aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* kernel: bump 4.14 to 4.14.223Koen Vandeputte2021-03-1019-51/+51
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* wolfssl: bump to v4.7.0-stableEneas U de Queiroz2021-03-065-92/+4
| | | | | | | | | | | | | | | Biggest fix for this version is CVE-2021-3336, which has already been applied here. There are a couple of low severity security bug fixes as well. Three patches are no longer needed, and were removed; the one remaining was refreshed. This tool shows no ABI changes: https://abi-laboratory.pro/index.php?view=objects_report&l=wolfssl&v1=4.6.0&v2=4.7.0 Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit d1dfb577f1c0d5b1f1fa35000c9ad7abdb7d10ed)
* hostapd: P2P: Fix a corner case in peer addition based on PD RequestStefan Lippers-Hollmann2021-03-062-1/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | p2p_add_device() may remove the oldest entry if there is no room in the peer table for a new peer. This would result in any pointer to that removed entry becoming stale. A corner case with an invalid PD Request frame could result in such a case ending up using (read+write) freed memory. This could only by triggered when the peer table has reached its maximum size and the PD Request frame is received from the P2P Device Address of the oldest remaining entry and the frame has incorrect P2P Device Address in the payload. Fix this by fetching the dev pointer again after having called p2p_add_device() so that the stale pointer cannot be used. This fixes the following security vulnerabilities/bugs: - CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request") Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> (cherry picked from commit 1ca5de13a153061feae260864d73d96f7c463785)
* build: fix checks for GCC11Petr Štetiar2021-03-061-4/+4
| | | | | | | | Fedora 34 already uses GCC11. Reported-by: Marcin Juszkiewicz <marcin-openwrt@juszkiewicz.com.pl> Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit cae69d558135456976b8fc6cb08530d1358cf6d5)
* Revert "base-files: source functions.sh in /lib/functions/system.sh"Adrian Schmutzler2021-03-012-3/+1
| | | | | | | | | | | | | | | | This reverts commit 86aeac4fc98f42ac0ce7e0dcf1cb240e16b28f8f. The reverted commit introduced a cyclic dependency between /lib/functions.sh and /lib/functions/system.sh. Further details are found in 282e8173509a ("base-files: do not source system.sh in functions.sh"), which was applied to master some time ago and is included in 21.02. With the current age of 19.07 branch, it seems safer to revert this mostly cosmetic feature than investing further time into disentangling the dependencies. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* kernel: bump 4.14 to 4.14.222Koen Vandeputte2021-02-268-16/+16
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* base-files: source functions.sh in /lib/functions/system.shAdrian Schmutzler2021-02-242-1/+3
| | | | | | | | | The file /lib/functions/system.sh depends on find_mtd_index() and find_mtd_part() located in /lib/function.sh, so let's source that file. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (backported from commit ae636effd24a7637cefca58a143063f395c82d05)
* hostapd: backport ignoring 4addr mode enabling errorRaphaël Mélotte2021-02-202-1/+79
| | | | | | | | | | | | | | | | | | | This is a backport of the upstream commit 58bbbb598144 ("nl80211: Ignore 4addr mode enabling error if it was already enabled"). nl80211_set_4addr_mode() could fail when trying to enable 4addr mode on an interface that is in a bridge and has 4addr mode already enabled. This operation would not have been necessary in the first place and this failure results in disconnecting, e.g., when roaming from one backhaul BSS to another BSS with Multi AP. Avoid this issue by ignoring the nl80211 command failure in the case where 4addr mode is being enabled while it has already been enabled. Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be> [bump PKG_RELEASE, more verbose commit description] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit fb860b4e418c28a0f388f215e5acce103dcee1bf)
* ramips: remove factory image for TP-Link Archer C20 v1Stijn Segers2021-02-191-1/+0
| | | | | | | | | | | | | Similarly to the Archer C2 v1, the Archer C20 v1 will brick when one tries to flash an OpenWrt factory image through the TP-Link web UI. The wiki page contains an explicit warning about this [1]. Disable the factory image altogether since it serves no purpose. [1] https://openwrt.org/toh/tp-link/tp-link_archer_c20_v1#installation Signed-off-by: Stijn Segers <foss@volatilesystems.org> (backported from commit 0265cba40ad4f2b8ff4473ada123c35b53ffd97a)
* lantiq: fritz7320: enable USB power supplyMathias Kresin2021-02-181-0/+46
| | | | | | | | | | | | | The USB ports if a FRIZZ!Box 7320 do not supply power to connected devices. Add the GPIOs enabling USB power as regulator, to enable USB power supply as soon as the USB driver is loaded. Fixes FS#3624 Signed-off-by: Mathias Kresin <dev@kresin.me> (cherry picked from commit 6e4e97b2256327bb380ee2a83da9a1ddf657e395)
* openssl: bump to 1.1.1jEneas U de Queiroz2021-02-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes 4 security vulnerabilities/bugs: - CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support SSLv2, but the affected functions still exist. Considered just a bug. - CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. - CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it was failing to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. - Fixed SRP_Calc_client_key so that it runs in constant time. This could be exploited in a side channel attack to recover the password. The 3 CVEs above are currently awaiting analysis. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 482c9ff289c65480c8e7340e1740db24c62f91df)
* OpenWrt v19.07.7: revert to branch defaultsHauke Mehrtens2021-02-165-12/+10
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* OpenWrt v19.07.7: adjust config defaultsv19.07.7Hauke Mehrtens2021-02-165-10/+12
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.14 to 4.14.221Koen Vandeputte2021-02-158-31/+22
| | | | | | | | | | | | Refreshed all patches. Remove upstreamed hunk in: - 302-dts-support-layerscape.patch Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ramips: ethernet: Disable TSO support to improve stabilityBaptiste Jonglez2021-02-151-2/+1
| | | | | | | | | | | | | | | | | | | | | | | Stability of this Ethernet driver has been a long-standing issue, with many people reporting frequent "transmit queue timeouts" and even occasional crashes. Disabling TSO in the driver helps with stability, although it is likely a workaround and might not fix the issue completely. There is a slight slowdown in forwarding performance for TCP packets (75 kpps vs. 80 kpps with comparable CPU utilization), but this is still enough to forward close to 1 Gbit/s of full-sized packets across multiple flows. Master is using a different ethernet driver, so this is not a backport. Because of this different driver, the upcoming 21.02 release does not seem to be affected by these stability issues. Thanks to mrakotiq for the initial patch. Fixes: FS#2628 Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* mt76: update to the latest versionDavid Bauer2021-02-151-3/+3
| | | | | | 5c768de mt76: mt76x0: disable GTK offloading Signed-off-by: David Bauer <mail@david-bauer.net>
* ramips: mark toggle input on EX6150 as a switchKurt Roeckx2021-02-151-0/+1
| | | | | | | | | | The Netgear EX6150 has an Access Point/Extender switch. Set it as an EV_SW. Otherwise when it's set to Access Point, it will trigger failsafe mode during boot. Fixes: FS#3590 Signed-off-by: Kurt Roeckx <kurt@roeckx.be> (cherry picked from commit 539966554d6d0686dc8ce62e39ff9e8f4e2d4e74)
* mac80211: Remove 357-mac80211-optimize-skb-resizing.patchHauke Mehrtens2021-02-144-221/+6
| | | | | | | | | This patch was adapted to apply on top of some stable changes, but we are not sure if this is working correctly. Felix suggested to remove this patch for now. Fixes: 0a59e2a76e6d ("mac80211: Update to version 4.19.161-1") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ramips: remove factory image for TP-Link Archer C2 v1Stijn Segers2021-02-141-1/+0
| | | | | | | | | | | | | | | | | | | | Initial commit 8375623a0640 ("ramips: add support for TP-Link Archer C2") contains detailed installation instructions, which do not mention a factory image. From what I can see, no support to install OpenWrt through the vendor web interface has been added since. The factory image is also conspicuously absent from the device page in the wiki. Yet, it is available for download. I bricked my Archer C2 loading the factory image through the web UI. Serial showed this error during bootloop: Uncompressing Kernel Image ... LZMA ERROR 1 - must RESET board to recover This patch disables the undocumented factory image so users won't get tricked into thinking easy web UI flashing actually works. Signed-off-by: Stijn Segers <foss@volatilesystems.org> (backported from commit ad5e29d38a48ce6ffbcabaf5d83bc76a64dfbe56)
* ath79: fix USB power GPIO for TP-Link TL-WR810N v1Adrian Schmutzler2021-02-121-1/+1
| | | | | | | | | | | | | | | | | | | The TP-Link TL-WR810N v1 is known to cause soft-brick on ath79 and work fine for ar71xx [1]. On closer inspection, the only apparent difference is the GPIO used for the USB regulator, which deviates between the two targets. This applies the value from ar71xx to ath79. Tested successfully by a forum user. [1] https://forum.openwrt.org/t/tp-link-tl-wr810n-v1-ath79/48267 Fixes: cdbf2de77768 ("ath79: Add support for TP-Link WR810N") Fixes: FS#3522 Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 6934d30cf8d95bc8652b4dcd8180d14e5e8e2417)
* wolfssl: Backport fix for CVE-2021-3336Hauke Mehrtens2021-02-102-1/+54
| | | | | | | | | | | | | This should fix CVE-2021-3336: DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The patch is backported from the upstream wolfssl development branch. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 1f559cafe5cc1193a5962d40a2d938c66c783171)
* bcm63xx: sprom: override the PCI device IDDaniel González Cabanelas2021-02-072-1/+79
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The PCI device ID detected by the wifi drivers on devices using a fallback SPROM is wrong. Currently the chipnum is used for this parameter. Most SSB based Broadcom wifi chips are 2.4 and 5GHz capable. But on devices without a physical SPROM, the only one way to detect if the device suports both bands or only the 5GHz band, is by reading the device ID from the fallback SPROM. In some devices, this may lead to a non working wifi on a 5GHz-only card, or in the best case a working 2.4GHz-only in a dual band wifi card. The offset for the deviceid in SSB SPROMs is 0x0008, whereas in BCMA is 0x0060. This is true for any SPROM version. Override the PCI device ID with the one defined at the fallback SPROM, to detect the correct wifi card model and allow using the 5GHz band if supported. The patch has been tested with the following wifi radios: BCM43222: b43: both 2.4/5GHz working brcm-wl: both 2.4/5GHz working BCM43225: b43: 2.4GHz, working brcmsmac: working brcm-wl: it lacks support BCM43217: b43: 2.4GHz, working brcmsmac: it lacks support brcm-wl: it lacks support Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com> Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> Backported from a0e0e621ca
* kernel: bump 4.14 to 4.14.219Koen Vandeputte2021-02-053-4/+4
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* bcm63xx: R5010UNv2: fix flash partitions for 16MB flashDaniel González Cabanelas2021-02-041-5/+5
| | | | | | | | | | | | The router Nucom R5010UN v2 has the partitions defined for a 8MB flash, but the flash chip is 16MB size. We are wasting half of the flash. Fix it and use generic names for partitions. Fixes: 474cde61234c ("brcm63xx: probe SPI flash through DT") Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com> (cherry picked from commit cef9e5a49f496b64449fca6814fc1b66a45601c3)
* hostapd: fix P2P group information processing vulnerabilityDaniel Golle2021-02-042-1/+39
| | | | | | | | | | | | | | A vulnerability was discovered in how wpa_supplicant processing P2P (Wi-Fi Direct) group information from active group owners. This issue was discovered by fuzz testing of wpa_supplicant by Google's OSS-Fuzz. https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt Signed-off-by: Daniel Golle <daniel@makrotopia.org> [added the missing patch] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry-picked from commit 7c8c4f1be648aff9f1072ee27a2cc8f6a4a788ef)
* opkg: update to latest git HEAD of branch openwrt-19.07Baptiste Jonglez2021-02-031-3/+3
| | | | | | | | | | | | | c5dccea libopkg: fix md5sum calculation 7cad0c0 opkg_verify_integrity: better logging and error conditions 14d6480 download: purge cached packages that have incorrect checksum 456efac download: factor out the logic for building cache filenames b145030 libopkg: factor out checksum and size verification 74bac7a download: remove compatibility with old cache naming scheme Fixes: FS#2690 Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* kernel: bump 4.14 to 4.14.218Koen Vandeputte2021-02-026-11/+11
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* wolfssl: enable HAVE_SECRET_CALLBACKFelix Fietkau2021-02-021-0/+10
| | | | | | | Fixes wpad-wolfssl build Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit 55e23f2c02ae95e84613ed7d1cbf8aba557b8682)
* wolfssl: Fix hostapd build with wolfssl 4.6.0Hauke Mehrtens2021-02-021-0/+25
| | | | | | | | | | | | | This fixes the following build problem in hostapd: mipsel-openwrt-linux-musl/bin/ld: /builder/shared-workdir/build/tmp/ccN4Wwer.ltrans7.ltrans.o: in function `crypto_ec_point_add': <artificial>:(.text.crypto_ec_point_add+0x170): undefined reference to `ecc_projective_add_point' mipsel-openwrt-linux-musl/bin/ld: <artificial>:(.text.crypto_ec_point_add+0x18c): undefined reference to `ecc_map' mipsel-openwrt-linux-musl/bin/ld: /builder/shared-workdir/build/tmp/ccN4Wwer.ltrans7.ltrans.o: in function `crypto_ec_point_to_bin': <artificial>:(.text.crypto_ec_point_to_bin+0x40): undefined reference to `ecc_map' Fixes: ba40da9045f7 ("wolfssl: Update to v4.6.0-stable") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit e7d0d2e9dcaa0ff1197fb7beee139b6a5bd35c79)
* wolfssl: Update to v4.6.0-stableEneas U de Queiroz2021-02-023-30/+3
| | | | | | | | | | | | | | | | | | | This version fixes a large number of bugs and fixes CVE-2020-36177. Full changelog at: https://www.wolfssl.com/docs/wolfssl-changelog/ or, as part of the version's README.md: https://github.com/wolfSSL/wolfssl/blob/v4.6.0-stable/README.md Due a number of API additions, size increases from 374.7K to 408.8K for arm_cortex_a9_vfpv3-d16. The ABI does not change from previous version. Backported patches were removed; remaining patch was refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> [added reference to CVE] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit ba40da9045f77feb04abe63eb8a92f13f9efe471)
* mvebu: omnia: make initramfs image usable out of the boxPetr Štetiar2021-02-021-2/+2
| | | | | | | | | | | | | | | | Currently it's not possible to boot the device with just initramfs image without additional effort as the initramfs image doesn't contain device tree. Fix it by producing FIT based image which could be booted with following commands: setenv bootargs earlyprintk console=ttyS0,115200 tftpboot ${kernel_addr_r} openwrt-mvebu-cortexa9-cznic_turris-omnia-initramfs-kernel.bin bootm ${kernel_addr_r} Acked-by: Klaus Kudielka <klaus.kudielka@gmail.com> Reviewed-by: Tomasz Maciej Nowak <tmn505@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry-picked from commit 337ff74894110b35b61118918b7eb30bb6e60756)
* mt76: update to the latest versionDavid Bauer2021-02-011-3/+3
| | | | | | 4ba1709 mt76: mt7603: add additional EEPROM chip ID Signed-off-by: David Bauer <mail@david-bauer.net>
* wireguard: Fix compile with kernel 4.14.217Hauke Mehrtens2021-01-292-1/+22
| | | | | | | | Backport a patch from wireguard to fix a compile problem with kernel 4.14.217. Fixes: 2ecb22dc51a5 ("kernel: bump 4.14 to 4.14.217") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.14 to 4.14.217Hauke Mehrtens2021-01-256-13/+13
| | | | | | | | | Refreshed all patches. Compile-tested on: ipq40xx, lantiq/xrx200, x86/64, ipq806x Runtime-tested on: ipq40xx, lantiq/xrx200, x86/64 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* dnsmasq: backport fixesHauke Mehrtens2021-01-244-1/+97
| | | | | | | | | This should fix some error messages shown in the log like this one: dnsmasq[16020]: failed to send packet: Network unreachable dnsmasq[16020]: failed to send packet: Address family not supported by protocol Fixes: e87c0d934c54 ("dnsmasq: Update to version 2.83") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* netifd: fix IPv6 routing loop on point-to-point linksHans Dedecker2021-01-211-3/+3
| | | | | | 753c351 interface-ip: add unreachable route if address is offlink Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcp6c: fix IPv6 routing loop on point-to-point linksHans Dedecker2021-01-211-3/+3
| | | | | | | 64e1b4e ra: fix routing loop on point to point links f16afb7 ra: align ifindex resolving Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* kernel: bump 4.14 to 4.14.216Koen Vandeputte2021-01-213-5/+5
| | | | | | | | | Refreshed all patches. Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* imagebuilder: pass IB=1 on checking requirementsPaul Spooren2021-01-191-1/+1
| | | | | | | | | | | | The patch 4a1a58a3 build, imagebuilder: Do not require libncurses-dev was supposed to remove libncurses as a requirement for the ImageBuilder. However as the IB=1 is only exported during building, not for checking requirements, it did never actually work. This commit export IB=1 to the requirement check. Signed-off-by: Paul Spooren <mail@aparcar.org> (cherry picked from commit 4f3806364011aa3aef26fcab2e7b71837a777bcc)
* OpenWrt v19.07.6: revert to branch defaultsHauke Mehrtens2021-01-195-12/+10
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* OpenWrt v19.07.6: adjust config defaultsv19.07.6Hauke Mehrtens2021-01-195-10/+12
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* dnsmasq: Backport some security updatesHauke Mehrtens2021-01-1914-3/+2280
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following security problems in dnsmasq: * CVE-2020-25681: Dnsmasq versions before 2.83 is susceptible to a heap-based buffer overflow in sort_rrset() when DNSSEC is used. This can allow a remote attacker to write arbitrary data into target device's memory that can lead to memory corruption and other unexpected behaviors on the target device. * CVE-2020-25682: Dnsmasq versions before 2.83 is susceptible to buffer overflow in extract_name() function due to missing length check, when DNSSEC is enabled. This can allow a remote attacker to cause memory corruption on the target device. * CVE-2020-25683: Dnsmasq version before 2.83 is susceptible to a heap-based buffer overflow when DNSSEC is enabled. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap- allocated memory. This flaw is caused by the lack of length checks in rtc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in Dnsmasq, resulting in a Denial of Service. * CVE-2020-25684: A lack of proper address/port check implemented in Dnsmasq version < 2.83 reply_query function makes forging replies easier to an off-path attacker. * CVE-2020-25685: A lack of query resource name (RRNAME) checks implemented in Dnsmasq's versions before 2.83 reply_query function allows remote attackers to spoof DNS traffic that can lead to DNS cache poisoning. * CVE-2020-25686: Multiple DNS query requests for the same resource name (RRNAME) by Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS traffic, using a birthday attack (RFC 5452), that can lead to DNS cache poisoning. * CVE-2020-25687: Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rtc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of Service. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uboot-at91: Add PKG_MIRROR_HASH to fix downloadHauke Mehrtens2021-01-181-0/+1
| | | | | | | | | | | | The referenced commit is gone, but we already have this file on our mirror, use that one by providing the correct mirror hash. I generated a tar.xz file with the given git commit hash using a random fork on github and it generated the same tar.xz file as found on our mirror so this looks correct. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 20a7c9d5c9d87595aa73ad39e95132df545a60ca)
* at91bootstrap: Add PKG_MIRROR_HASH to fix downloadHauke Mehrtens2021-01-181-0/+1
| | | | | | | | | | | | The referenced commit is gone, but we already have this file on our mirror, use that one by providing the correct mirror hash. I generated a tar.xz file with the given git commit hash using a random fork on github and it generated the same tar.xz file as found on our mirror so this looks correct. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit a141e7a00e3ad8442831ed87766451a6114afdf9)
* mbedtls: update to 2.16.9Rosen Penev2021-01-181-2/+2
| | | | | Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit f13b623f5e53a72b65f45cbaf56c73df35e70ed2)
* kernel: bump 4.14 to 4.14.215Hauke Mehrtens2021-01-173-9/+9
| | | | | | | | | Refreshed all patches. Compile-tested on: ipq40xx, lantiq/xrx200, x86/64, ipq806x Runtime-tested on: ipq40xx, lantiq/xrx200, x86/64 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 4.14 to 4.14.214Hauke Mehrtens2021-01-1217-178/+32
| | | | | | | | | | | | | Refreshed all patches. Removed patches because included in upstream: - 499-mtd-parser-cmdline-Fix-parsing-of-part-names-with-co.patch - 0071-2-PCI-qcom-Fixed-IPQ806x-PCIE-reset-changes.patch Compile-tested on: ipq40xx, lantiq/xrx200, x86/64, ipq806x Runtime-tested on: ipq40xx, lantiq/xrx200, x86/64 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* glibc: update to latest 2.27 commitHauke Mehrtens2021-01-011-2/+2
| | | | | | | | | | | | | | | | daf88b1dd1 Add NEWS entry for CVE-2020-6096 (bug 25620) b29853702e arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620] bad8d5ff60 arm: CVE-2020-6096: fix memcpy and memmove for negative length [BZ #25620] d64ad0a517 Fix use-after-free in glob when expanding ~user (bug 25414) 34ce87638c Fix array overflow in backtrace on PowerPC (bug 25423) 0df8ecff9e misc/test-errno-linux: Handle EINVAL from quotactl 26f5442ec1 <string.h>: Define __CORRECT_ISO_CPP_STRING_H_PROTO for Clang [BZ #25232] 4b64a4245c intl/tst-gettext: fix failure with newest msgfmt dc7f51bda9 aarch64: Fix DT_AARCH64_VARIANT_PCS handling [BZ #26798] 8edc96aa33 aarch64: add HWCAP_ATOMICS to HWCAP_IMPORTANT 599ebfacc0 aarch64: Remove HWCAP_CPUID from HWCAP_IMPORTANT Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* build/prereq: merge ifndef IB block togetherPaul Spooren2020-12-311-5/+1
| | | | | | | | | | Multiple prereq checks are only required within the build system but not for the ImageBuilder. These checks are excluded by using ifndef IB. This commit merges the three ifndef IB blocks together. Signed-off-by: Paul Spooren <mail@aparcar.org> (cherry picked from commit cc9d5b5a488d3a43068f621a1ef184f06e43bede)
* build, imagebuilder: Do not require compilersSven Roederer2020-12-311-0/+4
| | | | | | | | | | | | | | The buildroot and SDK both require the compilers (gcc, g++) to be installed on the host system, however the ImageBuilder uses precompiled binaries. This patch changes the prerequirements checks to skip the checking for the compilers if running as ImageBuilder. A similar change has been made for libncurses-dev in 4a1a58a3e2d2. Signed-off-by: Sven Roederer <devel-sven@geroedel.de> Acked-by: Paul Spooren <mail@aparcar.org> (cherry picked from commit ae12a747cae3df16d84b7dc92f39427948d4e8e2)