| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
64e1b4e ra: fix routing loop on point to point links
f16afb7 ra: align ifindex resolving
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The patch 4a1a58a3 build, imagebuilder: Do not require libncurses-dev
was supposed to remove libncurses as a requirement for the ImageBuilder.
However as the IB=1 is only exported during building, not for checking
requirements, it did never actually work.
This commit export IB=1 to the requirement check.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 4f3806364011aa3aef26fcab2e7b71837a777bcc)
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
overflow in sort_rrset() when DNSSEC is used. This can allow a remote
attacker to write arbitrary data into target device's memory that can
lead to memory corruption and other unexpected behaviors on the target
device.
* CVE-2020-25682:
Dnsmasq versions before 2.83 is susceptible to buffer overflow in
extract_name() function due to missing length check, when DNSSEC is
enabled. This can allow a remote attacker to cause memory corruption
on the target device.
* CVE-2020-25683:
Dnsmasq version before 2.83 is susceptible to a heap-based buffer
overflow when DNSSEC is enabled. A remote attacker, who can create
valid DNS replies, could use this flaw to cause an overflow in a heap-
allocated memory. This flaw is caused by the lack of length checks in
rtc1035.c:extract_name(), which could be abused to make the code
execute memcpy() with a negative size in get_rdata() and cause a crash
in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
A lack of proper address/port check implemented in Dnsmasq version <
2.83 reply_query function makes forging replies easier to an off-path
attacker.
* CVE-2020-25685:
A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
versions before 2.83 reply_query function allows remote attackers to
spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
Multiple DNS query requests for the same resource name (RRNAME) by
Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
traffic, using a birthday attack (RFC 5452), that can lead to DNS
cache poisoning.
* CVE-2020-25687:
Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
remote attacker, who can create valid DNS replies, could use this flaw
to cause an overflow in a heap-allocated memory. This flaw is caused
by the lack of length checks in rtc1035.c:extract_name(), which could
be abused to make the code execute memcpy() with a negative size in
sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
Service.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.
I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 20a7c9d5c9d87595aa73ad39e95132df545a60ca)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.
I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a141e7a00e3ad8442831ed87766451a6114afdf9)
|
| |
|
|
|
| |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f13b623f5e53a72b65f45cbaf56c73df35e70ed2)
|
| |
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: ipq40xx, lantiq/xrx200, x86/64, ipq806x
Runtime-tested on: ipq40xx, lantiq/xrx200, x86/64
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Removed patches because included in upstream:
- 499-mtd-parser-cmdline-Fix-parsing-of-part-names-with-co.patch
- 0071-2-PCI-qcom-Fixed-IPQ806x-PCIE-reset-changes.patch
Compile-tested on: ipq40xx, lantiq/xrx200, x86/64, ipq806x
Runtime-tested on: ipq40xx, lantiq/xrx200, x86/64
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
daf88b1dd1 Add NEWS entry for CVE-2020-6096 (bug 25620)
b29853702e arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620]
bad8d5ff60 arm: CVE-2020-6096: fix memcpy and memmove for negative length [BZ #25620]
d64ad0a517 Fix use-after-free in glob when expanding ~user (bug 25414)
34ce87638c Fix array overflow in backtrace on PowerPC (bug 25423)
0df8ecff9e misc/test-errno-linux: Handle EINVAL from quotactl
26f5442ec1 <string.h>: Define __CORRECT_ISO_CPP_STRING_H_PROTO for Clang [BZ #25232]
4b64a4245c intl/tst-gettext: fix failure with newest msgfmt
dc7f51bda9 aarch64: Fix DT_AARCH64_VARIANT_PCS handling [BZ #26798]
8edc96aa33 aarch64: add HWCAP_ATOMICS to HWCAP_IMPORTANT
599ebfacc0 aarch64: Remove HWCAP_CPUID from HWCAP_IMPORTANT
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
| |
Multiple prereq checks are only required within the build system but not
for the ImageBuilder. These checks are excluded by using ifndef IB.
This commit merges the three ifndef IB blocks together.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit cc9d5b5a488d3a43068f621a1ef184f06e43bede)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The buildroot and SDK both require the compilers (gcc, g++) to be
installed on the host system, however the ImageBuilder uses precompiled
binaries.
This patch changes the prerequirements checks to skip the checking for
the compilers if running as ImageBuilder. A similar change has been
made for libncurses-dev in 4a1a58a3e2d2.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
Acked-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit ae12a747cae3df16d84b7dc92f39427948d4e8e2)
|
| |
|
|
|
|
|
|
|
|
|
| |
The buildroot and SDK both require `libncurses-dev` to be installed on
the system, however the ImageBuilder uses precompiled binaries.
This patch changes the prerequirements checks to skip the
`libncurses-dev` part if running as ImageBuilder.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 4a1a58a3e2d2360950ff23a05f1f55b779174d6a)
|
| |
|
|
|
|
|
|
|
| |
Some images are created using different filesystems, most popular
squashfs and ext4. To allow downstream projects to distinguesh between
those, add the `filesystem` information to created json files.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit bc0ffff36a0bd8043e958913f574cb8d2a79e93d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently it's not possible to tftpboot initramfs image on archer-c7-v5
as the image contains tplink-v1-header which leads to:
ath> bootm
## Booting image at 81000000 ...
Bad Magic Number
as U-Boot expects uImage wrapped image. This is caused by following
inheritance issue:
define Device/Init
KERNEL_INITRAMFS = $$(KERNEL)
define Device/tplink-v1
KERNEL := kernel-bin | append-dtb | lzma
KERNEL_INITRAMFS := kernel-bin | append-dtb | lzma | tplink-v1-header
define Device/tplink-safeloader
$(Device/tplink-v1)
define Device/tplink-safeloader-uimage
$(Device/tplink-safeloader)
KERNEL := kernel-bin | append-dtb | lzma | uImageArcher lzma
define Device/tplink_archer-c7-v5
$(Device/tplink-safeloader-uimage)
where tplink-v1 defines KERNEL_INITRAMFS with tplink-v1-header and it's
then used by all devices inheriting from tplink-safeloader. Fix this by
overriding KERNEL_INITRAMFS to KERNEL variable again.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ceeece9ffaa5a3a336505332c39794d76c08b2ca)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Removed patches because included in upstream:
- 315-v5.10-usbnet-ipeth-fix-connectivity-with-ios-14.patch
Compile-tested on: ipq40xx, ath79, x86/64
Runtime-tested on: ipq40xx, ath79
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
9efa1da wireless-regdb: update regulatory rules for Egypt (EG)
ede87f5 wireless-regdb: restore channel 12 & 13 limitation in the US
5bcafa3 wireless-regdb: Update regulatory rules for Croatia (HR)
4e052f1 wireless-regdb: Update regulatory rules for Pakistan (PK) on 5GHz
f9dfc58 wireless-regdb: update 5.8 GHz regulatory rule for GB
c19aad0 wireless-regdb: Update regulatory rules for Kazakhstan (KZ)
07057d3 wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 94d1b2508c38e21a5d1a45a4d80db2905bf1537c)
|
| |
|
|
|
|
|
| |
Update to latest release.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 493eef5b279a0455b76bfacabdec3af8bf642385)
|
| |
|
|
|
|
|
|
|
| |
Fixes: CVE-2020-1971, defined as high severity, summarized as:
NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS
attack.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 882ca13d923796438fd06badeb00dc95b7eb1467)
|
| |
|
|
|
|
|
|
|
|
| |
The removed patches were applied upstream.
The changes to 357-mac80211-optimize-skb-resizing.patch are more
complex. I think the patch already took care of the new changes done
upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
| |
Previously only the power LED was working.
With this patch all leds except 5GHz are working.
Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
[rephrased commit title, drop status property]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 67d019ac94015707926235a3ac0aa6bb12cee8c2)
|
| |
|
|
|
|
|
|
|
| |
This fixes tethering with devices using iOS 14. Prior to this patch,
connections to remote endpoints were not possible while data transfers
between the OpenWrt device and the iOS endpoints worked fine.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit f64496f30f2ef97124dc4e13a48ee0de9d51832e)
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
rules.mk always passes these as -I/-L to the toolchain.
Fixes rare errors like:
cc1: error: staging_dir/target-aarch64_cortex-a53_musl/usr/include: No such file or directory [-Werror=missing-include-dirs]
Signed-off-by: Andre Heider <a.heider@gmail.com>
Acked-by: Paul Spooren <mail@aparcar.org>
Acked-by: Rosen Penev <rosenp@gmail.com>
[fixed merge conflict]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b0cb305236524095bfd899449b0ad8eb821cb3bb)
|
| |
|
|
|
|
|
| |
Allow setting of mirror hash for Git kernel tree.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 796d51834c5be85771d26e433fd509cd3bef72e3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the check target fails if the kernel Git tree is used:
$ make toolchain/kernel-headers/{download,check}
make[2]: Entering directory 'toolchain/kernel-headers'
Makefile:105: *** ERROR: Unknown pack format for file openwrt/tmp/dl/. Stop.
make[2]: Leaving directory 'toolchain/kernel-headers'
toolchain/Makefile:100: recipe for target 'toolchain/kernel-headers/check' failed
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit bb7ba6b6a81d1fb7ac6075edfd8e8b713dd61db2)
|
| |
|
|
|
|
|
|
|
|
|
| |
It seems like after a build the /dl dir seems to now contain a .hash
file for each source file due to inproper cleanup so fix it by removing
those intermediate files before leaving the download action.
Fixes: 4e19cbc55335 ("download: handle possibly invalid local tarballs")
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 52a5d0d27f2557db99fc5435fbd7783b649cb9b2)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently it's assumed, that already downloaded tarballs are always
fine, so no checksum checking is performed and the tarball is used even
if it might be corrupted.
From now on, we're going to always check the downloaded tarballs before
considering them valid.
Steps to reproduce:
1. Remove cached tarball
rm dl/libubox-2020-08-06-9e52171d.tar.xz
2. Download valid tarball again
make package/libubox/download
3. Invalidate the tarball
sed -i 's/PKG_MIRROR_HASH:=../PKG_MIRROR_HASH:=ff/' package/libs/libubox/Makefile
4. Now compile with corrupt tarball source
make package/libubox/{clean,compile}
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 4e19cbc553350b8146985367ba46514cf50e3393)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit f98878e4c17d ("cmake.mk: set C/CXX compiler for host builds as
well") has introduced regression as it didn't taken usage of ccache into
the account so fix it by handling ccache use cases as well.
In order to get this working we need to export HOSTCXX_NOCACHE in
rules.mk as well.
Fixes: f98878e4c17d ("cmake.mk: set C/CXX compiler for host builds as well")
Reported-by: Ansuel Smith <ansuelsmth@gmail.com>
Tested-by: Ansuel Smith <ansuelsmth@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 524fb5646eec6147aadfdd508219f39bcf8ba8fc)
|
| |
|
|
|
|
|
|
| |
Without this, cmake will use whatever CC/CXX is set to, which could be
clang. In that case, at least libjson-c/host will fail to compile.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f98878e4c17d5f11e78994b4fc456e6b60b2660f)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixup dfa357a3de "mvebu: base-files: Update Turris Omnia U-Boot
environment" which should have included this file as well.
By rebasing the initial patch this file somehow disappeared.
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tested-by: W. Michael Petullo <mike@flyn.org> (Turris Omnia "2020")
Tested-by: Klaus Kudielka <klaus.kudielka@gmail.com> (Turris Omnia)
[explain fixup in commit message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(backported from commit 485ce5bbe5cc33526e56817694a79a7d94160e01)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the update procedure from sysupgrade to first boot, which is much
more convenient in the sysupgrade case (otherwise the environment is
always one generation behind).
Check whether we have an old U-Boot release installed, and update the
environment only if necessary.
Some notes on the U-Boot environment:
The first 9 lines are a copy of the default environment of the old U-Boot
release - only modified, to run "distro_bootcmd", in case "mmcboot" fails
to boot the factory OS.
The remaining 16 lines are a backport of the default environment of the
new U-Boot release (shipped with CZ11NIC23). The main entry point is
"distro_bootcmd", which eventually sources boot.scr. This way, we have
a unified boot protocol for all Turris Omnia revisions so far.
This commit also fixes a shortcoming of previous Turris Omnia support:
Users may install OpenWrt with the Turris Omnia in factory state
(i.e. invalid environment store). In that case, neither fw_setenv, nor
U-Boot itself, would import the default environment from the image -
screwing up the rescue system, at least!
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tested-by: W. Michael Petullo <mike@flyn.org> (Turris Omnia "2020")
Tested-by: Klaus Kudielka <klaus.kudielka@gmail.com> (Turris Omnia)
(cherry picked from commit dfa357a3def512c13f22371d24138b6e8093be18)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In contrast to the U-Boot version shipped with older versions of Turris
Omnia (CZ11NIC13, CZ11NIC20), the version shipped with Turris Omnia 2019
(CZ11NIC23) relies on the existence of /boot.scr.
Consequently, add a suitable boot script to the sysupgrade image.
Flash instructions for Turris Omnia 2019:
- Download openwrt-...-sysupgrade.img.gz, gunzip it, and copy the resulting
.img file to the root of a USB flash drive (FAT32 or ext2/3/4).
- Enter a rescue shell: Either via 5-LED reset and ssh root@192.168.1.1
on LAN port 4, or via 7-LED reset and the serial console.
- Insert the USB drive and mount it:
mkdir /mnt; mount /dev/sda1 /mnt
- Flash the OpenWrt image to eMMC:
dd if=/mnt/openwrt-...-sysupgrade.img of=/dev/mmcblk0 bs=4096 conv=fsync
- Reboot.
Flash instructions using a temporary "medkit" installation were written for
the older versions of Turris Omnia, and will *not* work on the Turris Omnia
2019.
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tested-by: W. Michael Petullo <mike@flyn.org> (Turris Omnia "2020")
(cherry picked from commit afd4375a33840fa949c898fb6bc603e8645edd61)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
On the Turris Omnia 2019, u-boot environment is located at 0xF0000, instead
of 0xC0000. The switch happened with u-boot-omnia package version 2019-04-2
(May 10, 2019).
Check the installed u-boot release, and set the default accordingly.
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
[bump PKG_RELEASE, use lower case for hex offset]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 04d3b517dc3301e0148a2ce811ffc136568b04bd)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport below changes for GigaDevice GD25Q256 support from v4.15:
e27072851bf7 mtd: spi-nor: add a quad_enable callback in struct flash_info
65153846b18c mtd: spi-nor: add support for GD25Q256
This chip is used on newer Quad-E4G boards.
Before:
[ 2.366493] m25p80 spi0.0: unrecognized JEDEC id bytes: c8, 40, 19
[ 2.372853] m25p80: probe of spi0.0 failed with error -2
After:
[ 2.371722] m25p80 spi0.0: gd25q256 (32768 Kbytes)
[ 2.376694] 5 fixed-partitions partitions found on MTD device spi0.0
[ 2.383043] Creating 5 MTD partitions on "spi0.0":
[ 2.387824] 0x000000000000-0x000000030000 : "u-boot"
[ 2.394138] 0x000000030000-0x000000031000 : "u-boot-env"
[ 2.400608] 0x000000031000-0x000000040000 : "config"
[ 2.406830] 0x000000040000-0x000000050000 : "factory"
[ 2.413169] 0x000000050000-0x000002000000 : "firmware"
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Altered patches:
- 804-i2c-support-layerscape.patch
Compile-tested on: ipq40xx, ath79, layerscape/armv8_64b
Runtime-tested on: ipq40xx, ath79
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
wireguard-tools is trying to import the menuconfig section
from the wireguard package, but since it's not anymore in
the same makefile this seems to fail and wireguard-tools
ends up in "extra packages" category instead with other
odds and ends.
Same for the description, it's trying to import it from the
wireguard package but it fails so it only shows the line
written in this makefile.
remove the broken imports and add manually the entries
and description they were supposed to load
Fixes: ea980fb9c6de ("wireguard: bump to 20191226")
Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
[fix trailing whitespaces, add Fixes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit a4d52522c7fbc47a04215b8f04a2e1f7cf7aafea)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This commit disables the double tagging recently backported to 19.07.
Operating the switch on the S-Tag had the advantage of being able to
have separate VLANs for the same C-VID on LAN and WAN. However, this
broke the ability to configure C-TAG modifications on the switch. Also
performance took a significant toll.
Fixes: commit 8c191712558c ("ipq40xx: fix ethernet vlan double tagging")
Signed-off-by: David Bauer <mail@david-bauer.net>
|
| |
|
|
|
|
|
|
|
|
| |
This PR backports upstream fix for CVE-2020-8037. This fix is only
relevant for tcpdump package, tcpdump-mini is not affeted by this issue.
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 5bb3cc749ee0d08d82acda3c084ff759f3829a91)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some devices (especially QCA ones) are already using hardcoded partition
names with colons in it. The OpenMesh A62 for example provides following
mtd relevant information via cmdline:
root=31:11 mtdparts=spi0.0:256k(0:SBL1),128k(0:MIBIB),384k(0:QSEE),64k(0:CDT),64k(0:DDRPARAMS),64k(0:APPSBLENV),512k(0:APPSBL),64k(0:ART),64k(custom),64k(0:KEYS),0x002b0000(kernel),0x00c80000(rootfs),15552k(inactive) rootfsname=rootfs rootwait
The change to split only on the last colon between mtd-id and partitions
will cause newpart to see following string for the first partition:
KEYS),0x002b0000(kernel),0x00c80000(rootfs),15552k(inactive)
Such a partition list cannot be parsed and thus the device fails to boot.
Avoid this behavior by making sure that the start of the first part-name
("(") will also be the last byte the mtd-id split algorithm is using for
its colon search.
Fixes: 9c718b5478ac ("kernel: bump 4.14 to 4.14.200")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(backported from commit 223eec7e81f8506592fc89cf79a2f14360f5c57b)
|
| |
|
|
|
|
|
|
|
| |
Commit c9c7b4b3945c ("kernel: add netfilter-actual-sk patch") has
touched net/ipv6/netfilter/ip6table_mangle.c which in turn has affected
910-unaligned_access_hacks.patch so the patch needs to be refreshed.
Fixes: c9c7b4b3945c ("kernel: add netfilter-actual-sk patch")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The wcsnrtombs function in all musl libc versions up through 1.2.1 has
been found to have multiple bugs in handling of destination buffer
size when limiting the input character count, which can lead to
infinite loop with no forward progress (no overflow) or writing past
the end of the destination buffera.
This function is not used internally in musl and is not widely used,
but does appear in some applications. The non-input-limiting form
wcsrtombs is not affected.
All users of musl 1.2.1 and prior versions should apply the attached
patch, which replaces the overly complex and erroneous implementation.
The upcoming 1.2.2 release will adopt this new implementation.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 4d4ef1058c0f10aa2fa4070cd6b9db4d48b94148)
|
| |
|
|
|
|
|
|
| |
Backport of linux kernel commit 46d6c5a to 4.14 kernel.
netfilter: use actual socket sk rather than skb sk when routing harder
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
|
| |
|
|
|
|
|
| |
3abcc89 client: fix spurious keepalive connection timeouts
Fixes: FS#3443
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With this commit, the download script will try downloading source files
using the filename instead of the url-filename in case the previous
download attempt using the url-filename failed.
This is required, as the OpenWrt sources mirrors serve files using the
filename files might be renamed to after downloading. If the original
mirror for a file where url-filename and filename do not match goes
down, the download failed prior to this patch.
Further improvement can be done by performing this only for the
OpenWrt sources mirrors.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit d36999389890fb952fc7cc8c0db8e1bbb671af12)
|
| |
|
|
|
|
|
|
| |
The fsl_destroy_mc_io() function was moved, add the new checks to the
moved copy and not just remove it.
Fixes: ac5297340e64 ("kernel: bump 4.14 to 4.14.206")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed all patches.
Altered patches:
- 210-dwc2_defaults.patch
- 708-mc-bus-support-layerscape.patch
Fixes:
- CVE-2020-25656
Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
