2 / openwrt.git / log