aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* OpenWrt v19.07.9: adjust config defaultsv19.07.9Hauke Mehrtens2022-02-171-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: Apply SAE/EAP-pwd side-channel attack update 2Hauke Mehrtens2022-02-135-1/+577
| | | | | | | | | This fixes some recent security problems in hostapd. See here for details: https://w1.fi/security/2022-1 * CVE-2022-23303 * CVE-2022-23304 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: Update to version 2.16.12Hauke Mehrtens2022-02-131-2/+2
| | | | | | | | | | | | | | | | | | | | | This fixes the following security problems: * Zeroize several intermediate variables used to calculate the expected value when verifying a MAC or AEAD tag. This hardens the library in case the value leaks through a memory disclosure vulnerability. For example, a memory disclosure vulnerability could have allowed a man-in-the-middle to inject fake ciphertext into a DTLS connection. * Fix a double-free that happened after mbedtls_ssl_set_session() or mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED (out of memory). After that, calling mbedtls_ssl_session_free() and mbedtls_ssl_free() would cause an internal session buffer to be free()'d twice. CVE-2021-44732 The sizes of the ipk changed on MIPS 24Kc like this: 182454 libmbedtls12_2.16.11-2_mips_24kc.ipk 182742 libmbedtls12_2.16.12-1_mips_24kc.ipk Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 57f38e2c827e3be71d8b1709073e366afe011985)
* mbedtls: update to 2.16.11Rosen Penev2022-02-131-2/+2
| | | | | | | | | | Switched to AUTORELEASE to avoid manual increments. Release notes: https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11 Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit fcfd741eb83520e496eb09de5f8b2f2b62792a80)
* tcpdump: libpcap: Remove http://www.us.tcpdump.org mirrorHauke Mehrtens2022-02-132-4/+2
| | | | | | | | | | | | The http://www.us.tcpdump.org mirror will go offline soon, only use the normal download URL. Reported-by: Denis Ovsienko <denis@ovsienko.info> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 18bdfc803bef00fad03f90b73b6e65c3c79cb397) Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> [rebased for OpenWrt 21.02 branch] (cherry picked from commit 4dddb7ca3669e93d4da2b1ca43b8bc22bd007e48)
* tcpdump: Fix CVE-2018-16301Hauke Mehrtens2022-02-132-1/+102
| | | | | | | | | | | | | This fixes the following security problem: The command-line argument parser in tcpdump before 4.99.0 has a buffer overflow in tcpdump.c:read_infile(). To trigger this vulnerability the attacker needs to create a 4GB file on the local filesystem and to specify the file name as the value of the -F command-line argument of tcpdump. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 8f5875c4e221453932f217a82f8c3092cacba3e5) (cherry picked from commit 59e7ae8d65ab9a9315608a69565f6a4247d3b1ac)
* openssl: bump to 1.1.1mEneas U de Queiroz2022-01-162-3/+3
| | | | | | | | | | | | | | This is a bugfix release. Changelog: *) Avoid loading of a dynamic engine twice. *) Fixed building on Debian with kfreebsd kernels *) Prioritise DANE TLSA issuer certs over peer certs *) Fixed random API for MacOS prior to 10.12 Patches were refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 5beaa75d94c4a981c580905b84c7ef33caf0c3e2)
* mac80211: Update to version 4.19.221Hauke Mehrtens2021-12-1421-104/+55
| | | | | | | | The following patch was backported from upstream before and is not needed any more: package/kernel/mac80211/patches/ath/980-ath10k-fix-max-antenna-gain-unit.patch Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iproute2: m_xt.so depends on dynsyms.listRoman Yeryomin2021-12-141-4/+5
| | | | | | | | | | | | | | | | | | | When doing parallel build on a fast machine with bottleneck in i/o, m_xt.so may start linking faster than dynsyms.list gets populated, resulting in error: ld:dynsyms.list:0: syntax error in dynamic list Fix this by adding dynsyms.list as make dependency to m_xt.so Described also here: https://bugs.openwrt.org/index.php?do=details&task_id=3353 Change from v1: - add dynsysms.list dependancy only when shared libs are enabled Signed-off-by: Roman Yeryomin <roman@advem.lv> Fixes: FS#3353 (cherry-picked from commit edd53df16843a0a6380920ed17b88bfe7d26d71b)
* uboot-lantiq: danube: fix hanging lzma kernel uncompression #2Mathias Kresin2021-11-271-0/+9
| | | | | | | Follow up to commit 8fb714edd6e4340729e271139164a0163b027d68. Managed to hit the very same issue again while playing with the NOR SPL builds. Signed-off-by: Mathias Kresin <dev@kresin.me>
* uboot-lantiq: danube: fix hanging lzma kernel uncompressionMathias Kresin2021-11-141-0/+48
| | | | | | | | | | | | | | | | | | | | | | | At least since gcc 7.3.0 (OpenWrt 18.06) lwr/lwl are used in the assembly of LzmaProps_Decode. While the decission made by the compiler looks perfect fine, it triggers some obscure hang on lantiq danube-s v1.5 with MX29LV640EB NOR flash chips. Only if the offset 1 is used, the hang can be observed. Using any other offset works fine: lwl s0,0(a1) - s0 == 0x6d000080 lwl s0,1(a1) - hangs lwl s0,2(a1) - s0 == 0x0080xxxx lwl s0,3(a1) - s0 == 0x80xxxxxx It isn't clear whether it is a limitation of the flash chip, the EBU or something else. Force 8bit reads to prevent gcc optimizing the read with lwr/lwl instructions. Signed-off-by: Mathias Kresin <dev@kresin.me>
* wireless-regdb: update to version 2021.08.28Christian Lamparter2021-11-071-2/+2
| | | | | | | | | | | | | e983a25 Update regulatory rules for Ecuador (EC) a0bcb88 wireless-regdb: Update regulatory rules for Norway (NO) on 6 and 60 GHz cdf854d wireless-regdb: Update regulatory rules for Germany (DE) on 6GHz 86cba52 wireless-regdb: reduce bandwidth for 5730-5850 and 5850-5895 MHz in US 6fa2384 wireless-regdb: remove PTMP-ONLY from 5850-5895 MHz for US 9839e1e wireless-regdb: recent FCC report and order allows 5850-5895 immediately 42dfaf4 wireless-regdb: update 5725-5850 MHz rule for GB Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit dbb4c47798b17112cb1eed2a309cdefd33b5f193)
* wireless-regdb: update to version 2021.04.21Felix Fietkau2021-11-071-2/+2
| | | | | Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit d76535c45e6e970b212744781431e152e90c1ce6)
* uboot-lantiq: fix sha1.h header clash when system libmd installedAlan Swanson2021-10-021-0/+172
| | | | | | | | | Backport of u-boot commit "includes: move openssl headers to include/u-boot" https://github.com/u-boot/u-boot/commit/2b9912e6a7df7b1f60beb7942bd0e6fa5f9d0167 Fixes: FS#3955 Signed-off-by: Alan Swanson <reiver@improbability.net> (cherry picked from commit 8db641049292035604f0e1fb788608fdea879eca)
* mac80211: Update to backports-4.19.207-1Hauke Mehrtens2021-09-2243-341/+341
| | | | | | | | | | | | | | | | | Refresh all patches. This contains fixes for CVE-2020-3702 1. These patches (ath, ath9k, mac80211) were included in kernel versions since 4.14.245 and 4.19.205. They fix security vulnerability CVE-2020-3702 [1] similar to KrØØk, which was found by ESET [2]. Thank you Josef Schlehofer for reporting this problem. [1] https://nvd.nist.gov/vuln/detail/CVE-2020-3702 [2] https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/ Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uboot-zynq: fix dtc compilation on host gcc 10Luis Araneda2021-09-131-0/+46
| | | | | | | | | | | | | gcc 10 defaults to -fno-common, which causes an error when linking. Back-port the following Linux kernel commit to fix it: e33a814e772c (scripts/dtc: Remove redundant YYLOC global declaration) Tested on an Arch Linux host with gcc 10.1.0 Signed-off-by: Luis Araneda <luaraneda@gmail.com> (cherry picked from commit 8b870418f18d86761247633e57560ffa1c2485d0)
* uboot-tegra: Fix build with GCC-10 as host compilerSven Eckelmann2021-09-131-0/+23
| | | | | | | | | | | | | | | | The package uses the host compiler to build the dtc binary. With gcc-10, the option -fno-common is now the default behavior. Thus multiple definitions of the same variable are now forbidden and results in following error during linking: HOSTLD scripts/dtc/dtc /usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here collect2: error: ld returned 1 exit status The easiest workaround is to add the upstream commit 018921ee79d3 ("Remove redundant YYLOC global declaration"). Signed-off-by: Sven Eckelmann <sven@narfation.org>
* uboot-mvebu: Fix build with GCC-10 as host compilerSven Eckelmann2021-09-131-0/+33
| | | | | | | | | | | | | | | | The package uses the host compiler to build the dtc binary. With gcc-10, the option -fno-common is now the default behavior. Thus multiple definitions of the same variable are now forbidden and results in following error during linking: HOSTLD scripts/dtc/dtc /usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here collect2: error: ld returned 1 exit status The easiest workaround is to add the upstream commit 018921ee79d3 ("Remove redundant YYLOC global declaration"). Signed-off-by: Sven Eckelmann <sven@narfation.org>
* uboot-layerscape: fix dtc compilation on host gcc 10Hauke Mehrtens2021-09-131-0/+46
| | | | | | | Backport a patch from upstream U-Boot to fix the compile with host GCC 10. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 8d143784cb8fafccdbcdc0bd5d1aa47d3d676f70)
* uboot-kirkwood: Fix build with GCC-10 as host compilerSven Eckelmann2021-09-131-0/+23
| | | | | | | | | | | | | | | | The package uses the host compiler to build the dtc binary. With gcc-10, the option -fno-common is now the default behavior. Thus multiple definitions of the same variable are now forbidden and results in following error during linking: HOSTLD scripts/dtc/dtc /usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here collect2: error: ld returned 1 exit status The easiest workaround is to add the upstream commit 018921ee79d3 ("Remove redundant YYLOC global declaration"). Signed-off-by: Sven Eckelmann <sven@narfation.org>
* uboot-sunxi: Fix build with GCC-10 as host compilerSven Eckelmann2021-09-131-0/+23
| | | | | | | | | | | | | | | | The package uses the host compiler to build the dtc binary. With gcc-10, the option -fno-common is now the default behavior. Thus multiple definitions of the same variable are now forbidden and results in following error during linking: HOSTLD scripts/dtc/dtc /usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here collect2: error: ld returned 1 exit status The easiest workaround is to add the upstream commit 018921ee79d3 ("Remove redundant YYLOC global declaration"). Signed-off-by: Sven Eckelmann <sven@narfation.org>
* openssl: bump to 1.1.1lEneas U de Queiroz2021-08-302-6/+5
| | | | | | | | | | | This version fixes two vulnerabilities: - SM2 Decryption Buffer Overflow (CVE-2021-3711) Severity: High - Read buffer overruns processing ASN.1 strings (CVE-2021-3712) Severity: Medium Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* openssl: use --cross-compile-prefix in ConfigureEneas U de Queiroz2021-08-301-3/+2
| | | | | | | | | | | | | | This sets the --cross-compile-prefix option when running Configure, so that that it will not use the host gcc to figure out, among other things, compiler defines. It avoids errors, if the host 'gcc' is handled by clang: mips-openwrt-linux-musl-gcc: error: unrecognized command-line option '-Qunused-arguments' Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Tested-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 2f75348923e564f1b73fbc32f7cabc355cd6e2b9)
* OpenWrt v19.07.8: revert to branch defaultsHauke Mehrtens2021-08-011-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* OpenWrt v19.07.8: adjust config defaultsv19.07.8Hauke Mehrtens2021-08-011-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ubus: update to version 2021-07-01Petr Štetiar2021-07-291-3/+3
| | | | | | | | This update cherry picks following fix: * ubusd: fix tx_queue linked list usage Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ubus: update to version 2021-06-03Petr Štetiar2021-07-291-4/+4
| | | | | | | | | | | | | This update cherry picks following changes: * cmake: add a possibility to set library version * ubusd: protect against too-short messages * ubusd: add per-client tx queue limit * ubusd: convert tx_queue to linked list * lua: avoid truncation of large numeric values Fixes: FS#1525 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ubus: backport SOVERSION supportPetr Štetiar2021-07-291-3/+5
| | | | | | | | | | | Add a support for setting of new `ABIVERSION` CMake define which allows to control the SOVERSION used for the built shared library. This is needed for downstream packaging to properly track breaking ABI changes when updating to newer versions of the library. Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Petr Štetiar <ynezz@true.cz> (backported from commit 8edb1797d55d259c6eda18c89784f152328436fc)
* ath10k-ct: add security fixesMichael Yartys2021-07-028-74/+35
| | | | | | | | | | | | This rebases -ct changes on top of upstream stable kernel's latest code. Including the wifi security fixes that recently went in. Removed upstreamed 203-ath10k-Limit-available-channels-via-DT-ieee80211-fre.patch and refreshed patches. Signed-off-by: Michael Yartys <michael.yartys@protonmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> [backport] (backported from commit 2e10ed925e1e07c28570731a429efa5e7de3b826)
* base-files: fix /tmp/TZ when zoneinfo not installedPaul Spooren2021-06-251-7/+4
| | | | | | | | | | | | | The zoneinfo packages are not installed per default so neither /tmp/localtime nor /tmp/TZ is generated. This patch mostly reverts the previous fix and instead incooperates a solution suggested by Jo. Fixes "base-files: fix zoneinfo support " 8af62ed Signed-off-by: Paul Spooren <mail@aparcar.org> (cherry picked from commit 56bdb6bb9781f8a0bbec5fc3075b9d2b8d12f9a8)
* base-files: fix zoneinfo supportRosen Penev2021-06-231-7/+9
| | | | | | | | | | | | | | | | | The system init script currently sets /tmp/localinfo when zoneinfo is populated. However, zoneinfo has spaces in it whereas the actual files have _ instead of spaces. This made the if condition never return true. Example failure when removing the if condition: /tmp/localtime -> /usr/share/zoneinfo/America/Los Angeles This file does not exist. America/Los_Angeles does. Ran through shfmt -w -ci -bn -sr -s Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 8af62ede189aa504135db05474d34c9f8a1ed35d)
* mac80211: distance config: allow "auto" as a valueAli MJ Al-Nasrawy2021-06-231-1/+2
| | | | | | | | | | The user can now enable the ACK timeout estimation algorithm (dynack) for drivers that support it. It is also expected that the distance config accepts the same values as: $ iw phyX set distance XXX Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com> (cherry picked from commit a8a1ef856871dc8403ea9c0a3bb347c7120b0e65)
* mac80211: Update to backports version 4.19.193-test1Hauke Mehrtens2021-06-0616-58/+58
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ubox: fix init script validation of log_ip optionJo-Philipp Wich2021-05-282-2/+2
| | | | | | | | | The underlying logread process uses usock() to handle remote connections which is able to handle both hostnames and IP addresses. Ref: https://github.com/openwrt/luci/issues/5077 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit ec83fb9ced138b7945135adffb9ff0ba63b695ec)
* openwrt-keyring: Only copy sign key for 19.07 and 21.02Hauke Mehrtens2021-05-161-2/+5
| | | | | | | | | | | Instead of adding all public signature keys from the openwrt-keyring repository only add the key which is used to sign the OpenWrt 19.07 feeds and the 21.02 feeds to allow checking the next release. If one of the other keys would be compromised this would not affect users of 19.07 release builds. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openwrt-keyring: add OpenWrt 21.02 GPG/usign keysPetr Štetiar2021-05-161-3/+3
| | | | | | | | 49283916005d usign: add 21.02 release build pubkey bc4d80f064f2 gpg: add OpenWrt 21.02 signing key Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 1bf6d70e60fdb45d81a8f10b90904cef38c73f70)
* mac80211: Update to backports version 4.19.189-1Hauke Mehrtens2021-05-0444-499/+146
| | | | | | The removed patches were applied upstream. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* dropbear: Fix CVE-2020-36254Hauke Mehrtens2021-05-031-0/+21
| | | | | | | | This backports a fix from dropbear 2020.81. CVE-2020-36254 description: scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openvpn: update to 2.4.11Magnus Kroken2021-05-022-3/+3
| | | | | | | | | | | | Fixes two related security vulnerabilities (CVE-2020-15078) which under very specific circumstances allow tricking a server using delayed authentication (plugin or management) into returning a PUSH_REPLY before the AUTH_FAILED message, which can possibly be used to gather information about a VPN setup. This release also includes other bug fixes and improvements. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* openvpn: update to 2.4.9Magnus Kroken2021-05-023-4/+4
| | | | | | | | | | | | | | | | This is primarily a maintenance release with bugfixes and improvements. This release also fixes a security issue (CVE-2020-11810) which allows disrupting service of a freshly connected client that has not yet negotiated session keys. The vulnerability cannot be used to inject or steal VPN traffic. Release announcement: https://openvpn.net/community-downloads/#heading-13812 Full list of changes: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9 Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry-picked from commit d7e98bd7c5316f95cc11635371a39c6c0e18b9a7)
* openvpn: update to 2.4.8Magnus Kroken2021-05-025-6/+129
| | | | | | | | | | | Backport two upstream commits that allow building openvpn-openssl without OpenSSLs deprecated APIs. Full changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.8 Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry-picked from commit bf43e5bbf91ca1a90df8dae3e2cce6bbb61d5cd9)
* ppp/pppoe-discovery: fix -W optionMartin Schiller2021-05-021-0/+60
| | | | | | | | | This patch is already included in ppp-2.4.9 which is used in openwrt master. Backport this patch to openwrt-19.07. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* mac80211: backport upstream fixesKoen Vandeputte2021-04-098-1/+354
| | | | | | | Refreshed all patches. Includes all fixes up to 4.19.184 Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
* openssl: bump to 1.1.1kEneas U de Queiroz2021-03-272-24/+23
| | | | | | | | | | | | | This version fixes 2 security vulnerabilities, among other changes: - CVE-2021-3450: problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag. - CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 0bd0de7d43b3846ad0d7006294e1daaadfa7b532)
* openssl: sync package download URLs with masterPetr Štetiar2021-03-271-3/+5
| | | | | | | Apparently it fixes some broken URLs and as a bonus it makes cherry-picking of fixes easier. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* mbedtls: update to 2.16.10Magnus Kroken2021-03-272-13/+13
| | | | | | | | | | | | | | | | | | | | This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues. Security fixes: * Fix a buffer overflow in mbedtls_mpi_sub_abs() * Fix an errorneous estimation for an internal buffer in mbedtls_pk_write_key_pem() * Fix a stack buffer overflow with mbedtls_net_poll() and mbedtls_net_recv_timeout() * Guard against strong local side channel attack against base64 tables by making access aceess to them use constant flow code Full release announcement: https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10 Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit dbde2bcf60b5d5f54501a4b440f25fe7d02fbe5d)
* mwlwifi: add PKG_FLAGS:=nonsharedDaniel Golle2021-03-241-0/+1
| | | | | | | | | This should fix the problem of mwlwifi-firmware-* not being found when using the ImageBuilder. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 9b3aaf1cdb873cc2a7b2f2ef4e72ddb716afba38) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* wolfssl: bump to v4.7.0-stableEneas U de Queiroz2021-03-065-92/+4
| | | | | | | | | | | | | | | Biggest fix for this version is CVE-2021-3336, which has already been applied here. There are a couple of low severity security bug fixes as well. Three patches are no longer needed, and were removed; the one remaining was refreshed. This tool shows no ABI changes: https://abi-laboratory.pro/index.php?view=objects_report&l=wolfssl&v1=4.6.0&v2=4.7.0 Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit d1dfb577f1c0d5b1f1fa35000c9ad7abdb7d10ed)
* hostapd: P2P: Fix a corner case in peer addition based on PD RequestStefan Lippers-Hollmann2021-03-062-1/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | | p2p_add_device() may remove the oldest entry if there is no room in the peer table for a new peer. This would result in any pointer to that removed entry becoming stale. A corner case with an invalid PD Request frame could result in such a case ending up using (read+write) freed memory. This could only by triggered when the peer table has reached its maximum size and the PD Request frame is received from the P2P Device Address of the oldest remaining entry and the frame has incorrect P2P Device Address in the payload. Fix this by fetching the dev pointer again after having called p2p_add_device() so that the stale pointer cannot be used. This fixes the following security vulnerabilities/bugs: - CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request") Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> (cherry picked from commit 1ca5de13a153061feae260864d73d96f7c463785)
* Revert "base-files: source functions.sh in /lib/functions/system.sh"Adrian Schmutzler2021-03-012-3/+1
| | | | | | | | | | | | | | | | This reverts commit 86aeac4fc98f42ac0ce7e0dcf1cb240e16b28f8f. The reverted commit introduced a cyclic dependency between /lib/functions.sh and /lib/functions/system.sh. Further details are found in 282e8173509a ("base-files: do not source system.sh in functions.sh"), which was applied to master some time ago and is included in 21.02. With the current age of 19.07 branch, it seems safer to revert this mostly cosmetic feature than investing further time into disentangling the dependencies. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>