[pull] openwrt-21.02 from immortalwrt:openwrt-21.02 #75
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![pull[bot]](https://avatars.githubusercontent.com/in/12910?s=60&v=4){kind=small}
Allign dl_github_archieve.py to 8252511 change. On supported system the sigid bit is applied to files and tar archieve that on tar creation. This cause unreproducible tar for these system and these bit should be dropped to produce reproducible tar. Add the missing option following the command options used in other scripts. Fixes: 75ab064 ("build: download code from github using archive API") Suggested-by: Eneas U de Queiroz <[email protected]> Tested-by: Robert Marko <[email protected]> Signed-off-by: Christian Marangi <[email protected]> (cherry picked from commit 5f1758e)
Signed-off-by: Tianling Shen <[email protected]>
Signed-off-by: Tianling Shen <[email protected]>
Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 731846c)
Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit ad34421)
Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 9fe5813)
OpenWrt provides kmod-asn1-decoder for CONFIG_ASN1 but selecting it doesn't really work as expected. Kernel symbol is hidden and can be actually selected only as a dependency. That works well for in-kernel stuff but fails for external modules requiring ASN1 like ksmbd. Modify kernel Kconfig to make CONFIG_ASN1 always selectable. It's required to satisfy ksmbd dependencies cleanly (without hack like selecting unrelated modules). Link: http://lists.openwrt.org/pipermail/openwrt-devel/2023-January/040298.html Signed-off-by: Rafał Miłecki <[email protected]>
Removed upstreamed: - generic/backport-5.4/702-Revert-net-dsa-b53-Fix-valid-setting-for-MDB-entries.patch Manually rebased: - layerscape/patches-5.4/805-display-0002-drm-rockchip-prepare-common-code-for-cdns-and-rk-dpi.patch - layerscape/patches-5.4/820-usb-0010-MLK-22675-usb-dwc3-host-disable-park-mode.patch Refreshed all patches. Signed-off-by: Tianling Shen <[email protected]>
Fixes: #863 Signed-off-by: Tianling Shen <[email protected]>
Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit f295e34)
Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 17ec9ea)
(cherry picked from commit 9f853eb)
This adds missing HE modes to mac80211_prepare_ht_modes. Previously mesh without wpa_supplicant would be initialized with 802.11g /NO-HT only, as this method did not parse channel bandwidth for HE operation. Signed-off-by: David Bauer <[email protected]> (cherry picked from commit a63430e)
Signed-off-by: Tianling Shen <[email protected]>
This was done by running these commands: ./scripts/kconfig.pl '+' target/linux/generic/config-5.4 /dev/null > target/linux/generic/config-5.4-new mv target/linux/generic/config-5.4-new target/linux/generic/config-5.4 Signed-off-by: Hauke Mehrtens <[email protected]>
Compile-tested: x86/64 Run-tested: x86/64 Signed-off-by: Hauke Mehrtens <[email protected]>
Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 73adb850b0af7c242df1c141dc4b66ec3422cd60)
Device is the same as Xiaomi Mi Router 4A Gigabit, except of: - 5G WiFi is MT7663 - addresses of leds, wifi and eth ports are slightly changed Specs: SoC: MT7621 CPU: 2 x 880 MHz ROM: 16 MB RAM: 128 MB WLAN: MT7603, MT7663 MAC addresses: WAN **** factory 0xe006 (label) LAN *:f7 factory 0xe000 2.4 GHz *:f8 factory 0x0000+0x4 (mtd-eeprom+0x4) 5 GHz *:f9 factory 0x8000+0x4 (mtd-eeprom+0x4) Installation: Factory firmware is based on a custom OpenWrt 17.x. Installation is the same as for Xiaomi Mi Router 4A Gigabit. Probably the easiest way to install is to use the script from this repository: acecilia/OpenWRTInvasion#155 In a more advanced case, you can do everything yourself: - gain access to the device through one of the exploits described in the link above - upload sysupgrade image to /tmp - overwrite stock firmware: # mtd -e OS1 -r write /tmp/sysupgrade.bin OS1 Recovery: Recovery procedure is the same as for Xiaomi Mi Router 4A Gigabit. Possible options can be found here: https://openwrt.org/inbox/toh/xiaomi/xiaomi_mi_router_4a_gigabit_edition One of the ways is to use another router with OpenWrt: - connect both routers by their LAN ports - download stock firmware from [1] - place it inside /tmp/test.bin on the main router - configure PXE/TFTP on the main router - power off 4Av2, hold Reset button, power on - as soon as image download via TFTP starts, Reset can be released - blinking blue wan LED will indicate the end of the flashing process, now router can be rebooted [1] http://cdn.cnbj1.fds.api.mi-img.com/xiaoqiang/rom/r4av2/miwifi_r4av2_firmware_release_2.30.28.bin Signed-off-by: Dmitry Sokolov <[email protected]> (cherry picked from commit 39e4f03) Signed-off-by: Tianling Shen <[email protected]>
Signed-off-by: Tianling Shen <[email protected]>
Signed-off-by: Tianling Shen <[email protected]>
Signed-off-by: Tianling Shen <[email protected]>
Signed-off-by: Tianling Shen <[email protected]>
Signed-off-by: Tianling Shen <[email protected]>
Signed-off-by: Tianling Shen <[email protected]>
As of upstream Linux commit 0fe1e96fef0a ("powerpc/pci: Prefer PCI
domain assignment via DT 'linux,pci-domain' and alias"), the PCIe
domain address is no longer numbered by the lowest 16 bits of the PCI
register address after a fallthrough. Instead of the fallthrough, the
enumeration process accepts the alias ID (as determined by
`of_alias_scan()`). This causes e.g.:
9000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
9000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...
to become
0000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
0000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...
... which then causes the sysfs path of the netdev to change,
invalidating the `wifi_device.path`s enumerated in
`/etc/config/wireless`.
One other solution might be to migrate the uci configuration, as was
done for mvebu in commit 0bd5aa8 ("mvebu: Migrate uci config to
new PCIe path"). However, there are concerns that the sysfs path will
change once again once some upstream patches[^2][^3] are merged and
backported (and `CONFIG_PPC_PCI_BUS_NUM_DOMAIN_DEPENDENT` is enabled).
Instead, remove the aliases and allow the fallthrough to continue for
now. We will provide a migration in a later release.
This was first reported as a Github issue[^1].
[^1]: openwrt/openwrt#10530
[^2]: https://lore.kernel.org/linuxppc-dev/[email protected]/t/#u
[^3]: https://lore.kernel.org/linuxppc-dev/[email protected]/
Fixes: #10530
Tested-by: Martin Kennedy <[email protected]>
[Tested on the Aerohive HiveAP 330 and Extreme Networks WS-AP3825i]
Signed-off-by: Martin Kennedy <[email protected]>
(cherry picked from commit 7f4b4c2)
Signed-off-by: Fabian Bläse <[email protected]>
Signed-off-by: Tianling Shen <[email protected]>
Removed upstreamed patch: 010-padlock.patch
Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
*) Fixed X.400 address type confusion in X.509 GeneralName.
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
vulnerability may allow an attacker who can provide a certificate chain and
CRL (neither of which need have a valid signature) to pass arbitrary
pointers to a memcmp call, creating a possible read primitive, subject to
some constraints. Refer to the advisory for more information. Thanks to
David Benjamin for discovering this issue. (CVE-2023-0286)
This issue has been fixed by changing the public header file definition of
GENERAL_NAME so that x400Address reflects the implementation. It was not
possible for any existing application to successfully use the existing
definition; however, if any application references the x400Address field
(e.g. in dead code), note that the type of this field has changed. There is
no ABI change.
[Hugo Landau]
*) Fixed Use-after-free following BIO_new_NDEF.
The public API function BIO_new_NDEF is a helper function used for
streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
be called directly by end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1
filter BIO onto the front of it to form a BIO chain, and then returns
the new head of the BIO chain to the caller. Under certain conditions,
for example if a CMS recipient public key is invalid, the new filter BIO
is freed and the function returns a NULL result indicating a failure.
However, in this case, the BIO chain is not properly cleaned up and the
BIO passed by the caller still retains internal pointers to the previously
freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
then a use-after-free will occur. This will most likely result in a crash.
(CVE-2023-0215)
[Viktor Dukhovni, Matt Caswell]
*) Fixed Double free after calling PEM_read_bio_ex.
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
data. If the function succeeds then the "name_out", "header" and "data"
arguments are populated with pointers to buffers containing the relevant
decoded data. The caller is responsible for freeing those buffers. It is
possible to construct a PEM file that results in 0 bytes of payload data.
In this case PEM_read_bio_ex() will return a failure code but will populate
the header argument with a pointer to a buffer that has already been freed.
If the caller also frees this buffer then a double free will occur. This
will most likely lead to a crash.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
internal uses of these functions are not vulnerable because the caller does
not free the header argument if PEM_read_bio_ex() returns a failure code.
(CVE-2022-4450)
[Kurt Roeckx, Matt Caswell]
*) Fixed Timing Oracle in RSA Decryption.
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA padding
modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
(CVE-2022-4304)
[Dmitry Belyavsky, Hubert Kario]
Signed-off-by: John Audia <[email protected]>
Signed-off-by: Tianling Shen <[email protected]>
This update mac80211 to version 5.15.92-1. This includes multiple bugfixes. Some of these bugfixes are fixing security relevant bugs. Signed-off-by: Hauke Mehrtens <[email protected]> (cherry picked from commit 863288b49d3d1466f22bcf6098e4635a5be98626)
With the various variants of Netgear R**** devices, make it more obvious which image should be used for the R7200. Signed-off-by: Dale Hui <[email protected]> [provide proper commit message] Signed-off-by: Adrian Schmutzler <[email protected]> (cherry picked from commit af3104d)
When the membase and pci_dev pointer were moved to a new struct in priv,
the actual membase users were left untouched, and they started reading
out arbitrary memory behind the struct instead of registers. This
unfortunately turned the RNG into a constant number generator, depending
on the content of what was at that offset.
To fix this, update geode_rng_data_{read,present}() to also get the
membase via amd_geode_priv, and properly read from the right addresses
again.
Closes #13417.
Reported-by: Timur I. Davletshin <[email protected]>
Tested-by: Timur I. Davletshin <[email protected]>
Suggested-by: Jo-Philipp Wich <[email protected]>
Signed-off-by: Jonas Gorski <[email protected]>
(cherry picked from commit 09d13cd)
Signed-off-by: Nicholas Sun <[email protected]> Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 680e475)
Added minimal mmc support for helper functions: - find_mmc_part: Look for a given partition name. Returns the coresponding partition path - caldata_extract_mmc: Look for a given partition name and then extracts the calibration data - mmc_get_mac_binary: Returns the mac address from a given partition name and offset Signed-off-by: Davide Fioravanti <[email protected]> Signed-off-by: Robert Marko <[email protected]> [replace dd with caldata_dd, moved sysupgrade mmc to orbi] Signed-off-by: Christian Lamparter <[email protected]> (cherry picked from commit 6e13794)
Some devices got more than one mmc device. Allow specifying the root device as 2nd parameter of find_mmc_part so scripts can avoid matching irrelevant partitions on wrong mmc device. Signed-off-by: Daniel Golle <[email protected]> (cherry picked from commit 9f223a2)
Adds generic support for sysupgrading on eMMC-based devices. Provide function emmc_do_upgrade and emmc_copy_config to be used in /lib/upgrade/platform.sh instead of redundantly implementing the same logic over and over again. Similar to generic sysupgrade on NAND, use environment variables CI_KERNPART, CI_ROOTPART and newly introduce CI_DATAPART to indicate GPT partition names to be used. On devices with more than one MMC block device, CI_ROOTDEV can be used to specify the MMC device for partition name lookups. Also allow to select block devices directly using EMMC_KERN_DEV, EMMC_ROOT_DEV and EMMC_DATA_DEV, as using GPT partition names is not always an option (e.g. when forced to use MBR). To easily handle writing kernel and rootfs make use of sysupgrade.tar format convention which is also already used for generic NAND support. Signed-off-by: Enrico Mioso <[email protected]> Signed-off-by: Daniel Golle <[email protected]> CC: Li Zhang <[email protected]> CC: TruongSinh Tran-Nguyen <[email protected]> (cherry picked from commit 57c1f3f)
Rootfs overlays get created at a ROOTDEV_OVERLAY_ALIGN (64KiB) alignment after the rootfs, but emmc_do_upgrade() is assuming it comes at the very next 512-byte sector. Suggested-by: Christian Lamparter <[email protected]> Signed-off-by: Brian Norris <[email protected]> (move spaces around, mention fstools' libtoolfs) Signed-off-by: Christian Lamparter <[email protected]> (cherry picked from commit e8a0c55)
emmc_do_upgrade() relies on identify() from the nand.sh upgrade helper. This only works because FEATURES=emmc targets also tend to include FEATURES=nand. Rename identify_magic() to identify_magic_long() to match the common.sh style and make it clear it pairs with other *_long() variants (and not, say *_word()). Signed-off-by: Brian Norris <[email protected]> (cherry picked from commit d3c19c7)
The PKG_CPE_ID links to NIST CPE version 2.2. Assign PKG_CPE_ID to all remaining package which have a CPE ID. Not every package has CPE id. Related: openwrt/packages#8534 Signed-off-by: Alexander Couzens <[email protected]>
The PKG_CPE_ID links to NIST CPE version 2.2. Assign PKG_CPE_ID to all remaining tools which have a CPE ID. Not every tool has CPE id. Related: openwrt/packages#8534 Signed-off-by: Alexander Couzens <[email protected]>
The PKG_CPE_ID links to NIST CPE version 2.2. Assign PKG_CPE_ID to all remaining package which have a CPE ID. Not every package has a CPE id. Related: openwrt/packages#8534 Signed-off-by: Alexander Couzens <[email protected]>
Vulnerabilities of musl libc are tracked as cpe:/a:musl-libc:musl Signed-off-by: Arne Zachlod <[email protected]>
This adds some Common Platform Enumerations (CPE) identifiers which I found. Signed-off-by: Hauke Mehrtens <[email protected]>
Signed-off-by: Tianling Shen <[email protected]>
Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [30 May 2023]
o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic
OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
o Fixed handling of invalid certificate policies in leaf certificates
(CVE-2023-0465)
o Limited the number of nodes created in a policy tree ([CVE-2023-0464])
Signed-off-by: Hauke Mehrtens <[email protected]>
(cherry picked from commit afb442270211c00282cecf323d568aa88391a32c)
Major changes between OpenSSL 1.1.1u and OpenSSL 1.1.1v [1 Aug 2023]
o Fix excessive time spent checking DH q parameter value (CVE-2023-3817)
o Fix DH_check() excessive time with over sized modulus (CVE-2023-3446)
Signed-off-by: Hauke Mehrtens <[email protected]>
(cherry picked from commit de29f15af173e9434d11a00ffcf437bd6bc97727)
The compex WPJ563 actually has both usb controllers wired: usb0 --> pci-e slot usb1 --> pin header As the board exposes it for generic use, enable this controller too. fixes: #13650 Signed-off-by: Koen Vandeputte <[email protected]> (cherry picked from commit 9188c77)
Doing a simple ping to my device shows this: 64 bytes from 10.0.253.101: icmp_seq=1 ttl=64 time=2.00 ms 64 bytes from 10.0.253.101: icmp_seq=2 ttl=64 time=2.02 ms 64 bytes from 10.0.253.101: icmp_seq=3 ttl=64 time=1.68 ms 64 bytes from 10.0.253.101: icmp_seq=4 ttl=64 time=1.91 ms 64 bytes from 10.0.253.101: icmp_seq=5 ttl=64 time=1.92 ms 64 bytes from 10.0.253.101: icmp_seq=6 ttl=64 time=2.04 ms Some users even report higher values on older kernels: 64 bytes from 192.168.1.10: seq=0 ttl=64 time=0.612 ms 64 bytes from 192.168.1.10: seq=1 ttl=64 time=2.852 ms 64 bytes from 192.168.1.10: seq=2 ttl=64 time=2.719 ms 64 bytes from 192.168.1.10: seq=3 ttl=64 time=2.741 ms 64 bytes from 192.168.1.10: seq=4 ttl=64 time=2.808 ms The problem is that the governor is set to Ondemand, which causes the CPU to clock all the way down to 48MHz in some cases. Switching to performance governor: 64 bytes from 10.0.253.101: icmp_seq=1 ttl=64 time=0.528 ms 64 bytes from 10.0.253.101: icmp_seq=2 ttl=64 time=0.561 ms 64 bytes from 10.0.253.101: icmp_seq=3 ttl=64 time=0.633 ms 64 bytes from 10.0.253.101: icmp_seq=4 ttl=64 time=0.526 ms In theory, using the Performance governor should increase power draw, but it looks like it really does not matter for this soc. Using a calibrated precision DC power supply (cpu idle): Ondemand 24.00V * 0.134A = 3.216 Watts 48.00V * 0.096A = 4.608 Watts Performance 24.00V * 0.135A = 3.240 Watts 48.00V * 0.096A = 4.608 Watts Let's simply switch to the Performance governor by default to fix the general jittery behaviour on devices using this soc. Tested on: MikroTik wAP ac Fixes: #13649 Reviewed-by: Robert Marko <[email protected]> Reviewed-by: Thibaut VARÈNE <[email protected]> Signed-off-by: Koen Vandeputte <[email protected]> (cherry picked from commit b8e5285)
Ensure the MAC address for all NanoPi R1 boards is assigned uniquely for each board. The vendor ships the device in two variants; one with and one without eMMC; but both without static mac-addresses. In order to assign both board types unique MAC addresses, fall back on the same method used for the NanoPi R2S and R4S in case the EEPROM chip is not present by generating the board MAC from the SD card CID. [0] https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R1#Hardware_Spec Similar too and based on: commit b5675f5 ("rockchip: ensure NanoPi R4S has unique MAC address") Co-authored-by: David Bauer <[email protected]> Signed-off-by: Jan-Niklas Burfeind <[email protected]>
Backport the patch that adds the DT for ASUS RT-AC3100. Signed-off-by: Arınç ÜNAL <[email protected]> (cherry picked from commit b7ee8c9)
ASUS RT-AC3100 is ASUS RT-AC88U without the external switch. OpenWrt forum users effortless and ktmakwana have confirmed that there are revisions with either 4366b1 or 4366c0 wireless chips. Therefore, include firmware for 4366b1 along with 4366c0. This way, all hardware revisions of the router will be supported by having brcmfmac use the firmware file for the wireless chip it detects. Signed-off-by: Arınç ÜNAL <[email protected]> (cherry picked from commit 2214bab)
So far every build of a single bcm53xx Target Profile (it means: when NOT using CONFIG_TARGET_MULTI_PROFILE) resulted in all target devices images being built. Now it only builds the one matching selected profile. Fixes: #13572 Suggested-by: Jonas Gorski <[email protected]> Signed-off-by: Rani Hod <[email protected]> [rmilecki: update commit subject + body & move PROFILES line] Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit 802a5f5)
We now have all raw ports defined in bcm-ns.dtsi. Leave only lables in custom device files. Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit 08ce0c7)
Among other changes this commit makes Linux use correct switch ports again. Fixes: fff279f ("bcm53xx: backport DT changes from v6.5") Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit a67af19)
This makes Linux use correct switch ports again. Fixes: fff279f ("bcm53xx: backport DT changes from v6.5") Fixes: openwrt/openwrt#13548 Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit a912ee7)
Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit 732ae34)
Signed-off-by: Rafał Miłecki <[email protected]>
Most (all?) of the realtek devices have two u-boot config partitions with a different set of variables in each. The U-Boot shell provides two sets of apps to manipulate these: printenv- print environment variables printsys- printsys - print system information variables saveenv - save environment variables to persistent storage savesys - savesys - save system information variables to persistent storage setenv - set environment variables setsys - setsys - set system information variables Add support for multiple ubootenv configuration types, allowing more than one configuration file. Section names are not suitable for naming the different configurations since each file can be the result of multiple sections in case of backup partitions. Signed-off-by: Bjørn Mork <[email protected]> (cherry picked from commit a3e9fd7)
Signed-off-by: Tianling Shen <[email protected]>
Fix compilation with glibc 44365eb Deactivate _FORTIFY_SOURCE in jitterentropy-base.c Signed-off-by: Hauke Mehrtens <[email protected]> (cherry picked from commit d62726b)
Signed-off-by: Tianling Shen <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )