openwrt/staging/hauke.git
3 years agoopenwrt-keyring: Only copy sign key for 19.07 and 21.02
Hauke Mehrtens [Sun, 16 May 2021 13:31:49 +0000 (15:31 +0200)]
openwrt-keyring: Only copy sign key for 19.07 and 21.02

Instead of adding all public signature keys from the openwrt-keyring
repository only add the key which is used to sign the OpenWrt 19.07
feeds and the 21.02 feeds to allow checking the next release.

If one of the other keys would be compromised this would not affect
users of 19.07 release builds.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 years agoopenwrt-keyring: add OpenWrt 21.02 GPG/usign keys
Petr Štetiar [Sat, 20 Feb 2021 14:56:19 +0000 (15:56 +0100)]
openwrt-keyring: add OpenWrt 21.02 GPG/usign keys

49283916005d usign: add 21.02 release build pubkey
bc4d80f064f2 gpg: add OpenWrt 21.02 signing key

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 1bf6d70e60fdb45d81a8f10b90904cef38c73f70)

3 years agogeneric: platform/mikrotik: release mtd device after use
Koen Vandeputte [Wed, 12 May 2021 09:41:26 +0000 (11:41 +0200)]
generic: platform/mikrotik: release mtd device after use

The code uses get_mtd_device_nm() which must be followed by a call to
put_mtd_device() once the handle is no longer used.

This fixes spurious shutdown console messages such as:
[   83.099037] Removing MTD device #1 (hard_config) with use count 1

Reported-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
[Backported from master]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
3 years agokernel: bump 4.14 to 4.14.232
Koen Vandeputte [Mon, 10 May 2021 12:25:40 +0000 (14:25 +0200)]
kernel: bump 4.14 to 4.14.232

Refreshed all patches.

Fixes:
- CVE-2021-23133

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
3 years agoExtend checks on build prerequisites for building OpenWRT core
Bas Mevissen [Mon, 19 Apr 2021 23:08:19 +0000 (01:08 +0200)]
Extend checks on build prerequisites for building OpenWRT core

OpenWRT requires a number of Perl modules to be installed. It wasn't checking on all of them.
This patch adds checks for Perl FindBin, File::Copy, File::Compare and Thread::Queue modules.

Failing to install these, will have the build break at some point. By adding these to the
prereq-build.mk script, they are checked on forehand.

Tested on a Fedora 33 and 34 (beta) that was freshly installed. Fedora appears to
break up Perl modules into small packages that need to be installed for the build to succeed.

Signed-off-by: Bas Mevissen <abuse@basmevissen.nl>
(cherry picked from commit f68c9474acf9a65b5a9538db8e45c173462487e3)

3 years agoprereq-build: test for perl's Data::Dumper
Rosen Penev [Mon, 30 Mar 2020 01:13:56 +0000 (18:13 -0700)]
prereq-build: test for perl's Data::Dumper

Required for installation of autoconf:

make[5]: Entering directory `/openwrt/build_dir/host/autoconf-2.69'
Making all in bin
make[6]: Entering directory `/openwrt/build_dir/host/autoconf-2.69/bin'
autom4te_perllibdir='..'/lib AUTOM4TE_CFG='../lib/autom4te.cfg'
../bin/autom4te -B '..'/lib -B '..'/lib         --language M4sh --cache
 '' --melt ./autoconf.as -o autoconf.in

Can't locate Data/Dumper.pm in @INC (@INC contains: ../lib
/usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl
/usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at
../lib/Autom4te/C4che.pm line 33.
BEGIN failed--compilation aborted at ../lib/Autom4te/C4che.pm line 33.
Compilation failed in require at ../bin/autom4te line 40.
BEGIN failed--compilation aborted at ../bin/autom4te line 40.
make[6]: *** [autoconf.in] Error 2

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit dc467eac38f2447b652b6680cf4af75b05fd6cd2)

3 years agotplink-safeloader: fix C7v5 factory flashing from vendor fw > v1.1.x
Petr Štetiar [Fri, 9 Apr 2021 12:52:05 +0000 (14:52 +0200)]
tplink-safeloader: fix C7v5 factory flashing from vendor fw > v1.1.x

Currently it's not possible to flash factory images on devices shipped
with vendor firmware versions 1.1.0 Build 20201120 rel. 50406 (published
2020-12-22):

 (curFw_ver, newFw_ver) == (1.1, 1.0) [NM_Error](nm_checkSoftVer) 00848: Firmwave not supports, check failed.
 [NM_Error](nm_checkUpdateContent) 01084: software version dismatched
 [NM_Error](nm_buildUpgradeStruct) 01188: checkUpdateContent failed.

They've even following note in release notes:

 Note: You will be unable to downgrade to the previous firmware version
       after updating this firmware.

This version check in vendor firmware is implemented in
/usr/bin/nvrammanager binary likely as following C code[1]:

 sscanf(buf, "%d.%d.%*s",&upd_fw_major, &upd_fw_minor);
 ...
 if (((int)upd_fw_major < (int)cur_fw_major) ||
     ((ret = 1, cur_fw_major == upd_fw_major && (upd_fw_minor < (int)cur_fw_minor)))) {
       ret = 0;
       printf("[NM_Error](%s) %05d: Firmwave not supports, check failed.\r\n\r\n","nm_checkSoftVer" ,0x350);
 }
 ...
 return ret;

So in order to fix this and make it future proof it should be enough to
ship our factory firmware images with major version 7 (lucky number).

Tested on latest firmware version 1.1.2 Build 20210125 rel.37999:

 Firmwave supports, check OK.
  (curFw_ver, newFw_ver) == (1.1, 7.0) check firmware ok!

Flashing back to vendor firmware
c7v5_us-up-ver1-1-2-P1[20210125-rel37999]_2021-01-25_10.33.55.bin works
as well:

 U-Boot 1.1.4-gbec22107-dirty (Nov 18 2020 - 18:19:12)
 ...
 Firmware downloaded... filesize = 0xeeae77 fileaddr = 0x80060000.
 Firmware Recovery file length : 15642231
 Firmware process id 2.
 handle_fw_cloud 146
 Image verify OK!
 Firmware file Verify ok!
 product-info:product_name:Archer C7
 product_ver:5.0.0
 special_id:55530000
 [Error]sysmgr_cfg_checkSupportList(): 1023 @ specialId 45550000 NOT Match.
 Firmware supports, check OK.
 Firmware Recovery check ok!

1. https://gist.github.com/ynezz/2e0583647d863386a66c3d231541b6d1

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit e6d66375cbbb54e0e82a67030e385a5486273766)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
3 years agomac80211: Update to backports version 4.19.189-1
Hauke Mehrtens [Sun, 2 May 2021 21:20:40 +0000 (23:20 +0200)]
mac80211: Update to backports version 4.19.189-1

The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 years agodropbear: Fix CVE-2020-36254
Hauke Mehrtens [Sun, 2 May 2021 15:35:16 +0000 (17:35 +0200)]
dropbear: Fix CVE-2020-36254

This backports a fix from dropbear 2020.81.
CVE-2020-36254 description:
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 years agoramips: backport unlocked mdiobus accessors
David Bauer [Sun, 2 May 2021 22:08:38 +0000 (00:08 +0200)]
ramips: backport unlocked mdiobus accessors

Commit 718e97c5c843 ("ramips: mt7530 swconfig: fix race condition in
register access") backports a fix which depends on unlocked MMD
accessors, however these were not yet included in Kernel 4.14 and they
were not backported yet.

Fixes commit 718e97c5c843 ("ramips: mt7530 swconfig: fix race condition in register access")

Signed-off-by: David Bauer <mail@david-bauer.net>
3 years agoopenvpn: update to 2.4.11
Magnus Kroken [Wed, 21 Apr 2021 20:10:58 +0000 (22:10 +0200)]
openvpn: update to 2.4.11

Fixes two related security vulnerabilities (CVE-2020-15078) which under
very specific circumstances allow tricking a server using delayed
authentication (plugin or management) into returning a PUSH_REPLY before
the AUTH_FAILED message, which can possibly be used to gather
information about a VPN setup.

This release also includes other bug fixes and improvements.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
3 years agoopenvpn: update to 2.4.9
Magnus Kroken [Wed, 21 Apr 2021 20:10:57 +0000 (22:10 +0200)]
openvpn: update to 2.4.9

This is primarily a maintenance release with bugfixes and improvements.
This release also fixes a security issue (CVE-2020-11810) which allows
disrupting service of a freshly connected client that has not yet
negotiated session keys. The vulnerability cannot be used to
inject or steal VPN traffic.

Release announcement:
https://openvpn.net/community-downloads/#heading-13812
Full list of changes:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry-picked from commit d7e98bd7c5316f95cc11635371a39c6c0e18b9a7)

3 years agoopenvpn: update to 2.4.8
Magnus Kroken [Wed, 21 Apr 2021 20:10:56 +0000 (22:10 +0200)]
openvpn: update to 2.4.8

Backport two upstream commits that allow building
openvpn-openssl without OpenSSLs deprecated APIs.

Full changelog:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.8

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry-picked from commit bf43e5bbf91ca1a90df8dae3e2cce6bbb61d5cd9)

3 years agoramips: mt7530 swconfig: fix race condition in register access
DENG Qingfang [Mon, 26 Apr 2021 04:20:24 +0000 (12:20 +0800)]
ramips: mt7530 swconfig: fix race condition in register access

[ Upstream commit f99c9cd9c4d4c49a676d678327546fd41690fe2a ]

The mt7530_{r,w}32 operation over MDIO uses 3 mdiobus operations and
does not hold a lock, which causes a race condition when multiple
threads try to access a register, they may get unexpected results.

To avoid this, handle the MDIO lock manually, and use the unlocked
__mdiobus_{read,write} in the critical section.

This fixes the "Ghost VLAN" artifact[1] in MT7530/7621 when the VLAN
operation and the swconfig LED link status poll race between each other.

[1] https://forum.openwrt.org/t/mysterious-vlan-ids-on-mt7621-device/64495

Signed-off-by: DENG Qingfang <dqfext@gmail.com>
(cherry picked from commit f99c9cd9c4d4c49a676d678327546fd41690fe2a)

3 years agoppp/pppoe-discovery: fix -W option
Martin Schiller [Wed, 14 Apr 2021 12:34:56 +0000 (14:34 +0200)]
ppp/pppoe-discovery: fix -W option

This patch is already included in ppp-2.4.9 which is used in openwrt
master.

Backport this patch to openwrt-19.07.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
3 years agokernel: bump 4.14 to 4.14.231
Koen Vandeputte [Thu, 22 Apr 2021 16:48:08 +0000 (18:48 +0200)]
kernel: bump 4.14 to 4.14.231

Refreshed all patches.

Fixes:
- CVE-2020-25672
- CVE-2020-25671
- CVE-2020-25670

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
3 years agokernel: bump 4.14 to 4.14.230
Koen Vandeputte [Mon, 12 Apr 2021 09:38:51 +0000 (11:38 +0200)]
kernel: bump 4.14 to 4.14.230

Refreshed all patches.

Remove upstreamed:
- 840-can-flexcan-flexcan_chip_freeze-fix-chip-freeze-for-.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
3 years agomac80211: backport upstream fixes
Koen Vandeputte [Fri, 2 Apr 2021 10:21:24 +0000 (12:21 +0200)]
mac80211: backport upstream fixes

Refreshed all patches.
Includes all fixes up to 4.19.184

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
3 years agokernel: backport fix for flexcan bug
Koen Vandeputte [Fri, 9 Apr 2021 13:14:37 +0000 (15:14 +0200)]
kernel: backport fix for flexcan bug

This patch fixes a DIV/0 error which was introduced in 4.14.225
This patch was forgotten in upstream <= 4.14 and is now queued for
future release.

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
3 years agokernel: bump 4.14 to 4.14.229
Koen Vandeputte [Fri, 9 Apr 2021 08:09:24 +0000 (10:09 +0200)]
kernel: bump 4.14 to 4.14.229

Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
3 years agokernel: bump 4.14 to 4.14.228
Koen Vandeputte [Fri, 2 Apr 2021 09:46:03 +0000 (11:46 +0200)]
kernel: bump 4.14 to 4.14.228

Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
3 years agokernel: bump 4.14 to 4.14.227
Koen Vandeputte [Mon, 29 Mar 2021 09:43:31 +0000 (11:43 +0200)]
kernel: bump 4.14 to 4.14.227

Refreshed all patches.

Altered patches:
- 809-flexcan-support-layerscape.patch

Compile-tested on: ar71xx, cns3xxx, imx6, layerscape, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
3 years agoopenssl: bump to 1.1.1k
Eneas U de Queiroz [Fri, 26 Mar 2021 17:46:29 +0000 (14:46 -0300)]
openssl: bump to 1.1.1k

This version fixes 2 security vulnerabilities, among other changes:

 - CVE-2021-3450: problem with verifying a certificate chain when using
   the X509_V_FLAG_X509_STRICT flag.

 - CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously
   crafted renegotiation ClientHello message from a client.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 0bd0de7d43b3846ad0d7006294e1daaadfa7b532)

3 years agoopenssl: sync package download URLs with master
Petr Štetiar [Sat, 27 Mar 2021 06:42:14 +0000 (07:42 +0100)]
openssl: sync package download URLs with master

Apparently it fixes some broken URLs and as a bonus it makes
cherry-picking of fixes easier.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
3 years agombedtls: update to 2.16.10
Magnus Kroken [Sun, 14 Mar 2021 18:42:33 +0000 (19:42 +0100)]
mbedtls: update to 2.16.10

This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.

Security fixes:
* Fix a buffer overflow in mbedtls_mpi_sub_abs()
* Fix an errorneous estimation for an internal buffer in
mbedtls_pk_write_key_pem()
* Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout()
* Guard against strong local side channel attack against base64 tables
by making access aceess to them use constant flow code

Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit dbde2bcf60b5d5f54501a4b440f25fe7d02fbe5d)

3 years agomwlwifi: add PKG_FLAGS:=nonshared
Daniel Golle [Wed, 24 Mar 2021 09:47:12 +0000 (09:47 +0000)]
mwlwifi: add PKG_FLAGS:=nonshared

This should fix the problem of mwlwifi-firmware-* not being found
when using the ImageBuilder.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9b3aaf1cdb873cc2a7b2f2ef4e72ddb716afba38)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
3 years agoscripts: bundle-libraries.sh: fix broken SDK compiler
Petr Štetiar [Sun, 1 Nov 2020 13:40:02 +0000 (14:40 +0100)]
scripts: bundle-libraries.sh: fix broken SDK compiler

Recent versions (> 5.33) of `file` report liblto_plugin.so as
executable:

 $ file liblto_plugin.so
 liblto_plugin.so.0.0.0: ELF 64-bit LSB pie executable ...

Which then leads to improper packaging of the plugin, resulting in the
broken compiler:

 configure: checking whether the C compiler works
 mips-openwrt-linux-musl/bin/ld: liblto_plugin.so: error loading plugin: liblto_plugin.so: invalid ELF header

As the LTO compiler plugin library is incorrectly packaged as SDK
executable:

 $ head -1 ~/staging_dir/toolchain...libexec/gcc/.../liblto_plugin.so
 #!/usr/bin/env bash

Fix this by filtering out shared libraries from the patching.

Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1296868
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 4b7165722cb0e2ba62ab68e8b90d4d4b0909744c)

3 years agobuild: reduce number of files passed to ipk-remove
Eneas U de Queiroz [Thu, 20 Feb 2020 21:29:04 +0000 (18:29 -0300)]
build: reduce number of files passed to ipk-remove

Instead of using xargs to pass a huge number of files to
script/ipkg-remove, which will usually pick only one, use a more
restrictive wildcard so that, currently, at the most 325 files are
examined, instead of up to over 2,300.  The 325-file package is python,
which is picking up python3* ipks.  It is about to be removed.
Runner-up is ddns-scripts with 7 files.

This makes a second run of make package/luci/compile go from
real 16.40s; user 17.42s; sys 2.73s
to
real 10.71s; user 9.51s; sys 1.27s

There is a caveat though: if one were to remove the ABI_VERSION of a
package that ends in a digit [0-9], then the old package ipk will not be
removed from the bin directory by make package/abc2/clean.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 11192484fa320cd233849441bd00ddf58964de42)

3 years agobuild: call ipkg-remove using xargs if #args>=512
Eneas U de Queiroz [Thu, 20 Feb 2020 21:29:03 +0000 (18:29 -0300)]
build: call ipkg-remove using xargs if #args>=512

The wildcard call to clean up luci package (luci*) can pick up over
2,300 files when the full tree is built. Running make package/luci/clean
or a second run of make package/luci/compile would fail with an
'Argument list too long' error.

To avoid that, a maybe_use_xargs function was created that runs the
command straight as usual if the number of arguments is < 512, or saves
the list in a temporary file and feeds it to xargs otherwise.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 78d1f3ac61b1740f2a45c40bcde0e83246308a18)

3 years agobuild: package-ipkg: avoid calling wildcard twice
Eneas U de Queiroz [Thu, 20 Feb 2020 21:29:02 +0000 (18:29 -0300)]
build: package-ipkg: avoid calling wildcard twice

Instead of calling $(wildcard) to check if the removal list is empty,
then calling it again to actually remove the files, define a function so
that the arguments are expanded only once when it gets called.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 40acc13ca72ca7d2815dc5d94549d5dc48e16e98)

3 years agokernel: bump 4.14 to 4.14.224
Koen Vandeputte [Mon, 8 Mar 2021 08:59:46 +0000 (09:59 +0100)]
kernel: bump 4.14 to 4.14.224

Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Compile-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
3 years agokernel: bump 4.14 to 4.14.223
Koen Vandeputte [Fri, 5 Mar 2021 08:22:20 +0000 (09:22 +0100)]
kernel: bump 4.14 to 4.14.223

Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
3 years agowolfssl: bump to v4.7.0-stable
Eneas U de Queiroz [Sun, 21 Feb 2021 21:33:30 +0000 (18:33 -0300)]
wolfssl: bump to v4.7.0-stable

Biggest fix for this version is CVE-2021-3336, which has already been
applied here.  There are a couple of low severity security bug fixes as
well.

Three patches are no longer needed, and were removed; the one remaining
was refreshed.

This tool shows no ABI changes:
https://abi-laboratory.pro/index.php?view=objects_report&l=wolfssl&v1=4.6.0&v2=4.7.0

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit d1dfb577f1c0d5b1f1fa35000c9ad7abdb7d10ed)

3 years agohostapd: P2P: Fix a corner case in peer addition based on PD Request
Stefan Lippers-Hollmann [Sat, 27 Feb 2021 22:55:08 +0000 (23:55 +0100)]
hostapd: P2P: Fix a corner case in peer addition based on PD Request

p2p_add_device() may remove the oldest entry if there is no room in the
peer table for a new peer. This would result in any pointer to that
removed entry becoming stale. A corner case with an invalid PD Request
frame could result in such a case ending up using (read+write) freed
memory. This could only by triggered when the peer table has reached its
maximum size and the PD Request frame is received from the P2P Device
Address of the oldest remaining entry and the frame has incorrect P2P
Device Address in the payload.

Fix this by fetching the dev pointer again after having called
p2p_add_device() so that the stale pointer cannot be used.

This fixes the following security vulnerabilities/bugs:

- CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c
  in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision
  discovery requests. It could result in denial of service or other
  impact (potentially execution of arbitrary code), for an attacker
  within radio range.

Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit 1ca5de13a153061feae260864d73d96f7c463785)

3 years agobuild: fix checks for GCC11
Petr Štetiar [Mon, 1 Mar 2021 12:29:19 +0000 (13:29 +0100)]
build: fix checks for GCC11

Fedora 34 already uses GCC11.

Reported-by: Marcin Juszkiewicz <marcin-openwrt@juszkiewicz.com.pl>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit cae69d558135456976b8fc6cb08530d1358cf6d5)

3 years agoRevert "base-files: source functions.sh in /lib/functions/system.sh"
Adrian Schmutzler [Mon, 1 Mar 2021 21:28:13 +0000 (22:28 +0100)]
Revert "base-files: source functions.sh in /lib/functions/system.sh"

This reverts commit 86aeac4fc98f42ac0ce7e0dcf1cb240e16b28f8f.

The reverted commit introduced a cyclic dependency between
/lib/functions.sh and /lib/functions/system.sh. Further details
are found in 282e8173509a ("base-files: do not source system.sh
in functions.sh"), which was applied to master some time ago and
is included in 21.02.

With the current age of 19.07 branch, it seems safer to revert this
mostly cosmetic feature than investing further time into disentangling
the dependencies.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
3 years agokernel: bump 4.14 to 4.14.222
Koen Vandeputte [Thu, 25 Feb 2021 08:18:53 +0000 (09:18 +0100)]
kernel: bump 4.14 to 4.14.222

Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
3 years agobase-files: source functions.sh in /lib/functions/system.sh
Adrian Schmutzler [Fri, 13 Mar 2020 15:56:53 +0000 (16:56 +0100)]
base-files: source functions.sh in /lib/functions/system.sh

The file /lib/functions/system.sh depends on find_mtd_index() and
find_mtd_part() located in /lib/function.sh, so let's source that
file.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(backported from commit ae636effd24a7637cefca58a143063f395c82d05)

3 years agohostapd: backport ignoring 4addr mode enabling error
Raphaël Mélotte [Wed, 17 Feb 2021 14:58:16 +0000 (15:58 +0100)]
hostapd: backport ignoring 4addr mode enabling error

This is a backport of the upstream commit 58bbbb598144 ("nl80211: Ignore
4addr mode enabling error if it was already enabled").

 nl80211_set_4addr_mode() could fail when trying to enable 4addr mode on
 an interface that is in a bridge and has 4addr mode already enabled.
 This operation would not have been necessary in the first place and this
 failure results in disconnecting, e.g., when roaming from one backhaul
 BSS to another BSS with Multi AP.

 Avoid this issue by ignoring the nl80211 command failure in the case
 where 4addr mode is being enabled while it has already been enabled.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
[bump PKG_RELEASE, more verbose commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit fb860b4e418c28a0f388f215e5acce103dcee1bf)

3 years agoramips: remove factory image for TP-Link Archer C20 v1
Stijn Segers [Thu, 18 Feb 2021 23:53:26 +0000 (00:53 +0100)]
ramips: remove factory image for TP-Link Archer C20 v1

Similarly to the Archer C2 v1, the Archer C20 v1 will brick when one
tries to flash an OpenWrt factory image through the TP-Link web UI.
The wiki page contains an explicit warning about this [1].

Disable the factory image altogether since it serves no purpose.

[1] https://openwrt.org/toh/tp-link/tp-link_archer_c20_v1#installation

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
(backported from commit 0265cba40ad4f2b8ff4473ada123c35b53ffd97a)

3 years agolantiq: fritz7320: enable USB power supply
Mathias Kresin [Wed, 17 Feb 2021 22:37:54 +0000 (23:37 +0100)]
lantiq: fritz7320: enable USB power supply

The USB ports if a FRIZZ!Box 7320 do not supply power to connected
devices.

Add the GPIOs enabling USB power as regulator, to enable USB power
supply as soon as the USB driver is loaded.

Fixes FS#3624

Signed-off-by: Mathias Kresin <dev@kresin.me>
(cherry picked from commit 6e4e97b2256327bb380ee2a83da9a1ddf657e395)

3 years agoopenssl: bump to 1.1.1j
Eneas U de Queiroz [Wed, 17 Feb 2021 02:21:36 +0000 (23:21 -0300)]
openssl: bump to 1.1.1j

This fixes 4 security vulnerabilities/bugs:

- CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support
  SSLv2, but the affected functions still exist. Considered just a bug.

- CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and
  EVP_DecryptUpdate may overflow the output length argument in some
  cases where the input length is close to the maximum permissable
  length for an integer on the platform. In such cases the return value
  from the function call will be 1 (indicating success), but the output
  length value will be negative.

- CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to
  create a unique hash value based on the issuer and serial number data
  contained within an X509 certificate. However it was failing to
  correctly handle any errors that may occur while parsing the issuer
  field (which might occur if the issuer field is maliciously
  constructed). This may subsequently result in a NULL pointer deref and
  a crash leading to a potential denial of service attack.

- Fixed SRP_Calc_client_key so that it runs in constant time. This could
  be exploited in a side channel attack to recover the password.

The 3 CVEs above are currently awaiting analysis.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 482c9ff289c65480c8e7340e1740db24c62f91df)

3 years agoOpenWrt v19.07.7: revert to branch defaults
Hauke Mehrtens [Tue, 16 Feb 2021 22:30:33 +0000 (23:30 +0100)]
OpenWrt v19.07.7: revert to branch defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 years agoOpenWrt v19.07.7: adjust config defaults v19.07.7
Hauke Mehrtens [Tue, 16 Feb 2021 22:30:28 +0000 (23:30 +0100)]
OpenWrt v19.07.7: adjust config defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 years agokernel: bump 4.14 to 4.14.221
Koen Vandeputte [Mon, 15 Feb 2021 14:01:33 +0000 (15:01 +0100)]
kernel: bump 4.14 to 4.14.221

Refreshed all patches.

Remove upstreamed hunk in:
- 302-dts-support-layerscape.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
3 years agoramips: ethernet: Disable TSO support to improve stability
Baptiste Jonglez [Mon, 15 Feb 2021 09:12:59 +0000 (10:12 +0100)]
ramips: ethernet: Disable TSO support to improve stability

Stability of this Ethernet driver has been a long-standing issue, with
many people reporting frequent "transmit queue timeouts" and even
occasional crashes.

Disabling TSO in the driver helps with stability, although it is likely a
workaround and might not fix the issue completely.

There is a slight slowdown in forwarding performance for TCP packets
(75 kpps vs. 80 kpps with comparable CPU utilization), but this is still
enough to forward close to 1 Gbit/s of full-sized packets across multiple
flows.

Master is using a different ethernet driver, so this is not a backport.
Because of this different driver, the upcoming 21.02 release does not seem
to be affected by these stability issues.

Thanks to mrakotiq for the initial patch.

Fixes: FS#2628
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
3 years agomt76: update to the latest version
David Bauer [Mon, 15 Feb 2021 00:21:18 +0000 (01:21 +0100)]
mt76: update to the latest version

5c768de mt76: mt76x0: disable GTK offloading

Signed-off-by: David Bauer <mail@david-bauer.net>
3 years agoramips: mark toggle input on EX6150 as a switch
Kurt Roeckx [Sun, 14 Feb 2021 13:28:20 +0000 (14:28 +0100)]
ramips: mark toggle input on EX6150 as a switch

The Netgear EX6150 has an Access Point/Extender switch. Set it as
an EV_SW. Otherwise when it's set to Access Point, it will trigger
failsafe mode during boot.

Fixes: FS#3590
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
(cherry picked from commit 539966554d6d0686dc8ce62e39ff9e8f4e2d4e74)

3 years agomac80211: Remove 357-mac80211-optimize-skb-resizing.patch
Hauke Mehrtens [Sun, 14 Feb 2021 18:41:40 +0000 (19:41 +0100)]
mac80211: Remove 357-mac80211-optimize-skb-resizing.patch

This patch was adapted to apply on top of some stable changes, but we
are not sure if this is working correctly. Felix suggested to remove
this patch for now.

Fixes: 0a59e2a76e6d ("mac80211: Update to version 4.19.161-1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 years agoramips: remove factory image for TP-Link Archer C2 v1
Stijn Segers [Sat, 13 Feb 2021 09:39:42 +0000 (10:39 +0100)]
ramips: remove factory image for TP-Link Archer C2 v1

Initial commit 8375623a0640 ("ramips: add support for TP-Link Archer
C2") contains detailed installation instructions, which do not mention
a factory image. From what I can see, no support to install OpenWrt
through the vendor web interface has been added since. The factory
image is also conspicuously absent from the device page in the wiki.
Yet, it is available for download.

I bricked my Archer C2 loading the factory image through the web UI.
Serial showed this error during bootloop:

  Uncompressing Kernel Image ... LZMA ERROR 1 - must RESET board to recover

This patch disables the undocumented factory image so users won't get
tricked into thinking easy web UI flashing actually works.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
(backported from commit ad5e29d38a48ce6ffbcabaf5d83bc76a64dfbe56)

3 years agoath79: fix USB power GPIO for TP-Link TL-WR810N v1
Adrian Schmutzler [Sat, 2 Jan 2021 14:05:13 +0000 (15:05 +0100)]
ath79: fix USB power GPIO for TP-Link TL-WR810N v1

The TP-Link TL-WR810N v1 is known to cause soft-brick on ath79 and
work fine for ar71xx [1]. On closer inspection, the only apparent
difference is the GPIO used for the USB regulator, which deviates
between the two targets.

This applies the value from ar71xx to ath79.

Tested successfully by a forum user.

[1] https://forum.openwrt.org/t/tp-link-tl-wr810n-v1-ath79/48267

Fixes: cdbf2de77768 ("ath79: Add support for TP-Link WR810N")
Fixes: FS#3522
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 6934d30cf8d95bc8652b4dcd8180d14e5e8e2417)

3 years agowolfssl: Backport fix for CVE-2021-3336
Hauke Mehrtens [Mon, 8 Feb 2021 23:53:09 +0000 (00:53 +0100)]
wolfssl: Backport fix for CVE-2021-3336

This should fix CVE-2021-3336:
DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not
cease processing for certain anomalous peer behavior (sending an
ED22519, ED448, ECC, or RSA signature without the corresponding
certificate).

The patch is backported from the upstream wolfssl development branch.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1f559cafe5cc1193a5962d40a2d938c66c783171)

3 years agobcm63xx: sprom: override the PCI device ID
Daniel González Cabanelas [Fri, 5 Feb 2021 18:59:54 +0000 (19:59 +0100)]
bcm63xx: sprom: override the PCI device ID

The PCI device ID detected by the wifi drivers on devices using a fallback
SPROM is wrong. Currently the chipnum is used for this parameter.

Most SSB based Broadcom wifi chips are 2.4 and 5GHz capable. But on
devices without a physical SPROM, the only one way to detect if the device
suports both bands or only the 5GHz band, is by reading the device ID from
the fallback SPROM.

In some devices, this may lead to a non working wifi on a 5GHz-only card,
or in the best case a working 2.4GHz-only in a dual band wifi card.

The offset for the deviceid in SSB SPROMs is 0x0008, whereas in BCMA is
0x0060. This is true for any SPROM version.

Override the PCI device ID with the one defined at the fallback SPROM, to
detect the correct wifi card model and allow using the 5GHz band if
supported.

The patch has been tested with the following wifi radios:

BCM43222: b43: both 2.4/5GHz working
          brcm-wl: both 2.4/5GHz working

BCM43225: b43: 2.4GHz, working
 brcmsmac: working
 brcm-wl: it lacks support

BCM43217: b43: 2.4GHz, working
 brcmsmac: it lacks support
 brcm-wl: it lacks support

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Backported from a0e0e621ca

3 years agokernel: bump 4.14 to 4.14.219
Koen Vandeputte [Thu, 4 Feb 2021 16:20:28 +0000 (17:20 +0100)]
kernel: bump 4.14 to 4.14.219

Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
3 years agobcm63xx: R5010UNv2: fix flash partitions for 16MB flash
Daniel González Cabanelas [Mon, 22 Jun 2020 19:44:44 +0000 (21:44 +0200)]
bcm63xx: R5010UNv2: fix flash partitions for 16MB flash

The router Nucom R5010UN v2 has the partitions defined for a 8MB flash,
but the flash chip is 16MB size. We are wasting half of the flash.

Fix it and use generic names for partitions.

Fixes: 474cde61234c ("brcm63xx: probe SPI flash through DT")
Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
(cherry picked from commit cef9e5a49f496b64449fca6814fc1b66a45601c3)

3 years agohostapd: fix P2P group information processing vulnerability
Daniel Golle [Thu, 4 Feb 2021 01:01:36 +0000 (01:01 +0000)]
hostapd: fix P2P group information processing vulnerability

A vulnerability was discovered in how wpa_supplicant processing P2P
(Wi-Fi Direct) group information from active group owners.
This issue was discovered by fuzz testing of wpa_supplicant by Google's
OSS-Fuzz.

https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[added the missing patch]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry-picked from commit 7c8c4f1be648aff9f1072ee27a2cc8f6a4a788ef)

3 years agoopkg: update to latest git HEAD of branch openwrt-19.07
Baptiste Jonglez [Sun, 31 Jan 2021 15:40:40 +0000 (16:40 +0100)]
opkg: update to latest git HEAD of branch openwrt-19.07

c5dccea libopkg: fix md5sum calculation
7cad0c0 opkg_verify_integrity: better logging and error conditions
14d6480 download: purge cached packages that have incorrect checksum
456efac download: factor out the logic for building cache filenames
b145030 libopkg: factor out checksum and size verification
74bac7a download: remove compatibility with old cache naming scheme

Fixes: FS#2690
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
3 years agokernel: bump 4.14 to 4.14.218
Koen Vandeputte [Mon, 1 Feb 2021 09:35:34 +0000 (10:35 +0100)]
kernel: bump 4.14 to 4.14.218

Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
3 years agowolfssl: enable HAVE_SECRET_CALLBACK
Felix Fietkau [Sat, 2 Jan 2021 13:36:03 +0000 (14:36 +0100)]
wolfssl: enable HAVE_SECRET_CALLBACK

Fixes wpad-wolfssl build

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 55e23f2c02ae95e84613ed7d1cbf8aba557b8682)

3 years agowolfssl: Fix hostapd build with wolfssl 4.6.0
Hauke Mehrtens [Fri, 1 Jan 2021 21:04:18 +0000 (22:04 +0100)]
wolfssl: Fix hostapd build with wolfssl 4.6.0

This fixes the following build problem in hostapd:
mipsel-openwrt-linux-musl/bin/ld: /builder/shared-workdir/build/tmp/ccN4Wwer.ltrans7.ltrans.o: in function `crypto_ec_point_add':
<artificial>:(.text.crypto_ec_point_add+0x170): undefined reference to `ecc_projective_add_point'
mipsel-openwrt-linux-musl/bin/ld: <artificial>:(.text.crypto_ec_point_add+0x18c): undefined reference to `ecc_map'
mipsel-openwrt-linux-musl/bin/ld: /builder/shared-workdir/build/tmp/ccN4Wwer.ltrans7.ltrans.o: in function `crypto_ec_point_to_bin':
<artificial>:(.text.crypto_ec_point_to_bin+0x40): undefined reference to `ecc_map'

Fixes: ba40da9045f7 ("wolfssl: Update to v4.6.0-stable")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e7d0d2e9dcaa0ff1197fb7beee139b6a5bd35c79)

3 years agowolfssl: Update to v4.6.0-stable
Eneas U de Queiroz [Tue, 29 Dec 2020 17:49:20 +0000 (14:49 -0300)]
wolfssl: Update to v4.6.0-stable

This version fixes a large number of bugs and fixes CVE-2020-36177.

Full changelog at:
https://www.wolfssl.com/docs/wolfssl-changelog/
or, as part of the version's README.md:
https://github.com/wolfSSL/wolfssl/blob/v4.6.0-stable/README.md

Due a number of API additions, size increases from 374.7K to 408.8K for
arm_cortex_a9_vfpv3-d16.  The ABI does not change from previous version.

Backported patches were removed; remaining patch was refreshed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
[added reference to CVE]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ba40da9045f77feb04abe63eb8a92f13f9efe471)

3 years agomvebu: omnia: make initramfs image usable out of the box
Petr Štetiar [Sat, 30 Jan 2021 12:32:43 +0000 (13:32 +0100)]
mvebu: omnia: make initramfs image usable out of the box

Currently it's not possible to boot the device with just initramfs image
without additional effort as the initramfs image doesn't contain device
tree.  Fix it by producing FIT based image which could be booted with
following commands:

 setenv bootargs earlyprintk console=ttyS0,115200
 tftpboot ${kernel_addr_r} openwrt-mvebu-cortexa9-cznic_turris-omnia-initramfs-kernel.bin
 bootm ${kernel_addr_r}

Acked-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Reviewed-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry-picked from commit 337ff74894110b35b61118918b7eb30bb6e60756)

3 years agomt76: update to the latest version
David Bauer [Mon, 1 Feb 2021 12:08:51 +0000 (13:08 +0100)]
mt76: update to the latest version

4ba1709 mt76: mt7603: add additional EEPROM chip ID

Signed-off-by: David Bauer <mail@david-bauer.net>
3 years agowireguard: Fix compile with kernel 4.14.217
Hauke Mehrtens [Fri, 29 Jan 2021 20:12:43 +0000 (21:12 +0100)]
wireguard: Fix compile with kernel 4.14.217

Backport a patch from wireguard to fix a compile problem with kernel
4.14.217.

Fixes: 2ecb22dc51a5 ("kernel: bump 4.14 to 4.14.217")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 years agokernel: bump 4.14 to 4.14.217
Hauke Mehrtens [Mon, 25 Jan 2021 22:17:22 +0000 (23:17 +0100)]
kernel: bump 4.14 to 4.14.217

Refreshed all patches.

Compile-tested on: ipq40xx, lantiq/xrx200, x86/64, ipq806x
Runtime-tested on: ipq40xx, lantiq/xrx200, x86/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 years agodnsmasq: backport fixes
Hauke Mehrtens [Sat, 23 Jan 2021 19:28:00 +0000 (20:28 +0100)]
dnsmasq: backport fixes

This should fix some error messages shown in the log like this one:
dnsmasq[16020]: failed to send packet: Network unreachable
dnsmasq[16020]: failed to send packet: Address family not supported by protocol

Fixes: e87c0d934c54 ("dnsmasq: Update to version 2.83")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 years agonetifd: fix IPv6 routing loop on point-to-point links
Hans Dedecker [Thu, 21 Jan 2021 20:02:41 +0000 (21:02 +0100)]
netifd: fix IPv6 routing loop on point-to-point links

753c351 interface-ip: add unreachable route if address is offlink

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agoodhcp6c: fix IPv6 routing loop on point-to-point links
Hans Dedecker [Thu, 21 Jan 2021 19:57:56 +0000 (20:57 +0100)]
odhcp6c: fix IPv6 routing loop on point-to-point links

64e1b4e ra: fix routing loop on point to point links
f16afb7 ra: align ifindex resolving

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
3 years agokernel: bump 4.14 to 4.14.216
Koen Vandeputte [Mon, 18 Jan 2021 14:34:52 +0000 (15:34 +0100)]
kernel: bump 4.14 to 4.14.216

Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
3 years agoimagebuilder: pass IB=1 on checking requirements
Paul Spooren [Wed, 10 Jun 2020 02:24:29 +0000 (22:24 -0400)]
imagebuilder: pass IB=1 on checking requirements

The patch 4a1a58a3  build, imagebuilder: Do not require libncurses-dev
was supposed to remove libncurses as a requirement for the ImageBuilder.
However as the IB=1 is only exported during building, not for checking
requirements, it did never actually work.

This commit export IB=1 to the requirement check.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 4f3806364011aa3aef26fcab2e7b71837a777bcc)

3 years agoOpenWrt v19.07.6: revert to branch defaults
Hauke Mehrtens [Tue, 19 Jan 2021 14:12:28 +0000 (15:12 +0100)]
OpenWrt v19.07.6: revert to branch defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 years agoOpenWrt v19.07.6: adjust config defaults v19.07.6
Hauke Mehrtens [Tue, 19 Jan 2021 14:12:19 +0000 (15:12 +0100)]
OpenWrt v19.07.6: adjust config defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 years agodnsmasq: Backport some security updates
Hauke Mehrtens [Mon, 11 Jan 2021 00:03:03 +0000 (01:03 +0100)]
dnsmasq: Backport some security updates

This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
  Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
  overflow in sort_rrset() when DNSSEC is used. This can allow a remote
  attacker to write arbitrary data into target device's memory that can
  lead to memory corruption and other unexpected behaviors on the target
  device.
* CVE-2020-25682:
  Dnsmasq versions before 2.83 is susceptible to buffer overflow in
  extract_name() function due to missing length check, when DNSSEC is
  enabled. This can allow a remote attacker to cause memory corruption
  on the target device.
* CVE-2020-25683:
  Dnsmasq version before 2.83 is susceptible to a heap-based buffer
  overflow when DNSSEC is enabled. A remote attacker, who can create
  valid DNS replies, could use this flaw to cause an overflow in a heap-
  allocated memory. This flaw is caused by the lack of length checks in
  rtc1035.c:extract_name(), which could be abused to make the code
  execute memcpy() with a negative size in get_rdata() and cause a crash
  in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
  A lack of proper address/port check implemented in Dnsmasq version <
  2.83 reply_query function makes forging replies easier to an off-path
  attacker.
* CVE-2020-25685:
  A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
  versions before 2.83 reply_query function allows remote attackers to
  spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
  Multiple DNS query requests for the same resource name (RRNAME) by
  Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
  traffic, using a birthday attack (RFC 5452), that can lead to DNS
  cache poisoning.
* CVE-2020-25687:
  Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
  overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
  remote attacker, who can create valid DNS replies, could use this flaw
  to cause an overflow in a heap-allocated memory. This flaw is caused
  by the lack of length checks in rtc1035.c:extract_name(), which could
  be abused to make the code execute memcpy() with a negative size in
  sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
  Service.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 years agouboot-at91: Add PKG_MIRROR_HASH to fix download
Hauke Mehrtens [Mon, 18 Jan 2021 20:52:48 +0000 (21:52 +0100)]
uboot-at91: Add PKG_MIRROR_HASH to fix download

The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.

I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 20a7c9d5c9d87595aa73ad39e95132df545a60ca)

3 years agoat91bootstrap: Add PKG_MIRROR_HASH to fix download
Hauke Mehrtens [Mon, 18 Jan 2021 20:50:26 +0000 (21:50 +0100)]
at91bootstrap: Add PKG_MIRROR_HASH to fix download

The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.

I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a141e7a00e3ad8442831ed87766451a6114afdf9)

3 years agombedtls: update to 2.16.9
Rosen Penev [Mon, 4 Jan 2021 00:28:43 +0000 (16:28 -0800)]
mbedtls: update to 2.16.9

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f13b623f5e53a72b65f45cbaf56c73df35e70ed2)

3 years agokernel: bump 4.14 to 4.14.215
Hauke Mehrtens [Sun, 17 Jan 2021 14:42:22 +0000 (15:42 +0100)]
kernel: bump 4.14 to 4.14.215

Refreshed all patches.

Compile-tested on: ipq40xx, lantiq/xrx200, x86/64, ipq806x
Runtime-tested on: ipq40xx, lantiq/xrx200, x86/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 years agokernel: bump 4.14 to 4.14.214
Hauke Mehrtens [Sat, 9 Jan 2021 20:44:53 +0000 (21:44 +0100)]
kernel: bump 4.14 to 4.14.214

Refreshed all patches.

Removed patches because included in upstream:
- 499-mtd-parser-cmdline-Fix-parsing-of-part-names-with-co.patch
- 0071-2-PCI-qcom-Fixed-IPQ806x-PCIE-reset-changes.patch

Compile-tested on: ipq40xx, lantiq/xrx200, x86/64, ipq806x
Runtime-tested on: ipq40xx, lantiq/xrx200, x86/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 years agoglibc: update to latest 2.27 commit
Hauke Mehrtens [Thu, 31 Dec 2020 17:22:49 +0000 (18:22 +0100)]
glibc: update to latest 2.27 commit

daf88b1dd1 Add NEWS entry for CVE-2020-6096 (bug 25620)
b29853702e arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620]
bad8d5ff60 arm: CVE-2020-6096: fix memcpy and memmove for negative length [BZ #25620]
d64ad0a517 Fix use-after-free in glob when expanding ~user (bug 25414)
34ce87638c Fix array overflow in backtrace on PowerPC (bug 25423)
0df8ecff9e misc/test-errno-linux: Handle EINVAL from quotactl
26f5442ec1 <string.h>: Define __CORRECT_ISO_CPP_STRING_H_PROTO for Clang [BZ #25232]
4b64a4245c intl/tst-gettext: fix failure with newest msgfmt
dc7f51bda9 aarch64: Fix DT_AARCH64_VARIANT_PCS handling [BZ #26798]
8edc96aa33 aarch64: add HWCAP_ATOMICS to HWCAP_IMPORTANT
599ebfacc0 aarch64: Remove HWCAP_CPUID from HWCAP_IMPORTANT

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 years agobuild/prereq: merge ifndef IB block together
Paul Spooren [Wed, 30 Dec 2020 04:19:08 +0000 (18:19 -1000)]
build/prereq: merge ifndef IB block together

Multiple prereq checks are only required within the build system but not
for the ImageBuilder. These checks are excluded by using ifndef IB.

This commit merges the three ifndef IB blocks together.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit cc9d5b5a488d3a43068f621a1ef184f06e43bede)

3 years agobuild, imagebuilder: Do not require compilers
Sven Roederer [Sun, 27 Sep 2020 21:07:38 +0000 (23:07 +0200)]
build, imagebuilder: Do not require compilers

The buildroot and SDK both require the compilers (gcc, g++) to be
installed on the host system, however the ImageBuilder uses precompiled
binaries.

This patch changes the prerequirements checks to skip the checking for
the compilers if running as ImageBuilder. A similar change has been
made for libncurses-dev in 4a1a58a3e2d2.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
Acked-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit ae12a747cae3df16d84b7dc92f39427948d4e8e2)

3 years agobuild, imagebuilder: Do not require libncurses-dev
Paul Spooren [Tue, 14 Apr 2020 21:14:47 +0000 (11:14 -1000)]
build, imagebuilder: Do not require libncurses-dev

The buildroot and SDK both require `libncurses-dev` to be installed on
the system, however the ImageBuilder uses precompiled binaries.

This patch changes the prerequirements checks to skip the
`libncurses-dev` part if running as ImageBuilder.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 4a1a58a3e2d2360950ff23a05f1f55b779174d6a)

3 years agobuild/json: add filesystem information
Paul Spooren [Mon, 14 Dec 2020 00:36:17 +0000 (14:36 -1000)]
build/json: add filesystem information

Some images are created using different filesystems, most popular
squashfs and ext4. To allow downstream projects to distinguesh between
those, add the `filesystem` information to created json files.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit bc0ffff36a0bd8043e958913f574cb8d2a79e93d)

3 years agoath79: image: fix initramfs for safeloader devices
Petr Štetiar [Wed, 17 Jun 2020 21:48:32 +0000 (23:48 +0200)]
ath79: image: fix initramfs for safeloader devices

Currently it's not possible to tftpboot initramfs image on archer-c7-v5
as the image contains tplink-v1-header which leads to:

 ath> bootm
 ## Booting image at 81000000 ...
 Bad Magic Number

as U-Boot expects uImage wrapped image. This is caused by following
inheritance issue:

  define Device/Init
    KERNEL_INITRAMFS = $$(KERNEL)

  define Device/tplink-v1
    KERNEL := kernel-bin | append-dtb | lzma
    KERNEL_INITRAMFS := kernel-bin | append-dtb | lzma | tplink-v1-header

  define Device/tplink-safeloader
    $(Device/tplink-v1)

  define Device/tplink-safeloader-uimage
    $(Device/tplink-safeloader)
    KERNEL := kernel-bin | append-dtb | lzma | uImageArcher lzma

  define Device/tplink_archer-c7-v5
    $(Device/tplink-safeloader-uimage)

where tplink-v1 defines KERNEL_INITRAMFS with tplink-v1-header and it's
then used by all devices inheriting from tplink-safeloader. Fix this by
overriding KERNEL_INITRAMFS to KERNEL variable again.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ceeece9ffaa5a3a336505332c39794d76c08b2ca)

3 years agokernel: bump 4.14 to 4.14.212
Hauke Mehrtens [Wed, 16 Dec 2020 20:23:55 +0000 (21:23 +0100)]
kernel: bump 4.14 to 4.14.212

Refreshed all patches.

Removed patches because included in upstream:
- 315-v5.10-usbnet-ipeth-fix-connectivity-with-ios-14.patch

Compile-tested on: ipq40xx, ath79, x86/64
Runtime-tested on: ipq40xx, ath79

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 years agowireless-regdb: Update to version 2020.11.20
Hauke Mehrtens [Wed, 16 Dec 2020 16:23:59 +0000 (17:23 +0100)]
wireless-regdb: Update to version 2020.11.20

9efa1da wireless-regdb: update regulatory rules for Egypt (EG)
ede87f5 wireless-regdb: restore channel 12 & 13 limitation in the US
5bcafa3 wireless-regdb: Update regulatory rules for Croatia (HR)
4e052f1 wireless-regdb: Update regulatory rules for Pakistan (PK) on 5GHz
f9dfc58 wireless-regdb: update 5.8 GHz regulatory rule for GB
c19aad0 wireless-regdb: Update regulatory rules for Kazakhstan (KZ)
07057d3 wireless-regdb: update regulatory database based on preceding changes

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 94d1b2508c38e21a5d1a45a4d80db2905bf1537c)

3 years agowireless-regdb: bump to latest release 2020-04-29
Petr Štetiar [Wed, 29 Apr 2020 21:11:05 +0000 (23:11 +0200)]
wireless-regdb: bump to latest release 2020-04-29

Update to latest release.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 493eef5b279a0455b76bfacabdec3af8bf642385)

3 years agoopenssl: update to 1.1.1i
Eneas U de Queiroz [Fri, 11 Dec 2020 11:39:35 +0000 (08:39 -0300)]
openssl: update to 1.1.1i

Fixes: CVE-2020-1971, defined as high severity, summarized as:
NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS
attack.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 882ca13d923796438fd06badeb00dc95b7eb1467)

3 years agomac80211: Update to version 4.19.161-1
Hauke Mehrtens [Sat, 5 Dec 2020 23:17:59 +0000 (00:17 +0100)]
mac80211: Update to version 4.19.161-1

The removed patches were applied upstream.

The changes to 357-mac80211-optimize-skb-resizing.patch are more
complex. I think the patch already took care of the new changes done
upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 years agoramips: enable LED VCC for Asus RT-AC51U
Davide Fioravanti [Sun, 29 Sep 2019 18:52:37 +0000 (20:52 +0200)]
ramips: enable LED VCC for Asus RT-AC51U

Previously only the power LED was working.
With this patch all leds except 5GHz are working.

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
[rephrased commit title, drop status property]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 67d019ac94015707926235a3ac0aa6bb12cee8c2)

3 years agogeneric: ipeth: fix iOS 14 tethering
David Bauer [Sun, 29 Nov 2020 18:14:05 +0000 (19:14 +0100)]
generic: ipeth: fix iOS 14 tethering

This fixes tethering with devices using iOS 14. Prior to this patch,
connections to remote endpoints were not possible while data transfers
between the OpenWrt device and the iOS endpoints worked fine.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit f64496f30f2ef97124dc4e13a48ee0de9d51832e)

3 years agoOpenWrt v19.07.5: revert to branch defaults
Hauke Mehrtens [Sun, 6 Dec 2020 23:51:12 +0000 (00:51 +0100)]
OpenWrt v19.07.5: revert to branch defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 years agoOpenWrt v19.07.5: adjust config defaults v19.07.5
Hauke Mehrtens [Sun, 6 Dec 2020 23:51:00 +0000 (00:51 +0100)]
OpenWrt v19.07.5: adjust config defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 years agotools: always create $STAGING_DIR/usr/{include,lib}
Andre Heider [Thu, 20 Aug 2020 06:06:37 +0000 (08:06 +0200)]
tools: always create $STAGING_DIR/usr/{include,lib}

rules.mk always passes these as -I/-L to the toolchain.

Fixes rare errors like:
cc1: error: staging_dir/target-aarch64_cortex-a53_musl/usr/include: No such file or directory [-Werror=missing-include-dirs]

Signed-off-by: Andre Heider <a.heider@gmail.com>
Acked-by: Paul Spooren <mail@aparcar.org>
Acked-by: Rosen Penev <rosenp@gmail.com>
[fixed merge conflict]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b0cb305236524095bfd899449b0ad8eb821cb3bb)

3 years agotoolchain: kernel-headers: kernel Git tree mirror hash
Petr Štetiar [Sat, 21 Nov 2020 14:59:50 +0000 (15:59 +0100)]
toolchain: kernel-headers: kernel Git tree mirror hash

Allow setting of mirror hash for Git kernel tree.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 796d51834c5be85771d26e433fd509cd3bef72e3)

3 years agotoolchain: kernel-headers: fix check target for kernel Git tree
Petr Štetiar [Sat, 21 Nov 2020 15:05:08 +0000 (16:05 +0100)]
toolchain: kernel-headers: fix check target for kernel Git tree

Currently the check target fails if the kernel Git tree is used:

 $ make toolchain/kernel-headers/{download,check}

  make[2]: Entering directory 'toolchain/kernel-headers'
  Makefile:105: *** ERROR: Unknown pack format for file openwrt/tmp/dl/.  Stop.
  make[2]: Leaving directory 'toolchain/kernel-headers'
  toolchain/Makefile:100: recipe for target 'toolchain/kernel-headers/check' failed

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit bb7ba6b6a81d1fb7ac6075edfd8e8b713dd61db2)

3 years agodownload.pl: properly cleanup intermediate .hash file
Petr Štetiar [Fri, 27 Nov 2020 20:56:30 +0000 (21:56 +0100)]
download.pl: properly cleanup intermediate .hash file

It seems like after a build the /dl dir seems to now contain a .hash
file for each source file due to inproper cleanup so fix it by removing
those intermediate files before leaving the download action.

Fixes: 4e19cbc55335 ("download: handle possibly invalid local tarballs")
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 52a5d0d27f2557db99fc5435fbd7783b649cb9b2)

3 years agodownload: handle possibly invalid local tarballs
Petr Štetiar [Thu, 19 Nov 2020 15:32:46 +0000 (16:32 +0100)]
download: handle possibly invalid local tarballs

Currently it's assumed, that already downloaded tarballs are always
fine, so no checksum checking is performed and the tarball is used even
if it might be corrupted.

From now on, we're going to always check the downloaded tarballs before
considering them valid.

Steps to reproduce:

 1. Remove cached tarball

   rm dl/libubox-2020-08-06-9e52171d.tar.xz

 2. Download valid tarball again

   make package/libubox/download

 3. Invalidate the tarball

   sed -i 's/PKG_MIRROR_HASH:=../PKG_MIRROR_HASH:=ff/' package/libs/libubox/Makefile

 4. Now compile with corrupt tarball source

   make package/libubox/{clean,compile}

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 4e19cbc553350b8146985367ba46514cf50e3393)

3 years agocmake.mk,rules.mk: fix host builds using CMake and ccache
Petr Štetiar [Fri, 27 Nov 2020 21:50:32 +0000 (22:50 +0100)]
cmake.mk,rules.mk: fix host builds using CMake and ccache

Commit f98878e4c17d ("cmake.mk: set C/CXX compiler for host builds as
well") has introduced regression as it didn't taken usage of ccache into
the account so fix it by handling ccache use cases as well.

In order to get this working we need to export HOSTCXX_NOCACHE in
rules.mk as well.

Fixes: f98878e4c17d ("cmake.mk: set C/CXX compiler for host builds as well")
Reported-by: Ansuel Smith <ansuelsmth@gmail.com>
Tested-by: Ansuel Smith <ansuelsmth@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 524fb5646eec6147aadfdd508219f39bcf8ba8fc)

3 years agocmake.mk: set C/CXX compiler for host builds as well
Rosen Penev [Thu, 26 Nov 2020 00:08:57 +0000 (16:08 -0800)]
cmake.mk: set C/CXX compiler for host builds as well

Without this, cmake will use whatever CC/CXX is set to, which could be
clang. In that case, at least libjson-c/host will fail to compile.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f98878e4c17d5f11e78994b4fc456e6b60b2660f)