Hauke Mehrtens [Sun, 26 Dec 2021 22:38:52 +0000 (23:38 +0100)]
tcpdump: libpcap: Remove www.us.tcpdump.org mirror
The http://www.us.tcpdump.org mirror will go offline soon, only use the
normal download URL.
Reported-by: Denis Ovsienko <denis@ovsienko.info>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
18bdfc803bef00fad03f90b73b6e65c3c79cb397)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[rebased for OpenWrt 21.02 branch]
(cherry picked from commit
4dddb7ca3669e93d4da2b1ca43b8bc22bd007e48)
Hauke Mehrtens [Sat, 12 Feb 2022 19:37:12 +0000 (20:37 +0100)]
hostapd: Apply SAE/EAP-pwd side-channel attack update 2
This fixes some recent security problems in hostapd.
See here for details: https://w1.fi/security/2022-1
* CVE-2022-23303
* CVE-2022-23304
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 29 Jan 2022 10:56:27 +0000 (11:56 +0100)]
mbedtls: Update to version 2.16.12
This fixes the following security problems:
* Zeroize several intermediate variables used to calculate the expected
value when verifying a MAC or AEAD tag. This hardens the library in
case the value leaks through a memory disclosure vulnerability. For
example, a memory disclosure vulnerability could have allowed a
man-in-the-middle to inject fake ciphertext into a DTLS connection.
* Fix a double-free that happened after mbedtls_ssl_set_session() or
mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
(out of memory). After that, calling mbedtls_ssl_session_free()
and mbedtls_ssl_free() would cause an internal session buffer to
be free()'d twice. CVE-2021-44732
The sizes of the ipk changed on MIPS 24Kc like this:
182454 libmbedtls12_2.16.11-2_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
57f38e2c827e3be71d8b1709073e366afe011985)
Rosen Penev [Tue, 13 Jul 2021 20:27:09 +0000 (13:27 -0700)]
mbedtls: update to 2.16.11
Switched to AUTORELEASE to avoid manual increments.
Release notes:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
fcfd741eb83520e496eb09de5f8b2f2b62792a80)
Rafał Miłecki [Tue, 1 Mar 2022 17:46:27 +0000 (18:46 +0100)]
base-files: call "sync" after initial setup
OpenWrt uses a lot of (b)ash scripts for initial setup. This isn't the
best solution as they almost never consider syncing files / data. Still
this is what we have and we need to try living with it.
Without proper syncing OpenWrt can easily get into an inconsistent state
on power cut. It's because:
1. Actual (flash) inode and data writes are not synchronized
2. Data writeback can take up to 30 seconds (dirty_expire_centisecs)
3. ubifs adds extra 5 seconds (dirty_writeback_centisecs) "delay"
Some possible cases (examples) for new files:
1. Power cut during 5 seconds after write() can result in all data loss
2. Power cut happening between 5 and 35 seconds after write() can result
in empty file (inode flushed after 5 seconds, data flush queued)
Above affects e.g. uci-defaults. After executing some migration script
it may get deleted (whited out) without generated data getting actually
written. Power cut will result in missing data and deleted file.
There are three ways of dealing with that:
1. Rewriting all user-space init to proper C with syncs
2. Trying bash hacks (like creating tmp files & moving them)
3. Adding sync and hoping for no power cut during critical section
This change introduces the last solution that is the simplest. It
reduces time during which things may go wrong from ~35 seconds to
probably less than a second. Of course it applies only to IO operations
performed before /etc/init.d/boot . It's probably the stage when the
most new files get created.
All later changes are usually done using smarter C apps (e.g. busybox or
uci) that creates tmp files and uses rename() that is expected to be
atomic.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
(cherry picked from commit
9851d4b6ce6e89d164a04803817625a9041b060a)
Martin Schiller [Wed, 16 Mar 2022 14:04:56 +0000 (15:04 +0100)]
openssl: bump to 1.1.1n
This is a bugfix release. Changelog:
*) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
forever for non-prime moduli. (CVE-2022-0778)
*) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK
(RFC 5489) to the list of ciphersuites providing Perfect Forward
Secrecy as required by SECLEVEL >= 3.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(cherry picked from commit
e17c6ee62770005e398364ee5d955c9a8ab6f016)
Petr Štetiar [Thu, 24 Mar 2022 05:45:04 +0000 (06:45 +0100)]
zlib: backport security fix for a reproducible crash in compressor
Tavis has just reported, that he was recently trying to track down a
reproducible crash in a compressor. Believe it or not, it really was a
bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs.
Tavis has reported it upstream, but it turns out the issue has been
public since 2018, but the patch never made it into a release. As far as
he knows, nobody ever assigned it a CVE.
Runtime tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia.
Suggested-by: Tavis Ormandy <taviso@gmail.com>
References: https://www.openwall.com/lists/oss-security/2022/03/24/1
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
b3aa2909a79aeff20d594160b207a89dc807c033)
(cherry picked from commit
3965dda0fa70dc9408f1a2e55a3ddefde78bd50e)
(cherry picked from commit
f65edc9b990c2bcc10c9e9fca29253adc6fe316d)
RISCi_ATOM [Mon, 28 Mar 2022 16:55:36 +0000 (12:55 -0400)]
kernel: Bump to 4.14.273
RISCi_ATOM [Fri, 21 Jan 2022 18:45:17 +0000 (13:45 -0500)]
librecmc: Bump to v1.5.8
RISCi_ATOM [Fri, 14 Jan 2022 18:23:36 +0000 (13:23 -0500)]
tor: Bump to 0.4.5.10
RISCi_ATOM [Thu, 13 Jan 2022 19:14:23 +0000 (14:14 -0500)]
libgpg-error : Bump to 1.42
Fixes cross-compilation issues among other things.
RISCi_ATOM [Thu, 13 Jan 2022 19:08:54 +0000 (14:08 -0500)]
kernel: Bump to 4.14.261
RISCi_ATOM [Mon, 3 Jan 2022 20:08:17 +0000 (15:08 -0500)]
openssl: bump to 1.1.1m
RISCi_ATOM [Mon, 3 Jan 2022 20:06:28 +0000 (15:06 -0500)]
kernel: Bump to 4.14.260
RISCi_ATOM [Fri, 31 Dec 2021 17:53:50 +0000 (12:53 -0500)]
wolfssl: Bump to 4.8.1
RISCi_ATOM [Wed, 29 Dec 2021 20:15:49 +0000 (15:15 -0500)]
base: Update python requirements
RISCi_ATOM [Fri, 17 Dec 2021 18:40:38 +0000 (13:40 -0500)]
wireguard : Bump to v1.0.
20211208
Bump wireguard to v1.0.
20211208 and wireguard-tools to v1.0.
20210914
RISCi_ATOM [Fri, 17 Dec 2021 18:08:14 +0000 (13:08 -0500)]
kernel: bump 4.14 to 4.14.254
RISCi_ATOM [Fri, 17 Dec 2021 17:16:50 +0000 (12:16 -0500)]
mac80211: Update to version 4.19.221
Christian Lamparter [Sat, 23 Oct 2021 16:08:51 +0000 (18:08 +0200)]
wireless-regdb: update to version 2021.08.28
e983a25 Update regulatory rules for Ecuador (EC)
a0bcb88 wireless-regdb: Update regulatory rules for Norway (NO) on 6 and 60 GHz
cdf854d wireless-regdb: Update regulatory rules for Germany (DE) on 6GHz
86cba52 wireless-regdb: reduce bandwidth for 5730-5850 and 5850-5895 MHz in US
6fa2384 wireless-regdb: remove PTMP-ONLY from 5850-5895 MHz for US
9839e1e wireless-regdb: recent FCC report and order allows 5850-5895 immediately
42dfaf4 wireless-regdb: update 5725-5850 MHz rule for GB
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit
dbb4c47798b17112cb1eed2a309cdefd33b5f193)
Felix Fietkau [Fri, 21 May 2021 12:29:31 +0000 (14:29 +0200)]
wireless-regdb: update to version 2021.04.21
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
d76535c45e6e970b212744781431e152e90c1ce6)
Rosen Penev [Thu, 4 Mar 2021 02:00:26 +0000 (18:00 -0800)]
tools/m4: update to 1.4.19
Remove upstreamed patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
fc9682ed3961e098ace708ca1ca41c2239a4e2ee)
RISCi_ATOM [Thu, 30 Sep 2021 21:21:11 +0000 (17:21 -0400)]
librecmc: Bump version to 1.5.7
RISCi_ATOM [Thu, 30 Sep 2021 21:11:38 +0000 (17:11 -0400)]
luci: Remove jsmin from luci and use the jsmin Python module instead.
The project is being forced to remove jsmin from luci due to it being under the infamous JSON license.
This commit removes jsmin and, as a result, the jsmin Python module will need to be installed
in order to build libreCMC / luci.
RISCi_ATOM [Thu, 30 Sep 2021 15:12:47 +0000 (11:12 -0400)]
mac80211: Update to backports-4.19.207-1
Refresh all patches.
This contains fixes for CVE-2020-3702
1. These patches (ath, ath9k, mac80211) were included in kernel
versions since 4.14.245 and 4.19.205. They fix security vulnerability
CVE-2020-3702 [1] similar to KrØØk, which was found by ESET [2].
Thank you Josef Schlehofer for reporting this problem.
[1] https://nvd.nist.gov/vuln/detail/CVE-2020-3702
[2] https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
See upstream commit :
123d12eada9a8d63e790af372f30359415812228
RISCi_ATOM [Thu, 30 Sep 2021 15:12:15 +0000 (11:12 -0400)]
kernel: Bump to 4.14.248-gnu1
RISCi_ATOM [Wed, 8 Sep 2021 21:11:42 +0000 (17:11 -0400)]
kernel: Bump to 4.14.246
Bumps the kernel 4.14.246 and addresses recent linux-libre kernel issues [1].
[1] https://www.fsfla.org/pipermail/linux-libre/2021-August/003439.html
RISCi_ATOM [Wed, 8 Sep 2021 21:08:50 +0000 (17:08 -0400)]
openssl: bump to 1.1.1l
This version fixes two vulnerabilities:
- SM2 Decryption Buffer Overflow (CVE-2021-3711)
Severity: High
- Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
Severity: Medium
Upstream commits :
fdea0036a210427477b6cc1de7cee036e18aff39
40c03b101cf40af4a6f6e1efb4731edabfe88ea9
RISCi_ATOM [Sat, 3 Jul 2021 01:15:43 +0000 (21:15 -0400)]
librecmc: Bump to v1.5.6
RISCi_ATOM [Fri, 2 Jul 2021 15:22:21 +0000 (11:22 -0400)]
wireguard: Bump to v1.0.
20210606
RISCi_ATOM [Fri, 2 Jul 2021 14:45:38 +0000 (10:45 -0400)]
tor: Bump to 0.4.4.9
RISCi_ATOM [Thu, 1 Jul 2021 18:41:03 +0000 (14:41 -0400)]
kernel: Bump to 4.14.138
Hauke Mehrtens [Sat, 5 Jun 2021 22:36:57 +0000 (00:36 +0200)]
mac80211: Update to backports version 4.19.193-test1
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
RISCi_ATOM [Sat, 26 Jun 2021 23:11:18 +0000 (19:11 -0400)]
kernel: Bump to 4.14.237
RISCi_ATOM [Fri, 21 May 2021 15:59:31 +0000 (11:59 -0400)]
kernel: Bump to 4.14.232
RISCi_ATOM [Wed, 19 May 2021 20:20:56 +0000 (16:20 -0400)]
wireguard: bump to v1.0.
20210424
Bas Mevissen [Mon, 19 Apr 2021 23:08:19 +0000 (01:08 +0200)]
Extend checks on build prerequisites for building OpenWRT core
OpenWRT requires a number of Perl modules to be installed. It wasn't checking on all of them.
This patch adds checks for Perl FindBin, File::Copy, File::Compare and Thread::Queue modules.
Failing to install these, will have the build break at some point. By adding these to the
prereq-build.mk script, they are checked on forehand.
Tested on a Fedora 33 and 34 (beta) that was freshly installed. Fedora appears to
break up Perl modules into small packages that need to be installed for the build to succeed.
Signed-off-by: Bas Mevissen <abuse@basmevissen.nl>
(cherry picked from commit
f68c9474acf9a65b5a9538db8e45c173462487e3)
Rosen Penev [Mon, 30 Mar 2020 01:13:56 +0000 (18:13 -0700)]
prereq-build: test for perl's Data::Dumper
Required for installation of autoconf:
make[5]: Entering directory `/openwrt/build_dir/host/autoconf-2.69'
Making all in bin
make[6]: Entering directory `/openwrt/build_dir/host/autoconf-2.69/bin'
autom4te_perllibdir='..'/lib AUTOM4TE_CFG='../lib/autom4te.cfg'
../bin/autom4te -B '..'/lib -B '..'/lib --language M4sh --cache
'' --melt ./autoconf.as -o autoconf.in
Can't locate Data/Dumper.pm in @INC (@INC contains: ../lib
/usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl
/usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at
../lib/Autom4te/C4che.pm line 33.
BEGIN failed--compilation aborted at ../lib/Autom4te/C4che.pm line 33.
Compilation failed in require at ../bin/autom4te line 40.
BEGIN failed--compilation aborted at ../bin/autom4te line 40.
make[6]: *** [autoconf.in] Error 2
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
dc467eac38f2447b652b6680cf4af75b05fd6cd2)
Hauke Mehrtens [Sun, 2 May 2021 21:20:40 +0000 (23:20 +0200)]
mac80211: Update to backports version 4.19.189-1
The removed patches were applied upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 2 May 2021 15:35:16 +0000 (17:35 +0200)]
dropbear: Fix CVE-2020-36254
This backports a fix from dropbear 2020.81.
CVE-2020-36254 description:
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
RISCi_ATOM [Mon, 3 May 2021 14:10:20 +0000 (10:10 -0400)]
openvpn: Bump to 2.4.11
RISCi_ATOM [Thu, 1 Apr 2021 19:40:28 +0000 (15:40 -0400)]
kernel: Bump to 4.14.224
RISCi_ATOM [Thu, 1 Apr 2021 19:39:37 +0000 (15:39 -0400)]
wireguard: Bump to 1.0.
20210219
RISCi_ATOM [Tue, 30 Mar 2021 14:26:10 +0000 (10:26 -0400)]
librecmc: bump to v1.5.5
RISCi_ATOM [Tue, 30 Mar 2021 02:56:42 +0000 (22:56 -0400)]
luci: Add luci-app-unbound to base
RISCi_ATOM [Mon, 29 Mar 2021 18:19:08 +0000 (14:19 -0400)]
tools: mklibs Add HOST_CPPFLAGS to fix compilation w/ GCC11
Magnus Kroken [Sun, 14 Mar 2021 18:42:33 +0000 (19:42 +0100)]
mbedtls: update to 2.16.10
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.
Security fixes:
* Fix a buffer overflow in mbedtls_mpi_sub_abs()
* Fix an errorneous estimation for an internal buffer in
mbedtls_pk_write_key_pem()
* Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout()
* Guard against strong local side channel attack against base64 tables
by making access aceess to them use constant flow code
Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit
dbde2bcf60b5d5f54501a4b440f25fe7d02fbe5d)
Eneas U de Queiroz [Fri, 26 Mar 2021 17:46:29 +0000 (14:46 -0300)]
openssl: bump to 1.1.1k
This version fixes 2 security vulnerabilities, among other changes:
- CVE-2021-3450: problem with verifying a certificate chain when using
the X509_V_FLAG_X509_STRICT flag.
- CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously
crafted renegotiation ClientHello message from a client.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
0bd0de7d43b3846ad0d7006294e1daaadfa7b532)
RISCi_ATOM [Wed, 17 Mar 2021 17:04:44 +0000 (13:04 -0400)]
uboot-envtools: Add tpe-r1300
Stefan Lippers-Hollmann [Sat, 27 Feb 2021 22:55:08 +0000 (23:55 +0100)]
hostapd: P2P: Fix a corner case in peer addition based on PD Request
p2p_add_device() may remove the oldest entry if there is no room in the
peer table for a new peer. This would result in any pointer to that
removed entry becoming stale. A corner case with an invalid PD Request
frame could result in such a case ending up using (read+write) freed
memory. This could only by triggered when the peer table has reached its
maximum size and the PD Request frame is received from the P2P Device
Address of the oldest remaining entry and the frame has incorrect P2P
Device Address in the payload.
Fix this by fetching the dev pointer again after having called
p2p_add_device() so that the stale pointer cannot be used.
This fixes the following security vulnerabilities/bugs:
- CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c
in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision
discovery requests. It could result in denial of service or other
impact (potentially execution of arbitrary code), for an attacker
within radio range.
Fixes:
17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit
1ca5de13a153061feae260864d73d96f7c463785)
Raphaël Mélotte [Wed, 17 Feb 2021 14:58:16 +0000 (15:58 +0100)]
hostapd: backport ignoring 4addr mode enabling error
This is a backport of the upstream commit
58bbbb598144 ("nl80211: Ignore
4addr mode enabling error if it was already enabled").
nl80211_set_4addr_mode() could fail when trying to enable 4addr mode on
an interface that is in a bridge and has 4addr mode already enabled.
This operation would not have been necessary in the first place and this
failure results in disconnecting, e.g., when roaming from one backhaul
BSS to another BSS with Multi AP.
Avoid this issue by ignoring the nl80211 command failure in the case
where 4addr mode is being enabled while it has already been enabled.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
[bump PKG_RELEASE, more verbose commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
fb860b4e418c28a0f388f215e5acce103dcee1bf)
Eneas U de Queiroz [Sun, 21 Feb 2021 21:33:30 +0000 (18:33 -0300)]
wolfssl: bump to v4.7.0-stable
Biggest fix for this version is CVE-2021-3336, which has already been
applied here. There are a couple of low severity security bug fixes as
well.
Three patches are no longer needed, and were removed; the one remaining
was refreshed.
This tool shows no ABI changes:
https://abi-laboratory.pro/index.php?view=objects_report&l=wolfssl&v1=4.6.0&v2=4.7.0
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
d1dfb577f1c0d5b1f1fa35000c9ad7abdb7d10ed)
Petr Štetiar [Mon, 1 Mar 2021 12:29:19 +0000 (13:29 +0100)]
build: fix checks for GCC11
Fedora 34 already uses GCC11.
Reported-by: Marcin Juszkiewicz <marcin-openwrt@juszkiewicz.com.pl>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
cae69d558135456976b8fc6cb08530d1358cf6d5)
Eneas U de Queiroz [Wed, 17 Feb 2021 02:21:36 +0000 (23:21 -0300)]
openssl: bump to 1.1.1j
This fixes 4 security vulnerabilities/bugs:
- CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support
SSLv2, but the affected functions still exist. Considered just a bug.
- CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and
EVP_DecryptUpdate may overflow the output length argument in some
cases where the input length is close to the maximum permissable
length for an integer on the platform. In such cases the return value
from the function call will be 1 (indicating success), but the output
length value will be negative.
- CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to
create a unique hash value based on the issuer and serial number data
contained within an X509 certificate. However it was failing to
correctly handle any errors that may occur while parsing the issuer
field (which might occur if the issuer field is maliciously
constructed). This may subsequently result in a NULL pointer deref and
a crash leading to a potential denial of service attack.
- Fixed SRP_Calc_client_key so that it runs in constant time. This could
be exploited in a side channel attack to recover the password.
The 3 CVEs above are currently awaiting analysis.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit
482c9ff289c65480c8e7340e1740db24c62f91df)
Hauke Mehrtens [Mon, 8 Feb 2021 23:53:09 +0000 (00:53 +0100)]
wolfssl: Backport fix for CVE-2021-3336
This should fix CVE-2021-3336:
DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not
cease processing for certain anomalous peer behavior (sending an
ED22519, ED448, ECC, or RSA signature without the corresponding
certificate).
The patch is backported from the upstream wolfssl development branch.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
1f559cafe5cc1193a5962d40a2d938c66c783171)
Daniel Golle [Thu, 4 Feb 2021 01:01:36 +0000 (01:01 +0000)]
hostapd: fix P2P group information processing vulnerability
A vulnerability was discovered in how wpa_supplicant processing P2P
(Wi-Fi Direct) group information from active group owners.
This issue was discovered by fuzz testing of wpa_supplicant by Google's
OSS-Fuzz.
https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[added the missing patch]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry-picked from commit
7c8c4f1be648aff9f1072ee27a2cc8f6a4a788ef)
Baptiste Jonglez [Sun, 31 Jan 2021 15:40:40 +0000 (16:40 +0100)]
opkg: update to latest git HEAD of branch openwrt-19.07
c5dccea libopkg: fix md5sum calculation
7cad0c0 opkg_verify_integrity: better logging and error conditions
14d6480 download: purge cached packages that have incorrect checksum
456efac download: factor out the logic for building cache filenames
b145030 libopkg: factor out checksum and size verification
74bac7a download: remove compatibility with old cache naming scheme
Fixes: FS#2690
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Felix Fietkau [Sat, 2 Jan 2021 13:36:03 +0000 (14:36 +0100)]
wolfssl: enable HAVE_SECRET_CALLBACK
Fixes wpad-wolfssl build
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
55e23f2c02ae95e84613ed7d1cbf8aba557b8682)
Hauke Mehrtens [Fri, 1 Jan 2021 21:04:18 +0000 (22:04 +0100)]
wolfssl: Fix hostapd build with wolfssl 4.6.0
This fixes the following build problem in hostapd:
mipsel-openwrt-linux-musl/bin/ld: /builder/shared-workdir/build/tmp/ccN4Wwer.ltrans7.ltrans.o: in function `crypto_ec_point_add':
<artificial>:(.text.crypto_ec_point_add+0x170): undefined reference to `ecc_projective_add_point'
mipsel-openwrt-linux-musl/bin/ld: <artificial>:(.text.crypto_ec_point_add+0x18c): undefined reference to `ecc_map'
mipsel-openwrt-linux-musl/bin/ld: /builder/shared-workdir/build/tmp/ccN4Wwer.ltrans7.ltrans.o: in function `crypto_ec_point_to_bin':
<artificial>:(.text.crypto_ec_point_to_bin+0x40): undefined reference to `ecc_map'
Fixes:
ba40da9045f7 ("wolfssl: Update to v4.6.0-stable")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
e7d0d2e9dcaa0ff1197fb7beee139b6a5bd35c79)
Eneas U de Queiroz [Tue, 29 Dec 2020 17:49:20 +0000 (14:49 -0300)]
wolfssl: Update to v4.6.0-stable
This version fixes a large number of bugs and fixes CVE-2020-36177.
Full changelog at:
https://www.wolfssl.com/docs/wolfssl-changelog/
or, as part of the version's README.md:
https://github.com/wolfSSL/wolfssl/blob/v4.6.0-stable/README.md
Due a number of API additions, size increases from 374.7K to 408.8K for
arm_cortex_a9_vfpv3-d16. The ABI does not change from previous version.
Backported patches were removed; remaining patch was refreshed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
[added reference to CVE]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
ba40da9045f77feb04abe63eb8a92f13f9efe471)
Kevin Darbyshire-Bryant [Sun, 24 Jan 2021 10:24:29 +0000 (10:24 +0000)]
dnsmasq: backport fixes
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Hans Dedecker [Thu, 21 Jan 2021 20:02:41 +0000 (21:02 +0100)]
netifd: fix IPv6 routing loop on point-to-point links
753c351 interface-ip: add unreachable route if address is offlink
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Hans Dedecker [Thu, 21 Jan 2021 19:57:56 +0000 (20:57 +0100)]
odhcp6c: fix IPv6 routing loop on point-to-point links
64e1b4e ra: fix routing loop on point to point links
f16afb7 ra: align ifindex resolving
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
RISCi_ATOM [Fri, 22 Jan 2021 17:37:15 +0000 (12:37 -0500)]
Bump version to v1.5.4a
RISCi_ATOM [Fri, 22 Jan 2021 17:35:54 +0000 (12:35 -0500)]
kernel: bump to 4.14.216
Rosen Penev [Mon, 4 Jan 2021 00:28:43 +0000 (16:28 -0800)]
mbedtls: update to 2.16.9
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
f13b623f5e53a72b65f45cbaf56c73df35e70ed2)
Hauke Mehrtens [Mon, 11 Jan 2021 00:03:03 +0000 (01:03 +0100)]
dnsmasq: Backport some security updates
This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
overflow in sort_rrset() when DNSSEC is used. This can allow a remote
attacker to write arbitrary data into target device's memory that can
lead to memory corruption and other unexpected behaviors on the target
device.
* CVE-2020-25682:
Dnsmasq versions before 2.83 is susceptible to buffer overflow in
extract_name() function due to missing length check, when DNSSEC is
enabled. This can allow a remote attacker to cause memory corruption
on the target device.
* CVE-2020-25683:
Dnsmasq version before 2.83 is susceptible to a heap-based buffer
overflow when DNSSEC is enabled. A remote attacker, who can create
valid DNS replies, could use this flaw to cause an overflow in a heap-
allocated memory. This flaw is caused by the lack of length checks in
rtc1035.c:extract_name(), which could be abused to make the code
execute memcpy() with a negative size in get_rdata() and cause a crash
in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
A lack of proper address/port check implemented in Dnsmasq version <
2.83 reply_query function makes forging replies easier to an off-path
attacker.
* CVE-2020-25685:
A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
versions before 2.83 reply_query function allows remote attackers to
spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
Multiple DNS query requests for the same resource name (RRNAME) by
Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
traffic, using a birthday attack (RFC 5452), that can lead to DNS
cache poisoning.
* CVE-2020-25687:
Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
remote attacker, who can create valid DNS replies, could use this flaw
to cause an overflow in a heap-allocated memory. This flaw is caused
by the lack of length checks in rtc1035.c:extract_name(), which could
be abused to make the code execute memcpy() with a negative size in
sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
Service.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Thu, 31 Dec 2020 17:22:49 +0000 (18:22 +0100)]
glibc: update to latest 2.27 commit
daf88b1dd1 Add NEWS entry for CVE-2020-6096 (bug 25620)
b29853702e arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620]
bad8d5ff60 arm: CVE-2020-6096: fix memcpy and memmove for negative length [BZ #25620]
d64ad0a517 Fix use-after-free in glob when expanding ~user (bug 25414)
34ce87638c Fix array overflow in backtrace on PowerPC (bug 25423)
0df8ecff9e misc/test-errno-linux: Handle EINVAL from quotactl
26f5442ec1 <string.h>: Define __CORRECT_ISO_CPP_STRING_H_PROTO for Clang [BZ #25232]
4b64a4245c intl/tst-gettext: fix failure with newest msgfmt
dc7f51bda9 aarch64: Fix DT_AARCH64_VARIANT_PCS handling [BZ #26798]
8edc96aa33 aarch64: add HWCAP_ATOMICS to HWCAP_IMPORTANT
599ebfacc0 aarch64: Remove HWCAP_CPUID from HWCAP_IMPORTANT
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
RISCi_ATOM [Thu, 31 Dec 2020 14:46:19 +0000 (09:46 -0500)]
hostapd: add wpad-basic-wolfssl variant
Add package which provides size optimized wpad with support for just
WPA-PSK, SAE (WPA3-Personal), 802.11r and 802.11w.
RISCi_ATOM [Tue, 29 Dec 2020 04:36:28 +0000 (23:36 -0500)]
wireguard: Bump to v1.0.
20201221
RISCi_ATOM [Tue, 29 Dec 2020 03:21:56 +0000 (22:21 -0500)]
openvpn: Bump to 2.4.10
OpenVPN in the upstream 19.07 branch is no longer being
maintained; in master, openvpn has been removed from base and
was bump'ed to 2.5.x.
This moves openvpn forward with the last patches from 2.4.x
(excluding hotplug patches).
RISCi_ATOM [Mon, 28 Dec 2020 18:22:36 +0000 (13:22 -0500)]
kernel: bump 4.14 to 4.14.212
Refreshed all patches.
Removed patches because included in upstream:
- 315-v5.10-usbnet-ipeth-fix-connectivity-with-ios-14.patch
Hauke Mehrtens [Wed, 16 Dec 2020 16:23:59 +0000 (17:23 +0100)]
wireless-regdb: Update to version 2020.11.20
9efa1da wireless-regdb: update regulatory rules for Egypt (EG)
ede87f5 wireless-regdb: restore channel 12 & 13 limitation in the US
5bcafa3 wireless-regdb: Update regulatory rules for Croatia (HR)
4e052f1 wireless-regdb: Update regulatory rules for Pakistan (PK) on 5GHz
f9dfc58 wireless-regdb: update 5.8 GHz regulatory rule for GB
c19aad0 wireless-regdb: Update regulatory rules for Kazakhstan (KZ)
07057d3 wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
94d1b2508c38e21a5d1a45a4d80db2905bf1537c)
Petr Štetiar [Wed, 29 Apr 2020 21:11:05 +0000 (23:11 +0200)]
wireless-regdb: bump to latest release 2020-04-29
Update to latest release.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
493eef5b279a0455b76bfacabdec3af8bf642385)
Hauke Mehrtens [Sat, 5 Dec 2020 23:17:59 +0000 (00:17 +0100)]
mac80211: Update to version 4.19.161-1
The removed patches were applied upstream.
The changes to 357-mac80211-optimize-skb-resizing.patch are more
complex. I think the patch already took care of the new changes done
upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
RISCi_ATOM [Sun, 13 Dec 2020 20:58:22 +0000 (15:58 -0500)]
base: Remove libtirpc from base
nfs-kernel-server was moved back to the package feeed a while ago
and libtirpc is in the package feed.
RISCi_ATOM [Sat, 12 Dec 2020 23:46:33 +0000 (18:46 -0500)]
vpnc : Pull package from libreCMC src mirror vpnc svn repostiory is broken
RISCi_ATOM [Sat, 12 Dec 2020 23:45:04 +0000 (18:45 -0500)]
luci : Remove rpcd-mod-rad2-enc
RISCi_ATOM [Sat, 12 Dec 2020 01:58:59 +0000 (20:58 -0500)]
tor: update to version 0.4.4.6
RISCi_ATOM [Fri, 11 Dec 2020 15:40:59 +0000 (10:40 -0500)]
openssl: update to 1.1.1i
Fixes: CVE-2020-1971, defined as high severity, summarized as:
NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS
attack.
Upstream commit :
882ca13d923796438fd06badeb00dc95b7eb1467
David Bauer [Sun, 29 Nov 2020 18:14:05 +0000 (19:14 +0100)]
generic: ipeth: fix iOS 14 tethering
This fixes tethering with devices using iOS 14. Prior to this patch,
connections to remote endpoints were not possible while data transfers
between the OpenWrt device and the iOS endpoints worked fine.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit
f64496f30f2ef97124dc4e13a48ee0de9d51832e)
Andre Heider [Thu, 20 Aug 2020 06:06:37 +0000 (08:06 +0200)]
tools: always create $STAGING_DIR/usr/{include,lib}
rules.mk always passes these as -I/-L to the toolchain.
Fixes rare errors like:
cc1: error: staging_dir/target-aarch64_cortex-a53_musl/usr/include: No such file or directory [-Werror=missing-include-dirs]
Signed-off-by: Andre Heider <a.heider@gmail.com>
Acked-by: Paul Spooren <mail@aparcar.org>
Acked-by: Rosen Penev <rosenp@gmail.com>
[fixed merge conflict]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
b0cb305236524095bfd899449b0ad8eb821cb3bb)
Petr Štetiar [Fri, 27 Nov 2020 20:56:30 +0000 (21:56 +0100)]
download.pl: properly cleanup intermediate .hash file
It seems like after a build the /dl dir seems to now contain a .hash
file for each source file due to inproper cleanup so fix it by removing
those intermediate files before leaving the download action.
Fixes:
4e19cbc55335 ("download: handle possibly invalid local tarballs")
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
52a5d0d27f2557db99fc5435fbd7783b649cb9b2)
Petr Štetiar [Thu, 19 Nov 2020 15:32:46 +0000 (16:32 +0100)]
download: handle possibly invalid local tarballs
Currently it's assumed, that already downloaded tarballs are always
fine, so no checksum checking is performed and the tarball is used even
if it might be corrupted.
From now on, we're going to always check the downloaded tarballs before
considering them valid.
Steps to reproduce:
1. Remove cached tarball
rm dl/libubox-2020-08-06-
9e52171d.tar.xz
2. Download valid tarball again
make package/libubox/download
3. Invalidate the tarball
sed -i 's/PKG_MIRROR_HASH:=../PKG_MIRROR_HASH:=ff/' package/libs/libubox/Makefile
4. Now compile with corrupt tarball source
make package/libubox/{clean,compile}
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
4e19cbc553350b8146985367ba46514cf50e3393)
Petr Štetiar [Fri, 27 Nov 2020 21:50:32 +0000 (22:50 +0100)]
cmake.mk,rules.mk: fix host builds using CMake and ccache
Commit
f98878e4c17d ("cmake.mk: set C/CXX compiler for host builds as
well") has introduced regression as it didn't taken usage of ccache into
the account so fix it by handling ccache use cases as well.
In order to get this working we need to export HOSTCXX_NOCACHE in
rules.mk as well.
Fixes:
f98878e4c17d ("cmake.mk: set C/CXX compiler for host builds as well")
Reported-by: Ansuel Smith <ansuelsmth@gmail.com>
Tested-by: Ansuel Smith <ansuelsmth@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
524fb5646eec6147aadfdd508219f39bcf8ba8fc)
Rosen Penev [Thu, 26 Nov 2020 00:08:57 +0000 (16:08 -0800)]
cmake.mk: set C/CXX compiler for host builds as well
Without this, cmake will use whatever CC/CXX is set to, which could be
clang. In that case, at least libjson-c/host will fail to compile.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
f98878e4c17d5f11e78994b4fc456e6b60b2660f)
Klaus Kudielka [Fri, 27 Dec 2019 13:26:37 +0000 (14:26 +0100)]
mvebu: fixup Turris Omnia U-Boot environment
Fixup
dfa357a3de "mvebu: base-files: Update Turris Omnia U-Boot
environment" which should have included this file as well.
By rebasing the initial patch this file somehow disappeared.
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tested-by: W. Michael Petullo <mike@flyn.org> (Turris Omnia "2020")
Tested-by: Klaus Kudielka <klaus.kudielka@gmail.com> (Turris Omnia)
[explain fixup in commit message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(backported from commit
485ce5bbe5cc33526e56817694a79a7d94160e01)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Klaus Kudielka [Fri, 27 Dec 2019 13:26:37 +0000 (14:26 +0100)]
mvebu: base-files: Update Turris Omnia U-Boot environment
Move the update procedure from sysupgrade to first boot, which is much
more convenient in the sysupgrade case (otherwise the environment is
always one generation behind).
Check whether we have an old U-Boot release installed, and update the
environment only if necessary.
Some notes on the U-Boot environment:
The first 9 lines are a copy of the default environment of the old U-Boot
release - only modified, to run "distro_bootcmd", in case "mmcboot" fails
to boot the factory OS.
The remaining 16 lines are a backport of the default environment of the
new U-Boot release (shipped with CZ11NIC23). The main entry point is
"distro_bootcmd", which eventually sources boot.scr. This way, we have
a unified boot protocol for all Turris Omnia revisions so far.
This commit also fixes a shortcoming of previous Turris Omnia support:
Users may install OpenWrt with the Turris Omnia in factory state
(i.e. invalid environment store). In that case, neither fw_setenv, nor
U-Boot itself, would import the default environment from the image -
screwing up the rescue system, at least!
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tested-by: W. Michael Petullo <mike@flyn.org> (Turris Omnia "2020")
Tested-by: Klaus Kudielka <klaus.kudielka@gmail.com> (Turris Omnia)
(cherry picked from commit
dfa357a3def512c13f22371d24138b6e8093be18)
Klaus Kudielka [Mon, 23 Dec 2019 07:34:49 +0000 (08:34 +0100)]
mvebu: Add turris-omnia.bootscript
In contrast to the U-Boot version shipped with older versions of Turris
Omnia (CZ11NIC13, CZ11NIC20), the version shipped with Turris Omnia 2019
(CZ11NIC23) relies on the existence of /boot.scr.
Consequently, add a suitable boot script to the sysupgrade image.
Flash instructions for Turris Omnia 2019:
- Download openwrt-...-sysupgrade.img.gz, gunzip it, and copy the resulting
.img file to the root of a USB flash drive (FAT32 or ext2/3/4).
- Enter a rescue shell: Either via 5-LED reset and ssh root@192.168.1.1
on LAN port 4, or via 7-LED reset and the serial console.
- Insert the USB drive and mount it:
mkdir /mnt; mount /dev/sda1 /mnt
- Flash the OpenWrt image to eMMC:
dd if=/mnt/openwrt-...-sysupgrade.img of=/dev/mmcblk0 bs=4096 conv=fsync
- Reboot.
Flash instructions using a temporary "medkit" installation were written for
the older versions of Turris Omnia, and will *not* work on the Turris Omnia
2019.
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tested-by: W. Michael Petullo <mike@flyn.org> (Turris Omnia "2020")
(cherry picked from commit
afd4375a33840fa949c898fb6bc603e8645edd61)
Klaus Kudielka [Fri, 27 Dec 2019 18:15:31 +0000 (19:15 +0100)]
uboot-envtools: mvebu: update uci defaults for Turris Omnia
On the Turris Omnia 2019, u-boot environment is located at 0xF0000, instead
of 0xC0000. The switch happened with u-boot-omnia package version 2019-04-2
(May 10, 2019).
Check the installed u-boot release, and set the default accordingly.
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
[bump PKG_RELEASE, use lower case for hex offset]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit
04d3b517dc3301e0148a2ce811ffc136568b04bd)
RISCi_ATOM [Sun, 29 Nov 2020 20:09:15 +0000 (15:09 -0500)]
Defaults: Enable wolfssl as the default libssl
Upstream has moved to using wolfssl as the default libssl.
This also fixes a bug where ssl support is missing in core images
in v1.5.3).
RISCi_ATOM [Sun, 29 Nov 2020 01:25:20 +0000 (20:25 -0500)]
Bump version to v1.5.4
RISCi_ATOM [Sun, 29 Nov 2020 01:23:31 +0000 (20:23 -0500)]
ath79 : Add support for the TPE-R1300
This new target is the same TPE-R1200 board but lacks
128MB of NAND flash.
RISCi_ATOM [Sun, 29 Nov 2020 01:19:48 +0000 (20:19 -0500)]
mvebu : Add missing swconfig package for Turris / WRT1900ACv1)
RISCi_ATOM [Fri, 27 Nov 2020 21:19:46 +0000 (16:19 -0500)]
ath79 : TPE-R1100 / GL.iNet GL-AR150 LED Fixup
Fixes issues with LEDs on the TPE-R1100 / GL-AR150 and simliar boards.
Based upon upstream :
e36bdd5dc5bf48fc0102394736c24a075959bc53
David Bauer [Wed, 18 Nov 2020 15:02:23 +0000 (16:02 +0100)]
scripts: download.pl: retry download using filename
With this commit, the download script will try downloading source files
using the filename instead of the url-filename in case the previous
download attempt using the url-filename failed.
This is required, as the OpenWrt sources mirrors serve files using the
filename files might be renamed to after downloading. If the original
mirror for a file where url-filename and filename do not match goes
down, the download failed prior to this patch.
Further improvement can be done by performing this only for the
OpenWrt sources mirrors.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit
d36999389890fb952fc7cc8c0db8e1bbb671af12)
Jan Pavlinec [Wed, 25 Nov 2020 01:04:00 +0000 (02:04 +0100)]
tcpdump: patch CVE-2020-8037
This PR backports upstream fix for CVE-2020-8037. This fix is only
relevant for tcpdump package, tcpdump-mini is not affeted by this issue.
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
5bb3cc749ee0d08d82acda3c084ff759f3829a91)
Sven Eckelmann [Sun, 22 Nov 2020 00:17:35 +0000 (01:17 +0100)]
kernel: mtd: parser: cmdline: Fix parsing of part-names with colons
Some devices (especially QCA ones) are already using hardcoded partition
names with colons in it. The OpenMesh A62 for example provides following
mtd relevant information via cmdline:
root=31:11 mtdparts=spi0.0:256k(0:SBL1),128k(0:MIBIB),384k(0:QSEE),64k(0:CDT),64k(0:DDRPARAMS),64k(0:APPSBLENV),512k(0:APPSBL),64k(0:ART),64k(custom),64k(0:KEYS),0x002b0000(kernel),0x00c80000(rootfs),15552k(inactive) rootfsname=rootfs rootwait
The change to split only on the last colon between mtd-id and partitions
will cause newpart to see following string for the first partition:
KEYS),0x002b0000(kernel),0x00c80000(rootfs),15552k(inactive)
Such a partition list cannot be parsed and thus the device fails to boot.
Avoid this behavior by making sure that the start of the first part-name
("(") will also be the last byte the mtd-id split algorithm is using for
its colon search.
Fixes:
9c718b5478ac ("kernel: bump 4.14 to 4.14.200")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(backported from commit
223eec7e81f8506592fc89cf79a2f14360f5c57b)
Petr Štetiar [Fri, 20 Nov 2020 12:13:27 +0000 (13:13 +0100)]
musl: handle wcsnrtombs destination buffer overflow (CVE-2020-28928)
The wcsnrtombs function in all musl libc versions up through 1.2.1 has
been found to have multiple bugs in handling of destination buffer
size when limiting the input character count, which can lead to
infinite loop with no forward progress (no overflow) or writing past
the end of the destination buffera.
This function is not used internally in musl and is not widely used,
but does appear in some applications. The non-input-limiting form
wcsrtombs is not affected.
All users of musl 1.2.1 and prior versions should apply the attached
patch, which replaces the overly complex and erroneous implementation.
The upcoming 1.2.2 release will adopt this new implementation.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
4d4ef1058c0f10aa2fa4070cd6b9db4d48b94148)
Petr Štetiar [Tue, 24 Nov 2020 08:21:12 +0000 (09:21 +0100)]
ar71xx,ath79: refresh 910-unaligned_access_hacks.patch
Commit
c9c7b4b3945c ("kernel: add netfilter-actual-sk patch") has
touched net/ipv6/netfilter/ip6table_mangle.c which in turn has affected
910-unaligned_access_hacks.patch so the patch needs to be refreshed.
Fixes:
c9c7b4b3945c ("kernel: add netfilter-actual-sk patch")
Signed-off-by: Petr Štetiar <ynezz@true.cz>