aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* openssl: update to version 1.0.2pHauke Mehrtens2018-08-153-4/+4
| | | | | | | | This fixes the following security problems: * CVE-2018-0732: Client DoS due to large DH parameter * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump kernel 4.9 to version 4.9.120Hauke Mehrtens2018-08-152-67/+2
| | | | | | | | | | | The following patch was integrated upstream: * target/linux/generic/backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch This fixes tries to work around the following security problems: * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump kernel 4.14 to version 4.14.63Hauke Mehrtens2018-08-155-107/+6
| | | | | | | | | | | | The following patches were integrated upstream: * target/linux/ipq40xx/patches-4.14/050-0006-mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch * target/linux/mediatek/patches-4.14/0177-phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass.patch This fixes tries to work around the following security problems: * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ath79: use both WNDR3x00 power leds for boot status indicationDmitry Tunin2018-08-151-5/+5
| | | | | | | | | | | Use the orange led by default to match the bootloader/stock firmware behaviour. Turn on the green power led after boot to indicate a finished boot and the orange one off. Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com> [reword commit message, keep orange power led enabled during early kernel boot] Signed-off-by: Mathias Kresin <dev@kresin.me>
* ath79: use both DIR-825 B1 power leds for boot status indicationDmitry Tunin2018-08-151-2/+3
| | | | | | | | | | | Use the orange led by default to match the bootloader/stock firmware behaviour. Turn on the blue power led after boot to indicate a finished boot and the orange one off. Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com> [reword commit message, keep orange power led enabled during early kernel boot] Signed-off-by: Mathias Kresin <dev@kresin.me>
* ath79: add support for indicating the boot state using multiple ledsDmitry Tunin2018-08-1533-37/+157
| | | | | | | | | | | Use diag.sh version used for apm821xx, ipq40xx and ipq806x, which supports different leds for the different boot states. The existing led sequences should be the same as before. Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com> [reword commit message] Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: add support for D-Link DWR-118-A2Cezary Jackiewicz2018-08-157-0/+208
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The DWR-118-A2 Wireless Router is based on the MT7620A SoC. Specification: - MediaTek MT7620A (580 Mhz) - 128 MB of RAM - 16 MB of FLASH - 1x 802.11bgn radio - 1x 802.11ac radio (MT7612EN) - 4x 10/100 Mbps Ethernet (1 WAN and 3 LAN) - 1x 10/100/1000 Mbps Marvell Ethernet PHY (1 LAN) - 2x external, non-detachable antennas - 1x USB 2.0 - UART (J1) header on PCB (57600 8n1) - 7x LED (5x GPIO-controlled), 2x button - JBOOT bootloader Known issues: - GELAN not working - flash is very slow The status led has been assigned to the dwr-118-a2:green:internet led. At the end of the boot it is switched off and is available for other operation. Work correctly also during sysupgrade operation. Installation: Apply factory image via http web-gui or JBOOT recovery page How to revert to OEM firmware: - push the reset button and turn on the power. Wait until LED start blinking (~10sec.) - upload original factory image via JBOOT http (IP: 192.168.123.254) Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl> Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
* ramips: mt7620: enable all ports unconditionallyPawel Dembicki2018-08-151-1/+10
| | | | | | | This patch make all mt7620 ephy ports turned on. It is necessary for some JBOOT devices. Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
* libubox: set RPATH for host buildJo-Philipp Wich2018-08-141-0/+3
| | | | | | | This is required for programs that indirectly link libjson-c through the libubox blobmsg_json library. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* netifd: update to latest git HEADHans Dedecker2018-08-141-3/+3
| | | | | | 522456b device: gracefully handle device names exceeding IFNAMESIZ Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ramips: add support for HiWiFi HC5861Bold-masterDeng Qingfang2018-08-145-1/+155
| | | | | | | | | | | | | | | | | | | | | | | | HiWiFi "Gee Enjoy1200" HC5861B is a dual-band router based on MediaTek MT7628AN https://www.hiwifi.com/enjoy-view Specifications: - MediaTek MT7628AN 580MHz - 128 MB DDR2 RAM - 16 MB SPI Flash - 2.4G MT7628AN 802.11bgn 2T2R 300Mbps - 5G MT7612EN 802.11ac 2T2R 867Mbps - 5x 10/100 Mbps Ethernet Flash instruction: 1. Get SSH access to the router 2. SSH to router with `ssh -p 1022 root@192.168.199.1`, The SSH password is the same as the webconfig one 3. Upload OpenWrt sysupgrade firmware into the router's `/tmp` folder with SCP 4. Run `mtd write /tmp/<filename> firmware` 5. reboot Everything is working Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* ath79: add support for TP-Link TL-WR941N/ND v2/v3Chuanhong Guo2018-08-144-0/+184
| | | | | | | | | | | | | Specification: - SoC: Atheros AR9132 - Flash: 4 MB - RAM: 32 MB - Ethernet: Marvell 88E6060 with 5 FE ports. Flash instruction: Upload the generated factory firmware on web interface. Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
* ath79: add support for TP-Link WR841N/ND v11Johann Neuhauser2018-08-143-1/+42
| | | | | | | | | | | | | | Specification: - SoC: Atheros AR9533 - Flash: 4 MB - RAM: 32 MB - Ethernet: 4x LAN (100M) / 1x WAN (100M) - WiFi: 2.4G 300M Flash instruction: Flash factory image from stock WebUI. Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
* ath79: move TP-Link WR841v9 aliases node from dtsi to dtsJohann Neuhauser2018-08-142-5/+5
| | | | | | | | Move the alias node of the TP-Link WR841v9 and rename the phandle of the qss led to qss_led in preparation for adding the very similar TP-Link WR841v11. Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
* ath79: fix sysupgrade TP-Link WR841v9Johann Neuhauser2018-08-142-2/+1
| | | | | | | Remove SUPPORTED_DEVICES from wr841-v9 because it´s not needed and for consistency rename everything to tl-wr841-v9. Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
* firmware-utils/mksercommfw: fix build with clang/macOSRyan Mounce2018-08-141-1/+1
| | | | | | | | fixes error: non-void function 'main' should return a value Fixes: FS#1770 Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
* ath79: Add wifi to WNDR3700, WNDR3700v2 and WNDR3800Hannu Nyman2018-08-144-1/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add ath9k wifi capabilities to WNDR3700 family. * use kmod-owl-loader to load firmware from "art" * add wifi to DTS * add wifi LEDs Avoid using the same MAC for eth0 LAN and wlan0 by toggling the eth0 MAC into a locally administered MAC. That is currently done by in user-space by adding a uci config item into /etc/config/network (More elegant solution might be setting it already in preinit phase.) Known issues: * wifi firmware file may not get created on the first boot after flashing on time to bring wifi normally up. Likely the overlay jffs2 is not yet ready for creating the firmware file. "wifi up" may still bring wifi up. Wifi will work normally at subsequent boots. * phy0 and phy1 may get assigned mixed, so that phy0 may be the 5GHz radio instead of the normal 2.4GHz, and vice versa for phy1. Does not happen always, but may happen. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> [fix the wifi unit address in the dts] Signed-off-by: Mathias Kresin <dev@kresin.me>
* ath79: add support for Pisen WMM003N (Cloud Easy Power)Icenowy Zheng2018-08-143-0/+136
| | | | | | | | | | | | | | | | | | | | | Pisen WMM003N (sold under the name of Cloud Easy Power) is an AR9331-based router and power bank combo device. The device uses a stock firmware modified from OpenWRT for TP-Link TL-WR703N; however some GPIO definition is different on this device with TL-WR703N. An AXP202 PMIC (connected to a 5000mAh battery) and a SD slot are also added, and the stock Flash/RAM configuration is 8MiB/64MiB. The stock firmware is an old and heavily modified OpenWRT-based firmware, which has telnetd defaultly open, and the root password is "ifconfig" (quotation marks not included). The factory image format is not known yet, however the stock firmware ships the OpenWRT's sysupgrade command, and it can be used to install a newer firmware. Due to the lack of the access to the STM8 embedded controller, the SD slot is currently not usable (because it's muxed with the on-board USB port) and the AXP PMIC cannot be monitored. Signed-off-by: Icenowy Zheng <icenowy@aosc.io>
* firewall: bump to git HEADStijn Tintel2018-08-131-3/+3
| | | | | | | | 12a7cf9 Add support for DSCP matches and target 06fa692 defaults: use a generic check_kmod() function 1c4d5bc defaults: fix check_kmod() function Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* ar7: remove linux 3.18 supportKoen Vandeputte2018-08-1314-998/+0
| | | | | | | This target is on 4.9 currently. It seems the support for this old kernel never got dropped. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* firmware-utils/mksercommfw: fix musl buildAndy Walsh2018-08-131-0/+1
| | | | | | * add missing <sys/types.h> for musl Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
* ramips: add missing USB packages into ASL26555-16MZoltan HERPAI2018-08-131-1/+1
| | | | | | | Mirror the package list from the 8M device profile to the 16M device profile. Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* tools/cmake: Update to 3.12.1Daniel Engberg2018-08-132-3/+3
| | | | | | Update cmake to 3.12.1 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* ath79: drop tl prefix for TP-Link RE450 v2Peter Lundkvist2018-08-132-2/+2
| | | | | | | | This router is called RE450 and the tl prefix was used to identify it as a TP-Link device. Drop the tl prefix since we now have tplink in dts and device name. Signed-off-by: Peter Lundkvist <peter.lundkvist@gmail.com>
* ath79: gmac: add parsers for rxd(v)- and tx(d|en)-delay for AR9344Christian Lamparter2018-08-132-1/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some AR9344 boards do very poorly with the default settings and need custom rxdv-delay, rxd-delay, txd-delay, txen-delay flags to perform reasonably. In this case the WD My Net Wi-Fi Range Extender can not even manage 10Mbps on a 1Gbit link: root@AR9344:~# iperf3 -s ----------------------------------------------------------- Server listening on 5201 ----------------------------------------------------------- Accepted connection from client [...] [ 5] local [...] connected to client [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 1.09 MBytes 9.16 Mbits/sec [ 5] 1.00-2.00 sec 895 KBytes 7.33 Mbits/sec [ 5] 2.00-3.00 sec 762 KBytes 6.25 Mbits/sec [...] [ 5] 10.00-10.03 sec 17.0 KBytes 4.74 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate [ 5] 0.00-10.03 sec 9.00 MBytes 7.52 Mbits/sec with but with the correct settings in place, it does much better: root@AR9344:~# iperf3 -s ----------------------------------------------------------- Server listening on 5201 ----------------------------------------------------------- Accepted connection from client [...] [ 5] local [...] connected to client [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 23.1 MBytes 193 Mbits/sec [ 5] 1.00-2.00 sec 23.1 MBytes 194 Mbits/sec [ 5] 2.00-3.00 sec 23.2 MBytes 195 Mbits/sec [...] [ 5] 10.00-10.04 sec 710 KBytes 180 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate [ 5] 0.00-10.04 sec 237 MBytes 198 Mbits/sec The tx data and enable delay bits definitions are taken from Atheros' AR9344 Data Sheet Section "8.6.1 Ethernet Configuration (ETH_CFG)" on page 153. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* packages: nvram: make it possible to include it for ath79 targetsChristian Lamparter2018-08-131-1/+1
| | | | | | | | | The WD My Net Range Extender stores the MAC addresses inside the nvram partition. This utility can extract it, but it's currently not avilable on the ath79 target. Hence, this patch adds the necessary target declaration, so it can be built. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* uboot-zynq: update to 2018.07Luis Araneda2018-08-133-3/+46
| | | | Signed-off-by: Luis Araneda <luaraneda@gmail.com>
* ath79: add QCA956x GMAC configDavid Bauer2018-08-132-0/+18
| | | | | | This commit adds the ability to configure the GMAC of the QCA956x. Signed-off-by: David Bauer <mail@david-bauer.net>
* brcm47xx: cosmetic fix in model detectionPaul Wassi2018-08-131-1/+1
| | | | | | | | In "brcm47xx: rework model detection" the file 01_detect was moved to 01_network, therefore also update the warning message in case everything fails. Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* ath79: ar913x: fix eth pll registerChuanhong Guo2018-08-131-1/+1
| | | | | | | PLL for eth0 internal clock on ar913x is at 0x18050014 and AR913X_ETH0_PLL_SHIFT is 20 instead of 17 Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
* ath79: ag71xx: fix speed applied to MII0/1_CTRL on ar71xx/ar913xChuanhong Guo2018-08-131-2/+2
| | | | | | Currently speed value is applied to interface mode field. Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
* ath79: add WNDR3700 and WNDR3700v2Hannu Nyman2018-08-134-0/+93
| | | | | | | | | | | | Add support for WNDR3700 and WNDR3700v2. They share most things with WNDR3800. Only device IDs and partition structure needs to be set. Note: WNDR3700 (v1) has no NETGEAR_HW_ID, but has also the NA version of the factory image. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* ath79: create WNDR3700 series .dtsi and adjust WNDR3800Hannu Nyman2018-08-133-200/+212
| | | | | | | | | | | | | | | | | Prepare for addition of WNDR3700 and WNDR3700v2 by separating the common parts into wndr3700.dtsi and leaving just the device-specific things into wndr3800.dts The three routers are identical except * device IDs * WNDR3700 (v1) has only 8 MB flash, while others have 16 MB. Partition structure needs to be defined for each device. * (WNDR3800 has 128 MB RAM, but RAM size is not in DTS) Also separate the common parts of the image recipe. (Drop also the initramfs recipe.) Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* ramips: fix BR-6478ACv2 supportDaniel Gimpelevich2018-08-136-70/+61
| | | | | | | | | | | | | | | | | The wholesale changes introduced in commit f9b8328 missed this DTS file because it hadn't been merged yet. This patch brings it in line to match the other mt7620a devices' DTS files. Additionally, the Internet LED is now labeled correctly and set to unused by default, since the WAN interface is not known in every configuration. Using sysupgrade between images before and after this commit will require the -F flag. Tested-by: Rohan Murch <rohan.murch@gmail.com> Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us> [drop internet led default setting] Signed-off-by: Mathias Kresin <dev@kresin.me>
* ramips: add support for Netgear R6120Ludwig Thomeczek2018-08-135-0/+180
| | | | | | | | | | | | | | | | | | | | This patch adds support for the Netgear R6120, aka Netgear AC1200. Specification: - SoC: MediaTek MT7628 (580 MHz) - Flash: 16 MiB - RAM: 64 MiB - Wireless: 2.4Ghz(builtin) and 5Ghz (MT7612E) - LAN speed: 10/100 - LAN ports: 4 - WAN speed: 10/100 - WAN ports: 1 - Serial baud rate of Bootloader and factory firmware: 57600 To flash use nmrpflash with the provided factory.img. Flashing via webinterface will not work, for now. Signed-off-by: Ludwig Thomeczek <ledesrc@wxorx.net>
* firmware-utils: add sercomm/netgear toolLudwig Thomeczek2018-08-133-0/+265
| | | | | | | | | | | This adds a tool to generate a firmware file accepted by Netgear or sercomm devices. They use a zip-packed rootfs with header and a custom checksum. The generated Image can be flashed via the nmrpflash tool or the webinterface of the router. Signed-off-by: Ludwig Thomeczek <ledesrc@wxorx.net>
* wireguard: bump to 0.0.20180809Jason A. Donenfeld2018-08-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * send: switch handshake stamp to an atomic Rather than abusing the handshake lock, we're much better off just using a boring atomic64 for this. It's simpler and performs better. Also, while we're at it, we set the handshake stamp both before and after the calculations, in case the calculations block for a really long time waiting for the RNG to initialize. * compat: better atomic acquire/release backport This should fix compilation and correctness on several platforms. * crypto: move simd context to specific type This was a suggestion from Andy Lutomirski on LKML. * chacha20poly1305: selftest: use arrays for test vectors We no longer have lines so long that they're rejected by SMTP servers. * qemu: add easy git harness This makes it a bit easier to use our qemu harness for testing our mainline integration tree. * curve25519-x86_64: avoid use of r12 This causes problems with RAP and KERNEXEC for PaX, as r12 is a reserved register. * chacha20: use memmove in case buffers overlap A small correctness fix that we never actually hit in WireGuard but is important especially for moving this into a general purpose library. * curve25519-hacl64: simplify u64_eq_mask * curve25519-hacl64: correct u64_gte_mask Two bitmath fixes from Samuel, which come complete with a z3 script proving their correctness. * timers: include header in right file This fixes compilation in some environments. * netlink: don't start over iteration on multipart non-first allowedips Matt Layher found a bug where a netlink dump of peers would never terminate in some circumstances, causing wg(8) to keep trying forever. We now have a fix as well as a unit test to mitigate this, and we'll be looking to create a fuzzer out of Matt's nice library. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* at91: do not build image for at91-q5xr5Hauke Mehrtens2018-08-121-1/+1
| | | | | | | | The kernel image of the at91-q5xr5 is getting too bing now and this is breaking the build. Remove the image for the at91-q5xr5 from the build to at least build images for the other devices. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ath79: fix eth pll for ar913xChuanhong Guo2018-08-111-1/+1
| | | | | | PLL node is missing syscon in compatible string. Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
* ath79: add support for I-O DATA WN-AC1600DGR2INAGAKI Hiroshi2018-08-117-9/+257
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I-O DATA WN-AC1600DGR2 is a 2.4/5 GHz band 11ac router, based on Qualcomm Atheros QCA9557. Specification: - Qualcomm Atheros QCA9557 - 128 MB of RAM - 16 MB of Flash - 2.4/5 GHz wifi - 2.4 GHz: 2T2R (SoC internal) - 5 GHz: 3T3R (QCA9880) - 5x 10/100/1000 Mbps Ethernet - 6x LEDs, 6x keys (4x buttons, 1x slide switch) - UART header on PCB - Vcc, GND, TX, RX from ethernet port side - 115200n8 Flash instruction using factory image: 1. Connect the computer to the LAN port of WN-AC1600DGR2 2. Connect power cable to WN-AC1600DGR2 and turn on it 3. Access to "http://192.168.0.1/" and open firmware update page ("ファームウェア") 4. Select the OpenWrt factory image and click update ("更新") button 5. Wait ~150 seconds to complete flashing Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
* ath79: add support of D-Link DIR-825 B1Dmitry Tunin2018-08-114-0/+288
| | | | | | Add support for the ar71xx supported D-Link DIR-825 B1 to ath79. Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
* ath79: add ath9k calibration data MAC addresses patchingChristian Lamparter2018-08-111-0/+50
| | | | | | | | | | | | | | | | | | This patch copies over the MAC patching helper functions from lantiq's target/linux/lantiq/base-files/etc/hotplug.d/firmware/12-ath9k-eeprom file. Not all vendors bothered to write the correct MAC addresses for the ath9k wifi into the calibration data. And while ath9k does have some special dt-properties to extract the addresses from a fixed position, there are still devices that require userspace to edit or modify the caldata. In my case, the MAC address for the Wi-Fi device is stored in an unsorted key-value based "nvram" database and there's an existing userspace tool to extract the data. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* base-files: add function to get mac as text from flashMathias Kresin2018-08-111-0/+23
| | | | | | | | | Add a function to get a mac stored as text from flash. The octets of the mac address need to be separated by any separator supported by macaddr_canonicalize(). Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com> Signed-off-by: Mathias Kresin <dev@kresin.me>
* base-files: use consistent coding styleMathias Kresin2018-08-111-8/+4
| | | | | | | | Add the opening bracket right after the function name, to do it the same way for all functions in this file. Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com> Signed-off-by: Mathias Kresin <dev@kresin.me>
* ath79: add support for TP-Link TL-WDR4900 v2Chuanhong Guo2018-08-114-2/+245
| | | | | | | | | | | | | | Specification: - SoC: Qualcomm Atheros QCA9558 - Flash: 8 MB - RAM: 128 MB - Ethernet: AR8327N with 5 GE ports. - Wireless radio: QCA9558 for 2.4G and AR9580 for 5G. Flash instruction: Upload the generated factory firmware on web interface. Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
* uci: bump to source date 2018-08-11Yousong Zhou2018-08-111-3/+3
| | | | | | Fixes segfault when parsing malformed delta lines Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* kernel: bump 4.14 to 4.14.62Koen Vandeputte2018-08-105-23/+10
| | | | | | | | | Refreshed all patches. Compile-tested on: cns3xxx, imx6, x86_64 Runtime-tested on: cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* kernel: bump 4.9 to 4.9.119Koen Vandeputte2018-08-105-97/+15
| | | | | | | | | | | | Refreshed all patches. Delete upstreamed patch: - 100-tcp-add-tcp_ooo_try_coalesce-helper.patch Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* wpa_supplicant: fix CVE-2018-14526John Crispin2018-08-101-0/+48
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unauthenticated EAPOL-Key decryption in wpa_supplicant Published: August 8, 2018 Identifiers: - CVE-2018-14526 Latest version available from: https://w1.fi/security/2018-1/ Vulnerability A vulnerability was found in how wpa_supplicant processes EAPOL-Key frames. It is possible for an attacker to modify the frame in a way that makes wpa_supplicant decrypt the Key Data field without requiring a valid MIC value in the frame, i.e., without the frame being authenticated. This has a potential issue in the case where WPA2/RSN style of EAPOL-Key construction is used with TKIP negotiated as the pairwise cipher. It should be noted that WPA2 is not supposed to be used with TKIP as the pairwise cipher. Instead, CCMP is expected to be used and with that pairwise cipher, this vulnerability is not applicable in practice. When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data field is encrypted using RC4. This vulnerability allows unauthenticated EAPOL-Key frames to be processed and due to the RC4 design, this makes it possible for an attacker to modify the plaintext version of the Key Data field with bitwise XOR operations without knowing the contents. This can be used to cause a denial of service attack by modifying GTK/IGTK on the station (without the attacker learning any of the keys) which would prevent the station from accepting received group-addressed frames. Furthermore, this might be abused by making wpa_supplicant act as a decryption oracle to try to recover some of the Key Data payload (GTK/IGTK) to get knowledge of the group encryption keys. Full recovery of the group encryption keys requires multiple attempts (128 connection attempts per octet) and each attempt results in disconnection due to a failure to complete the 4-way handshake. These failures can result in the AP/network getting disabled temporarily or even permanently (requiring user action to re-enable) which may make it impractical to perform the attack to recover the keys before the AP has already changes the group keys. By default, wpa_supplicant is enforcing at minimum a ten second wait time between each failed connection attempt, i.e., over 20 minutes waiting to recover each octet while hostapd AP implementation uses 10 minute default for GTK rekeying when using TKIP. With such timing behavior, practical attack would need large number of impacted stations to be trying to connect to the same AP to be able to recover sufficient information from the GTK to be able to determine the key before it gets changed. Vulnerable versions/configurations All wpa_supplicant versions. Acknowledgments Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU Leuven for discovering and reporting this issue. Possible mitigation steps - Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This can be done also on the AP side. - Merge the following commits to wpa_supplicant and rebuild: WPA: Ignore unauthenticated encrypted EAPOL-Key data This patch is available from https://w1.fi/security/2018-1/ - Update to wpa_supplicant v2.7 or newer, once available Signed-off-by: John Crispin <john@phrozen.org>
* tools: findutils: fix compilation with glibc 2.28Luis Araneda2018-08-101-0/+104
| | | | | | | Add a temporary workaround to compile with glibc 2.28 as some constants were removed and others made private Signed-off-by: Luis Araneda <luaraneda@gmail.com>