| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
| |
This fixes some recent security problems in hostapd.
See here for details: https://w1.fi/security/2022-1
* CVE-2022-23303
* CVE-2022-23304
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following security problems:
* Zeroize several intermediate variables used to calculate the expected
value when verifying a MAC or AEAD tag. This hardens the library in
case the value leaks through a memory disclosure vulnerability. For
example, a memory disclosure vulnerability could have allowed a
man-in-the-middle to inject fake ciphertext into a DTLS connection.
* Fix a double-free that happened after mbedtls_ssl_set_session() or
mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
(out of memory). After that, calling mbedtls_ssl_session_free()
and mbedtls_ssl_free() would cause an internal session buffer to
be free()'d twice. CVE-2021-44732
The sizes of the ipk changed on MIPS 24Kc like this:
182454 libmbedtls12_2.16.11-2_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 57f38e2c827e3be71d8b1709073e366afe011985)
|
|
|
|
|
|
|
|
|
|
| |
Switched to AUTORELEASE to avoid manual increments.
Release notes:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit fcfd741eb83520e496eb09de5f8b2f2b62792a80)
|
|
|
|
|
|
|
|
|
|
|
|
| |
The http://www.us.tcpdump.org mirror will go offline soon, only use the
normal download URL.
Reported-by: Denis Ovsienko <denis@ovsienko.info>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 18bdfc803bef00fad03f90b73b6e65c3c79cb397)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[rebased for OpenWrt 21.02 branch]
(cherry picked from commit 4dddb7ca3669e93d4da2b1ca43b8bc22bd007e48)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the following security problem:
The command-line argument parser in tcpdump before 4.99.0 has a buffer
overflow in tcpdump.c:read_infile(). To trigger this vulnerability the
attacker needs to create a 4GB file on the local filesystem and to
specify the file name as the value of the -F command-line argument of
tcpdump.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 8f5875c4e221453932f217a82f8c3092cacba3e5)
(cherry picked from commit 59e7ae8d65ab9a9315608a69565f6a4247d3b1ac)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a bugfix release. Changelog:
*) Avoid loading of a dynamic engine twice.
*) Fixed building on Debian with kfreebsd kernels
*) Prioritise DANE TLSA issuer certs over peer certs
*) Fixed random API for MacOS prior to 10.12
Patches were refreshed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 5beaa75d94c4a981c580905b84c7ef33caf0c3e2)
|
|
|
|
|
|
|
|
| |
The following patch was backported from upstream before and is not
needed any more:
package/kernel/mac80211/patches/ath/980-ath10k-fix-max-antenna-gain-unit.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When doing parallel build on a fast machine with bottleneck in i/o,
m_xt.so may start linking faster than dynsyms.list gets populated,
resulting in error:
ld:dynsyms.list:0: syntax error in dynamic list
Fix this by adding dynsyms.list as make dependency to m_xt.so
Described also here:
https://bugs.openwrt.org/index.php?do=details&task_id=3353
Change from v1:
- add dynsysms.list dependancy only when shared libs are enabled
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Fixes: FS#3353
(cherry-picked from commit edd53df16843a0a6380920ed17b88bfe7d26d71b)
|
|
|
|
|
|
|
| |
Follow up to commit 8fb714edd6e4340729e271139164a0163b027d68. Managed to
hit the very same issue again while playing with the NOR SPL builds.
Signed-off-by: Mathias Kresin <dev@kresin.me>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At least since gcc 7.3.0 (OpenWrt 18.06) lwr/lwl are used in the
assembly of LzmaProps_Decode. While the decission made by the compiler
looks perfect fine, it triggers some obscure hang on lantiq danube-s
v1.5 with MX29LV640EB NOR flash chips.
Only if the offset 1 is used, the hang can be observed. Using any other
offset works fine:
lwl s0,0(a1) - s0 == 0x6d000080
lwl s0,1(a1) - hangs
lwl s0,2(a1) - s0 == 0x0080xxxx
lwl s0,3(a1) - s0 == 0x80xxxxxx
It isn't clear whether it is a limitation of the flash chip, the EBU or
something else.
Force 8bit reads to prevent gcc optimizing the read with lwr/lwl
instructions.
Signed-off-by: Mathias Kresin <dev@kresin.me>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
e983a25 Update regulatory rules for Ecuador (EC)
a0bcb88 wireless-regdb: Update regulatory rules for Norway (NO) on 6 and 60 GHz
cdf854d wireless-regdb: Update regulatory rules for Germany (DE) on 6GHz
86cba52 wireless-regdb: reduce bandwidth for 5730-5850 and 5850-5895 MHz in US
6fa2384 wireless-regdb: remove PTMP-ONLY from 5850-5895 MHz for US
9839e1e wireless-regdb: recent FCC report and order allows 5850-5895 immediately
42dfaf4 wireless-regdb: update 5725-5850 MHz rule for GB
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit dbb4c47798b17112cb1eed2a309cdefd33b5f193)
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d76535c45e6e970b212744781431e152e90c1ce6)
|
|
|
|
|
|
|
|
|
| |
Backport of u-boot commit "includes: move openssl headers to include/u-boot"
https://github.com/u-boot/u-boot/commit/2b9912e6a7df7b1f60beb7942bd0e6fa5f9d0167
Fixes: FS#3955
Signed-off-by: Alan Swanson <reiver@improbability.net>
(cherry picked from commit 8db641049292035604f0e1fb788608fdea879eca)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refresh all patches.
This contains fixes for CVE-2020-3702
1. These patches (ath, ath9k, mac80211) were included in kernel
versions since 4.14.245 and 4.19.205. They fix security vulnerability
CVE-2020-3702 [1] similar to KrØØk, which was found by ESET [2].
Thank you Josef Schlehofer for reporting this problem.
[1] https://nvd.nist.gov/vuln/detail/CVE-2020-3702
[2] https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gcc 10 defaults to -fno-common, which causes an error
when linking.
Back-port the following Linux kernel commit to fix it:
e33a814e772c (scripts/dtc: Remove redundant YYLOC global declaration)
Tested on an Arch Linux host with gcc 10.1.0
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
(cherry picked from commit 8b870418f18d86761247633e57560ffa1c2485d0)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The package uses the host compiler to build the dtc binary. With gcc-10,
the option -fno-common is now the default behavior. Thus multiple
definitions of the same variable are now forbidden and results in following
error during linking:
HOSTLD scripts/dtc/dtc
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status
The easiest workaround is to add the upstream commit 018921ee79d3 ("Remove
redundant YYLOC global declaration").
Signed-off-by: Sven Eckelmann <sven@narfation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The package uses the host compiler to build the dtc binary. With gcc-10,
the option -fno-common is now the default behavior. Thus multiple
definitions of the same variable are now forbidden and results in following
error during linking:
HOSTLD scripts/dtc/dtc
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status
The easiest workaround is to add the upstream commit 018921ee79d3 ("Remove
redundant YYLOC global declaration").
Signed-off-by: Sven Eckelmann <sven@narfation.org>
|
|
|
|
|
|
|
| |
Backport a patch from upstream U-Boot to fix the compile with host GCC 10.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 8d143784cb8fafccdbcdc0bd5d1aa47d3d676f70)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The package uses the host compiler to build the dtc binary. With gcc-10,
the option -fno-common is now the default behavior. Thus multiple
definitions of the same variable are now forbidden and results in following
error during linking:
HOSTLD scripts/dtc/dtc
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status
The easiest workaround is to add the upstream commit 018921ee79d3 ("Remove
redundant YYLOC global declaration").
Signed-off-by: Sven Eckelmann <sven@narfation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The package uses the host compiler to build the dtc binary. With gcc-10,
the option -fno-common is now the default behavior. Thus multiple
definitions of the same variable are now forbidden and results in following
error during linking:
HOSTLD scripts/dtc/dtc
/usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
collect2: error: ld returned 1 exit status
The easiest workaround is to add the upstream commit 018921ee79d3 ("Remove
redundant YYLOC global declaration").
Signed-off-by: Sven Eckelmann <sven@narfation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This version fixes two vulnerabilities:
- SM2 Decryption Buffer Overflow (CVE-2021-3711)
Severity: High
- Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
Severity: Medium
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This sets the --cross-compile-prefix option when running Configure, so
that that it will not use the host gcc to figure out, among other
things, compiler defines. It avoids errors, if the host 'gcc' is
handled by clang:
mips-openwrt-linux-musl-gcc: error: unrecognized command-line option
'-Qunused-arguments'
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 2f75348923e564f1b73fbc32f7cabc355cd6e2b9)
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
| |
This update cherry picks following fix:
* ubusd: fix tx_queue linked list usage
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This update cherry picks following changes:
* cmake: add a possibility to set library version
* ubusd: protect against too-short messages
* ubusd: add per-client tx queue limit
* ubusd: convert tx_queue to linked list
* lua: avoid truncation of large numeric values
Fixes: FS#1525
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
| |
Add a support for setting of new `ABIVERSION` CMake define which allows
to control the SOVERSION used for the built shared library. This is
needed for downstream packaging to properly track breaking ABI changes
when updating to newer versions of the library.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(backported from commit 8edb1797d55d259c6eda18c89784f152328436fc)
|
|
|
|
|
|
|
|
|
|
|
|
| |
This rebases -ct changes on top of upstream stable kernel's latest code.
Including the wifi security fixes that recently went in.
Removed upstreamed 203-ath10k-Limit-available-channels-via-DT-ieee80211-fre.patch
and refreshed patches.
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [backport]
(backported from commit 2e10ed925e1e07c28570731a429efa5e7de3b826)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The zoneinfo packages are not installed per default so neither
/tmp/localtime nor /tmp/TZ is generated.
This patch mostly reverts the previous fix and instead incooperates a
solution suggested by Jo.
Fixes "base-files: fix zoneinfo support " 8af62ed
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 56bdb6bb9781f8a0bbec5fc3075b9d2b8d12f9a8)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The system init script currently sets /tmp/localinfo when zoneinfo is
populated. However, zoneinfo has spaces in it whereas the actual files
have _ instead of spaces. This made the if condition never return true.
Example failure when removing the if condition:
/tmp/localtime -> /usr/share/zoneinfo/America/Los Angeles
This file does not exist. America/Los_Angeles does.
Ran through shfmt -w -ci -bn -sr -s
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 8af62ede189aa504135db05474d34c9f8a1ed35d)
|
|
|
|
|
|
|
|
|
|
| |
The user can now enable the ACK timeout estimation algorithm (dynack)
for drivers that support it.
It is also expected that the distance config accepts the same values as:
$ iw phyX set distance XXX
Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
(cherry picked from commit a8a1ef856871dc8403ea9c0a3bb347c7120b0e65)
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
| |
The underlying logread process uses usock() to handle remote connections
which is able to handle both hostnames and IP addresses.
Ref: https://github.com/openwrt/luci/issues/5077
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit ec83fb9ced138b7945135adffb9ff0ba63b695ec)
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of adding all public signature keys from the openwrt-keyring
repository only add the key which is used to sign the OpenWrt 19.07
feeds and the 21.02 feeds to allow checking the next release.
If one of the other keys would be compromised this would not affect
users of 19.07 release builds.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
| |
49283916005d usign: add 21.02 release build pubkey
bc4d80f064f2 gpg: add OpenWrt 21.02 signing key
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 1bf6d70e60fdb45d81a8f10b90904cef38c73f70)
|
|
|
|
|
|
| |
The removed patches were applied upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
| |
This backports a fix from dropbear 2020.81.
CVE-2020-36254 description:
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes two related security vulnerabilities (CVE-2020-15078) which under
very specific circumstances allow tricking a server using delayed
authentication (plugin or management) into returning a PUSH_REPLY before
the AUTH_FAILED message, which can possibly be used to gather
information about a VPN setup.
This release also includes other bug fixes and improvements.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is primarily a maintenance release with bugfixes and improvements.
This release also fixes a security issue (CVE-2020-11810) which allows
disrupting service of a freshly connected client that has not yet
negotiated session keys. The vulnerability cannot be used to
inject or steal VPN traffic.
Release announcement:
https://openvpn.net/community-downloads/#heading-13812
Full list of changes:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry-picked from commit d7e98bd7c5316f95cc11635371a39c6c0e18b9a7)
|
|
|
|
|
|
|
|
|
|
|
| |
Backport two upstream commits that allow building
openvpn-openssl without OpenSSLs deprecated APIs.
Full changelog:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.8
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry-picked from commit bf43e5bbf91ca1a90df8dae3e2cce6bbb61d5cd9)
|
|
|
|
|
|
|
|
|
| |
This patch is already included in ppp-2.4.9 which is used in openwrt
master.
Backport this patch to openwrt-19.07.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
|
|
|
|
|
|
|
| |
Refreshed all patches.
Includes all fixes up to 4.19.184
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This version fixes 2 security vulnerabilities, among other changes:
- CVE-2021-3450: problem with verifying a certificate chain when using
the X509_V_FLAG_X509_STRICT flag.
- CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously
crafted renegotiation ClientHello message from a client.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 0bd0de7d43b3846ad0d7006294e1daaadfa7b532)
|
|
|
|
|
|
|
| |
Apparently it fixes some broken URLs and as a bonus it makes
cherry-picking of fixes easier.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.
Security fixes:
* Fix a buffer overflow in mbedtls_mpi_sub_abs()
* Fix an errorneous estimation for an internal buffer in
mbedtls_pk_write_key_pem()
* Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout()
* Guard against strong local side channel attack against base64 tables
by making access aceess to them use constant flow code
Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit dbde2bcf60b5d5f54501a4b440f25fe7d02fbe5d)
|
|
|
|
|
|
|
|
|
| |
This should fix the problem of mwlwifi-firmware-* not being found
when using the ImageBuilder.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9b3aaf1cdb873cc2a7b2f2ef4e72ddb716afba38)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Biggest fix for this version is CVE-2021-3336, which has already been
applied here. There are a couple of low severity security bug fixes as
well.
Three patches are no longer needed, and were removed; the one remaining
was refreshed.
This tool shows no ABI changes:
https://abi-laboratory.pro/index.php?view=objects_report&l=wolfssl&v1=4.6.0&v2=4.7.0
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit d1dfb577f1c0d5b1f1fa35000c9ad7abdb7d10ed)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
p2p_add_device() may remove the oldest entry if there is no room in the
peer table for a new peer. This would result in any pointer to that
removed entry becoming stale. A corner case with an invalid PD Request
frame could result in such a case ending up using (read+write) freed
memory. This could only by triggered when the peer table has reached its
maximum size and the PD Request frame is received from the P2P Device
Address of the oldest remaining entry and the frame has incorrect P2P
Device Address in the payload.
Fix this by fetching the dev pointer again after having called
p2p_add_device() so that the stale pointer cannot be used.
This fixes the following security vulnerabilities/bugs:
- CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c
in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision
discovery requests. It could result in denial of service or other
impact (potentially execution of arbitrary code), for an attacker
within radio range.
Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit 1ca5de13a153061feae260864d73d96f7c463785)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 86aeac4fc98f42ac0ce7e0dcf1cb240e16b28f8f.
The reverted commit introduced a cyclic dependency between
/lib/functions.sh and /lib/functions/system.sh. Further details
are found in 282e8173509a ("base-files: do not source system.sh
in functions.sh"), which was applied to master some time ago and
is included in 21.02.
With the current age of 19.07 branch, it seems safer to revert this
mostly cosmetic feature than investing further time into disentangling
the dependencies.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|