aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* ucode: update to latest Git HEADJo-Philipp Wich2022-10-181-3/+3
| | | | | | | 00af065 fs: expose `getdelim()` functionality through `fd.read()` 21ace5e lexer: fixes for regex literal parsing Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: update to latest Git HEADJo-Philipp Wich2022-10-181-3/+3
| | | | | | 7ae5e14 fw4: gracefully handle `null` return values from `fd.read("line")` Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: use acme hotplugGlen Huang2022-10-182-1/+6
| | | | | | | Reload uhttpd after certificates are renewed with acme. Reviewed-by: Toke Høiland-Jørgensen <toke@toke.dk> Signed-off-by: Glen Huang <i@glenhuang.com>
* arm-trusted-firmware-mvebu: add Methode eDPU supportRobert Marko2022-10-171-1/+12
| | | | | | | Provide ATF support for Methode eDPU as well, this makes it easy for OpenWrt users to update the included U-boot+ATF combo. Signed-off-by: Robert Marko <robert.marko@sartura.hr>
* uboot-mvebu: add Methode eDPU supportRobert Marko2022-10-171-1/+7
| | | | | | | Add support for building for Methode eDPU board, no patches are needed as board has been upstreamed and is part of the 2022.10-rc releases. Signed-off-by: Robert Marko <robert.marko@sartura.hr>
* uboot-mvebu: update to 2022.10Robert Marko2022-10-174-101/+2
| | | | | | | | | | | | Update mvebu U-boot to 2022.10 to avoid backporting patches in order to support Methode eDPU. It also allows dropping existing patches as they are all backports. Tested-by: Andre Heider <a.heider@gmail.com> # espressobin-v3-v5-1gb-2cs Tested-by: Russell Morris <github@rkmorris.us> # espressobin-v3-v5-1gb-1cs Tested-by: Josef Schlehofer <pepe.schlehofer@gmail.com> [Turris Omnia] Signed-off-by: Robert Marko <robert.marko@sartura.hr>
* firewall4: update to latest Git HEADJo-Philipp Wich2022-10-151-3/+3
| | | | | | | | | | | | | | | 4fbf6d7 ruleset.uc: log forwarded traffic not matched by zone policies c7201a3 main.uc: reintroduce set reload restriction 756f1e2 ruleset: fix emitting set_mark/set_xmark rules with masks 3db4741 ruleset: properly handle zone names starting with a digit 43d8ef5 fw4: fix formatting of default log prefix 592ba45 main.uc: remove uneeded/wrong set reload restrictions b0a6bff tests: fix testcases 145e159 fw4: recognize `option log` and `option counter` in `config nat` sections ce050a8 fw4: fall back to device if l3_device is not available in ifstatus Fixes: #10639, #10965 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ucode: update to latest Git HEADJo-Philipp Wich2022-10-151-3/+3
| | | | | | | | | | | | | | | 4ae7072 fs: use `getline()` for line wise read operations 21ace5e lexer: fixes for regex literal parsing 00965fa lib: implement slice() function 76d396d main: implement print mode 7bbba78 compiler: optimize function return opcode generation a45f2a3 lexer: improve regex literal handling d64d5d6 vm: maintain export symbol tables per program f4b4ded uloop: task: gracefully handle absent output callback a58fe47 ubus: hold reference to underlying connection until deferred is concluded e23b58a lib: uc_system(): retry waitpid() on EINTR Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* rpcd: update to latest Git HEADJo-Philipp Wich2022-10-151-3/+3
| | | | | | 8c852b6 ucode: write ucode runtime exceptions to stderr Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* busybox: nslookup: ensure unique transaction IDs for the DNS queriesUwe Kleine-König2022-10-141-0/+42
| | | | | | | | | | | On machines with a coarse monotonic clock (here: TP-Link RE200 powered by a MediaTek MT7620A) it can happen that the two DNS requests (for A and AAAA) share the same transaction ID. If this happens the second reply is wrongly dropped and nslookup reports "No answer". Fix this by ensuring that the transaction IDs are unique. Signed-off-by: Uwe Kleine-König <uwe@kleine-koenig.org>
* mac80211: use board.json provided phy names in generated default configFelix Fietkau2022-10-141-51/+62
| | | | | | The phy will be automatically renamed on setup Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: change the default config for a renamed wiphyFelix Fietkau2022-10-141-21/+28
| | | | | | use option phy to reference the device instead of path/macaddr Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: fix detecting highest radio* config section indexFelix Fietkau2022-10-141-5/+10
| | | | | | Deal with gaps by iterating over existing sections instead of counting Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: rename phy according to board.json entries on bringupFelix Fietkau2022-10-141-3/+65
| | | | | | | This allows phy names specified in board.json to be used directly instead of the path option Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: change default ifname to <phy>-<type><index>Felix Fietkau2022-10-141-2/+17
| | | | | | | | This makes it clear, which phy a wlan device belongs to and also helps with telling them apart by including the mode in the ifname. Preparation for automatically renaming PHYs Signed-off-by: Felix Fietkau <nbd@nbd.name>
* base-files: add helper functions for adding wlan device entries to board.jsonFelix Fietkau2022-10-142-0/+19
| | | | | | | | | | | These will be used to give WLAN PHYs a specific name based on path specified in board.json. The platform board.d script can assign a specific order based on available slots (PCIe slots, WMAC device) and device tree configuration. This helps with maintaining config compatibility in case the device path changes due to kernel upgrades. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: update to the latest versionFelix Fietkau2022-10-141-3/+3
| | | | | | ea56013409d5 jshn.sh: add json_add_fields function for adding multiple fields at once Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iwinfo: update to the latest versionFelix Fietkau2022-10-141-3/+3
| | | | | | 0496c722f1d7 nl80211: fix issues with renamed wiphy and multiple phy per device Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: fix typo in netifd scriptFelix Fietkau2022-10-131-1/+1
| | | | | | Reported-by: Chad Monroe <chad.monroe@smartrg.com> Fixes: 590eaaeed59a ("mac80211: fix issues in HE capabilities") Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add measurement report value for beacon reportsNick Hainke2022-10-131-0/+1
| | | | | | | | | | | | | | | | | Add the measurement report value to the beacon reports send via ubus. It is possible to derive from the measurement report if a station refused to do a beacon report and why. It is important to know why a station refuses to do a beacon-report. In particular, we should not request a beacon report from a station again that refused a beacon-report before. The rejection reasons can be found by looking at the bits defined by: - MEASUREMENT_REPORT_MODE_ACCEPT - MEASUREMENT_REPORT_MODE_REJECT_LATE - MEASUREMENT_REPORT_MODE_REJECT_INCAPABLE - MEASUREMENT_REPORT_MODE_REJECT_REFUSED Suggested-by: Ian Clowes <clowes_ian@hotmail.com> Signed-off-by: Nick Hainke <vincent@systemli.org>
* mac80211: add patch that gives the driver more control over netdev offloadsFelix Fietkau2022-10-131-0/+513
| | | | | | This can be used to selectively disable checksum, SG or GSO offloads Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: backport security fixesFelix Fietkau2022-10-1316-3/+2059
| | | | | | | | | | | This mainly affects scanning and beacon parsing, especially with MBSSID enabled Fixes: CVE-2022-41674 Fixes: CVE-2022-42719 Fixes: CVE-2022-42720 Fixes: CVE-2022-42721 Fixes: CVE-2022-42722 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: fix issues in HE capabilitiesFelix Fietkau2022-10-131-10/+22
| | | | | | | | | | | Enable HE SU beamformee by default Fix spatial reuse configuration: - he_spr_sr_control is not a bool for enabling, it contains multiple bits which disable features that should be disabled by default - one of the features (PSR) can be enabled through he_spr_psr_enabled - add option to disable bss color / spatial reuse Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uboot-mediatek: fixes defconfig typo for UniFi 6 LRChukun Pan2022-10-111-1/+1
| | | | | | | CONFIG_CMD_MTDPART does not exist, fix it. Fixes: e9ad412 ("uboot-mediatek: add build for Ubiquiti Networks UniFi 6 LR") Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
* uboot-mediatek: fixes defconfig typo for Linksys E8450Chukun Pan2022-10-111-1/+1
| | | | | | | CONFIG_CMD_MTDPART does not exist, fix it. Fixes: ed50004 ("uboot-mediatek: add support for Linksys E8450") Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
* libnl-tiny: update to the latest versionChukun Pan2022-10-091-3/+3
| | | | | | | | | | c42d890 build static library 28c44ca genl_family: explicitly null terminate strncpy destination buffer This fixes the compilation with gcc 12. Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
* odhcp6c: respect 'delegate' option for 464XLAT sub-interfaceLech Perczak2022-10-092-1/+2
| | | | | | | | | dhcpv6.script contained support for disabling prefix delegation of 464XLAT sub-interface, but netifd protocol handler was missing the required export to disable this. Add missing export, akin to DS-Lite and MAP. Signed-off-by: Lech Perczak <lech.perczak@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* mac80211: sync rx STP fix with updated versionFelix Fietkau2022-10-071-12/+14
| | | | | | Add back skb length check and fix a minor issue in protocol detection Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: fix issues with receiving small STP packetsFelix Fietkau2022-10-072-0/+122
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* build: prefer HTTPS if available (for packages)Daniel Cousens2022-10-0511-17/+17
| | | | | | | | Changes PKG_SOURCE_URL's for arptables, bsdiff, dnsmasq, fortify-headers, ipset, ipset-dns, libaudit, libpcap, libressl, lua, lua5.3, tcpdump and valgrind, to HTTPS Signed-off-by: Daniel Cousens <github@dcousens.com>
* mac80211: fix compile error when mesh is disabledKoen Vandeputte2022-10-041-1/+3
| | | | | | | | | | | | | | | | | | | This fixes following compile error seen when building mac80211 with mesh disabled: .../backports-5.15.58-1/net/mac80211/agg-rx.c: In function 'ieee80211_send_addba_resp': ...backports-5.15.58-1/net/mac80211/agg-rx.c:255:17: error: 'struct sta_info' has no member named 'mesh' 255 | if (!sta->mesh) | ^~ sta_info.h shows this item as being optional based on flags: struct mesh_sta *mesh; Guard the check to fix this. Fixes: f96744ba6b ("mac80211: mask nested A-MSDU support for mesh") Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
* treewide: fix security issues by bumping all packages using libwolfsslPetr Štetiar2022-10-034-4/+4
| | | | | | | | | | | | | | | | | As wolfSSL is having hard time maintaining ABI compatibility between releases, we need to manually force rebuild of packages depending on libwolfssl and thus force their upgrade. Otherwise due to the ABI handling we would endup with possibly two libwolfssl libraries in the system, including the patched libwolfssl-5.5.1, but still have vulnerable services running using the vulnerable libwolfssl-5.4.0. So in order to propagate update of libwolfssl to latest stable release done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages using wolfSSL library. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* mac80211: mask nested A-MSDU support for meshDavid Bauer2022-10-021-0/+31
| | | | | | | | | | | | mac80211 incorrectly processes A-MSDUs contained in A-MPDU frames. This results in dropped packets and severely impacted throughput. As a workaround, don't indicate support for A-MSDUs contained in A-MPDUs. This improves throughput over mesh links by factor 10. Ref: https://github.com/openwrt/mt76/issues/450 Signed-off-by: David Bauer <mail@david-bauer.net>
* uboot-mvebu: backport LibreSSL patches for older version of LibreSSLJosef Schlehofer2022-10-022-0/+55
| | | | | | | | | | | | | If you would like to compile the newest version of U-boot together with the stable OpenWrt version, which does not have LibreSSL >= 3.5, which was updated in the master branch by commit 5451b03b7ceb2315445c683fe174e28bbdd49c2f ("tools/libressl: bump to v3.5.3"), then you need these two patches to fix it. They are backported from U-boot repository. This should be backported to stable OpenWrt versions. Reported-by: Michal Vasilek <michal.vasilek@nic.cz> Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* uboot-mvebu: backport patch to fix compilation on non glibc systemJosef Schlehofer2022-10-021-0/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | This issue was reported by @paper42, who is using Void Linux with musl to compile OpenWrt and its packages and found out it is not possible to compile U-boot for Turris Omnia (neither any other). It fixes following output: ``` HOSTCC tools/kwboot tools/kwboot.c: In function 'kwboot_tty_change_baudrate': tools/kwboot.c:662:6: error: 'struct termios' has no member named 'c_ospeed' 662 | tio.c_ospeed = tio.c_ispeed = baudrate; | ^ tools/kwboot.c:662:21: error: 'struct termios' has no member named 'c_ispeed' 662 | tio.c_ospeed = tio.c_ispeed = baudrate; | ^ tools/kwboot.c:690:31: error: 'struct termios' has no member named 'c_ospeed' 690 | if (!_is_within_tolerance(tio.c_ospeed, baudrate, 3)) | ^ tools/kwboot.c:693:31: error: 'struct termios' has no member named 'c_ispeed' 693 | if (!_is_within_tolerance(tio.c_ispeed, baudrate, 3)) | ``` Tested-by: Michal Vasilek <michal.vasilek@nic.cz> Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* trace-cmd: update to v3.1.3Nick Hainke2022-10-022-40/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove upstremed patch: - 100-tracecmd-add-NO_LIBZSTD-option-to-disable-libzstd.patch Changes: c65c02c trace-cmd: Version 3.1.3 14a7aca trace-cmd library: Add API for mapping between host and guests 9191b8e tracecmd extract: Allow using --compression. d63ae35 trace-cmd report: Add callback for kvm plugin to show guest functions 0c7ef72 trace-cmd library: Add man pages for iterator functions 3cd1b55 trace-cmd library: Add tracecmd_follow_event() 27ea9e1 libtracecmd: Add documentation on tracecmd_set/get_private() 3c544ad libtracecmd: Add a man pages for handling of time stamps 5baf7a3 libtracecmd: Add check-manpages.sh ee007a1 trace-cmd library: Make tracecmd_filter_match() local cb04105 tracecmd library documentation: Use star and not underscore for function names 54931be trace-cmd: Do not return zero length name for guest by name 43ffa27 trace-cmd: Close socket descriptor on failed connection 4744ca3 trace-cmd record/agent: Add --notimeout option e512b22 trace-cmd: Add compile time overrides for libraries a6fe935 trace-cmd: README: Add note on installing libtracecmd 067f45f trace-cmd: libtracecmd: Fixing linking to C++ code 689a0d4 tracecmd: Add NO_LIBZSTD option to disable libzstd 6bbcd3e trace-cmd report: Use library tracecmd_filter_*() logic 955d05f trace-cmd report: Make filter arguments match their files 82ed4a9 trace-cmd library: Add filtering logic for iterating events dbd8777 trace-cmd report: Use tracecmd_iterate_events_multi() 78a74b1 trace-cmd library: Allow callers to save private data in tracecmd_input handlers b37903a tracecmd library: Add tracecmd_iterate_events_multi() d83b662 tracecmd utest: Add test to test using the libraries to read 2cb6cc2 tracecmd library: Add tracecmd_iterate_events() 762839a tracecmd: Use make variable instead of if statement for zlib test 1504f3f trace-cmd: Document new proxy args for {agent,record} 9a1c5d7 trace-cmd record: Keep --proxy from being passed to agents ef8a8d7 trace-cmd libs: Initialize msg to NULL tracecmd_msg_read_data() 39ec10a trace-cmd: Do not use instance from trace context Signed-off-by: Nick Hainke <vincent@systemli.org>
* libtracefs: update to 1.5.0Nick Hainke2022-10-021-2/+2
| | | | | | | | | | | | | | | | | | | | | | Changes: 93f4d52 libtracefs: version 1.5 bc857db libtracefs: Add tracefs_u{ret}probe_alloc to generic man page db55441 libtracefs: Add tracefs_debug_dir() to generic libtracefs man page d2d5924 libtracefs: Add test instructions for openSUSE 4a7b475 libtracefs: Fix test suite typo ee8c644 libtracefs: Add tracefs_tracer_available() helper 799d88e libtracefs: Add API to set custom tracing directory 1bb00d1 libtracefs: allow pthread inclusion overrideable in Makefile 04651d0 libtracefs sqlhist: Allow pointers to match longs 9de59a0 libtracefs: Remove double free attempt of new_event in tracefs_synth_echo_cmd() 0aaa86a libtracefs: Fix use after free in tracefs_synth_alloc() d2d5340 libtracefs: Add missed_events to record 9aaa8b0 libtracefs: Set the number of CPUs in tracefs_local_events_system() 56a0ba0 libtracefs: Return negative number when tracefs_filter_string_append() fails c5f849f libtracefs: Set the long size of the tep handle in tracefs_local_events_system() 5c8103e revert: 0de961e74f96 ("libtracefs: Set visibility of parser symbols as 'internal'") Signed-off-by: Nick Hainke <vincent@systemli.org>
* libtraceevent: update to 1.6.3Nick Hainke2022-10-021-2/+2
| | | | | | | | | | | | | | | | | | | | | | | Changes: fda4ad9 libtraceevent: version 1.6.3 d02a61e libtraceevent: Add man pages for tep_plugin_kvm_get/put_func() 6643bf9 libtraceevent: Have kvm_exit/enter be able to show guest function a596299 libtraceevent: Add tep_print_field() to check-manpages.sh deprecated 065c9cd libtraceevent: Add man page documentation of tep_get_sub_buffer_size() 6e18ecc libtraceevent: Add man page for tep_plugin_add_option() 6738713 libtraceevent: Add some missing functions to generic libtraceevent man page deefe29 libtraceevent: Include meta data functions in libtraceevent man pages cf6dd2d libtraceevent: Add tep_get_function_count() to libtraceevent man page 5bfc11e libtraceevent: Add printk documentation to libtraceevent man page 65c767b libtraceevent: Update man page to reflect tep_is_pid_registered() rename 7cd173f libtraceevent: Add check-manpages.sh fd6efc9 libtraceevent: Documentation: Correct typo in example 5c375b0 libtraceevent: Fixing linking to C++ code 7839fc2 libtraceevent: Makefile - set LIBS as conditional assignment c5493e7 libtraceevent: Remove double assignment of val in eval_num_arg() efd3289 libtraceevent: Add warnings if fields are outside the event Signed-off-by: Nick Hainke <vincent@systemli.org>
* popt: update to 1.19Nick Hainke2022-10-022-2/+28
| | | | | | | Add patch to fix compilation: - 100-configure.ac-remove-require-gettext-version.patch Signed-off-by: Nick Hainke <vincent@systemli.org>
* libcap: update to 2.66Nick Hainke2022-10-021-2/+2
| | | | | | | | | | | | | | 4f96e67 Up the release version to 2.66 60ff008 Fix typos in the cap_from_text.3 man page. 281b6e4 Add captrace to .gitignore file 09a2c1d Add an example of using BPF kprobing to trace capability use. 26e3a09 Clean up getpcaps code. fc804ac getpcaps: catch PID parsing errors. fc437fd Fix an issue with bash displaying an error. 7db9589 Some more simplifications for building 27e801b Fix for "make clean ; make -j48 test" Signed-off-by: Nick Hainke <vincent@systemli.org>
* mt76: update to the latest versionFelix Fietkau2022-10-011-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | e4fa68a9b3b3 linux-firmware: update firmware for MT7921 WiFi device 60fcf08fe659 linux-firmware: update firmware for MT7921 WiFi device 9d601f4eee8f linux-firmware: update firmware for MT7922 WiFi device e49b6063fb4b wifi: mt76: move mt76_rate_power from core to mt76x02 driver code 3f27f6adb1ab wifi: mt76: mt76x02: simplify struct mt76x02_rate_power c07f3d2d5ede wifi: mt76: mt7921: fix antenna signal are way off in monitor mode 9059a5de3bd0 wifi: mt76: Remove unused inline function mt76_wcid_mask_test() d75f15ddeb90 wifi: mt76: mt7915: fix bounds checking for tx-free-done command 06df7e689294 wifi: mt76: mt7915: reserve 8 bits for the index of rf registers ad3d0f8db00b wifi: mt76: mt7915: rework eeprom tx paths and streams init 66065073177b wifi: mt76: mt7915: deal with special variant of mt7916 b0114a0abb57 wifi: mt76: mt7915: rework testmode tx antenna setting 6dee964e1f36 wifi: mt76: connac: introduce mt76_connac_spe_idx() 48c116d92939 wifi: mt76: mt7915: add spatial extension index support db6db4ded0fd wifi: mt76: mt7915: set correct antenna for radar detection on MT7915D 2b8f56a72d76 wifi: mt76: mt7915: fix mt7915_mac_set_timing() d554a02554db wifi: mt76: mt7915: move wed init routines in mmio.c 61ce40e65852 wifi: mt76: mt7915: enable wed for mt7986 chipset 584a96ec4a0f wifi: mt76: mt7915: enable wed for mt7986-wmac chipset 172d68b6253d mt76: mt76x02: fix vht rate power array overrun 72b87836d368 Revert "mt76: use IEEE80211_OFFLOAD_ENCAP_ENABLED instead of MT_DRV_AMSDU_OFFLOAD" Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ubnt-ledbar: make package available on other targetsDaniel Golle2022-09-301-2/+2
| | | | | | | | As also ramips/mt7621 now has a user of the ubnt-ledbar driver, make the package available on all targets by removing the dependency on @TARGET_mediatek_mt7622. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* kernel: remove hack patch, move kirkwood specific kmods to target modules.mkFelix Fietkau2022-09-302-32/+0
| | | | | | | Tweaking the KCONFIG line of kmod-ata-marvell-sata makes the hack patch unnecessary Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: move ubnt ledbar driver to a separate packageFelix Fietkau2022-09-303-0/+290
| | | | | | | Simplifies the tree by removing a non-upstream kernel patch and related kconfig symbols Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: fix decap offload for stations on AP_VLAN interfacesFelix Fietkau2022-09-301-0/+37
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173)Petr Štetiar2022-09-291-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Fixes denial of service attack and buffer overflow against TLS 1.3 servers using session ticket resumption. When built with --enable-session-ticket and making use of TLS 1.3 server code in wolfSSL, there is the possibility of a malicious client to craft a malformed second ClientHello packet that causes the server to crash. This issue is limited to when using both --enable-session-ticket and TLS 1.3 on the server side. Users with TLS 1.3 servers, and having --enable-session-ticket, should update to the latest version of wolfSSL. Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France" for research on tlspuffin. Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable Fixes: CVE-2022-39173 Fixes: https://github.com/openwrt/luci/issues/5962 References: https://github.com/wolfSSL/wolfssl/issues/5629 Tested-by: Kien Truong <duckientruong@gmail.com> Reported-by: Kien Truong <duckientruong@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* Revert "wolfssl: fix TLSv1.3 RCE in uhttpd by using latest 5.5.1-stable release"Petr Štetiar2022-09-291-2/+2
| | | | | | | | This reverts commit a596a8396b1ef23cd0eda22d9a628392e70e1e1a as I've just discovered private email, that the issue has CVE-2022-39173 assigned so I'm going to reword the commit and push it again. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* wolfssl: refresh patchesPetr Štetiar2022-09-292-3/+3
| | | | | | So they're tidy and apply cleanly. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* wolfssl: fix TLSv1.3 RCE in uhttpd by using latest 5.5.1-stable releasePetr Štetiar2022-09-291-2/+2
| | | | | | | | | | | | | | | | | | | | | Fixes denial of service attack and buffer overflow against TLS 1.3 servers using session ticket resumption. When built with --enable-session-ticket and making use of TLS 1.3 server code in wolfSSL, there is the possibility of a malicious client to craft a malformed second ClientHello packet that causes the server to crash. This issue is limited to when using both --enable-session-ticket and TLS 1.3 on the server side. Users with TLS 1.3 servers, and having --enable-session-ticket, should update to the latest version of wolfSSL. Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France" for research on tlspuffin. Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable Fixes: https://github.com/openwrt/luci/issues/5962 References: https://github.com/wolfSSL/wolfssl/issues/5629 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* qos-scripts: fix trailing whitespace in config filesManas Sambhus2022-09-274-8/+7
| | | | Signed-off-by: Manas Sambhus <manas.sambhus+github@gmail.com>