Jo-Philipp Wich [Thu, 23 Aug 2018 17:08:58 +0000 (19:08 +0200)]
grub2: rebase patches
Patch 300-CVE-2015-8370.patch was added without proper rebasing on the
version used by OpenWrt, make it apply and refresh the patch to fix
compilation.
Binary patch the bundled glibc library to inhibit loading of host locale
archives in order to avoid triggering internal libc assertions when
invoking shipped, bundled executables.
The problem has been solved with upstream Glibc commit 0062ace229 ("Gracefully handle incompatible locale data") but we still
need to deal with older Glibc binaries for some time to come.
Jo-Philipp Wich [Thu, 30 Aug 2018 08:51:09 +0000 (10:51 +0200)]
ramips: only limit lzma dictionary size on mt7621
The changed dictionary size leads to a different LZMA header which breaks
sysupgrade image magic checkibng on at least some RT288x boards.
Since the commit message only mentions testing on MT7621 and since the
change appears to break at least one other ramips subtarget, do not take
any chances and restrict the size limitation to only MT7621.
Thomas Equeter [Thu, 16 Aug 2018 19:39:05 +0000 (21:39 +0200)]
uqmi: wait for the control device too
The control device /dev/cdc-wdm0 is not available immediately on the
D-Link DWR-921 Rev.C3, therefore the wwan interface fails to start at
boot with a "The specified control device does not exist" error.
This patch alters /lib/netifd/proto/qmi.sh to wait for
network.wwan.delay earlier, before checking for the control device,
instead of just before interacting with the modem.
One still has to use network.wwan.proto='qmi', as the "wwan" proto
performs that sort of check before any delay is possible, failing with a
"No valid device was found" error.
Signed-off-by: Thomas Equeter <tequeter@users.noreply.github.com>
Some combination of modem/wireless operator requires more time to
execute the commands.
Tested on DWR-512 embedded wwan modem and italian operator iliad (new
virtual operator).
ar71xx: WNR612v2: fix kernel panic due to wrong Wifi LED init
Netgear WNR612v2 flashed with recent OpenWrt builds suffers from kernel
panic at boot during wireless chip initialization, making device
unusable:
ath: phy0: Ignoring endianness difference in EEPROM magic bytes.
ath: phy0: Enable LNA combining
CPU 0 Unable to handle kernel paging request at virtual address 1000fee1, epc == 801d08f0, ra == 801d0d90
Oops[#1]:
CPU: 0 PID: 469 Comm: kmodloader Not tainted 4.9.120 #0
[ ... register dump etc ... ]
Kernel panic - not syncing: Fatal exception
Rebooting in 1 seconds..
This simple patch fixes above error. It keeps LED table in memory after
kernel init phase for ath9k driver to operate correctly (__initdata
removed).
Also, another bug is fixed - correct array size is provided to function
that adds platform LEDs (this device has only 1 connected to Wifi chip)
preventing code from going outside array bounds.
Fixes: 1f5ea4eae46e ("ar71xx: add correct named default wireless led by using platform leds") Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
[trimmed commit message] Signed-off-by: Mathias Kresin <dev@kresin.me>
Hans Dedecker [Fri, 24 Aug 2018 13:02:24 +0000 (15:02 +0200)]
dropbear: backport upstream fix for CVE-2018-15599
CVE description :
The recv_msg_userauth_request function in svr-auth.c in Dropbear through
2018.76 is prone to a user enumeration vulnerability because username
validity affects how fields in SSH_MSG_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.
Mathias Kresin [Wed, 22 Aug 2018 04:40:28 +0000 (06:40 +0200)]
ramips: fix GL-MT300N-V2 SoC compatible
According to abbfcc85259a ("ramips: add support for GL-inet
GL-MT300N-V2") the board has a MediaTek MT7628AN. Change the SoC
compatible to match the used hardware.
Mathias Kresin [Wed, 22 Aug 2018 04:26:36 +0000 (06:26 +0200)]
ramips: drop not existing groups from pinmux
RT5350 neither have rgmii nor a mdio pinmux group. MT7628an doesn't
have a jtag group. Having these groups defined might cause a boot
panic.
The pin controller fails to initialise for kernels > 4.9 if invalid
groups are used. If a subsystem references a pin controller
configuration node, it can not find this node and errors out. In worst
case it's the SPI driver which errors out and we have no root
filesystem to mount.
Mathias Kresin [Wed, 15 Aug 2018 06:20:33 +0000 (08:20 +0200)]
generic: revert workarounds for AR8337 switch
The intention of 967b6be118e3 ("ar8327: Add workarounds for AR8337
switch") was to remove the register fixups for AR8337. But instead they
were removed for AR8327.
The RGMII RX delay is forced even if the port is used as phy instead of
mac, which results in no package flow at least for one board.
Mathias Kresin [Sun, 18 Feb 2018 21:48:44 +0000 (22:48 +0100)]
cns3xxx: fix mtu setting with kernel 4.14
Since kernel 4.10 commit 61e84623ace3 ("net: centralize net_device
min/max MTU checking"), the range of mtu is [min_mtu, max_mtu], which
is [68, 1500] by default.
It's necessary to set a max_mtu if a mtu > 1500 is supported.
Hauke Mehrtens [Wed, 15 Aug 2018 20:17:11 +0000 (22:17 +0200)]
openssl: update to version 1.0.2p
This fixes the following security problems:
* CVE-2018-0732: Client DoS due to large DH parameter
* CVE-2018-0737: Cache timing vulnerability in RSA Key Generation
Hauke Mehrtens [Wed, 15 Aug 2018 19:50:09 +0000 (21:50 +0200)]
kernel: bump kernel 4.9 to version 4.9.120
The following patch was integrated upstream:
* target/linux/generic/backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch
This fixes tries to work around the following security problems:
* CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
* CVE-2018-3646 L1 Terminal Fault Virtualization related aspects
Hauke Mehrtens [Wed, 15 Aug 2018 20:40:58 +0000 (22:40 +0200)]
kernel: bump kernel 4.14 to version 4.14.63
The following patches were integrated upstream:
* target/linux/ipq40xx/patches-4.14/050-0006-mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch
* target/linux/mediatek/patches-4.14/0177-phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass.patch
This fixes tries to work around the following security problems:
* CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
* CVE-2018-3646 L1 Terminal Fault Virtualization related aspects
Hauke Mehrtens [Sun, 12 Aug 2018 09:32:57 +0000 (11:32 +0200)]
ath25: Do not build images for ubnt2 and ubnt5
The flash size of the ubnt2 and ubnt5 is limited and the images with
LuCI are getting too big for these boards. Do not build images for these
boards to make the complete build of this target not fail anymore.
Hauke Mehrtens [Sun, 12 Aug 2018 09:31:28 +0000 (11:31 +0200)]
at91: do not build image for at91-q5xr5
The kernel image of the at91-q5xr5 is getting too bing now and this is
breaking the build. Remove the image for the at91-q5xr5 from the build
to at least build images for the other devices.
John Crispin [Fri, 10 Aug 2018 13:48:21 +0000 (15:48 +0200)]
wpa_supplicant: fix CVE-2018-14526
Unauthenticated EAPOL-Key decryption in wpa_supplicant
Published: August 8, 2018
Identifiers:
- CVE-2018-14526
Latest version available from: https://w1.fi/security/2018-1/
Vulnerability
A vulnerability was found in how wpa_supplicant processes EAPOL-Key
frames. It is possible for an attacker to modify the frame in a way that
makes wpa_supplicant decrypt the Key Data field without requiring a
valid MIC value in the frame, i.e., without the frame being
authenticated. This has a potential issue in the case where WPA2/RSN
style of EAPOL-Key construction is used with TKIP negotiated as the
pairwise cipher. It should be noted that WPA2 is not supposed to be used
with TKIP as the pairwise cipher. Instead, CCMP is expected to be used
and with that pairwise cipher, this vulnerability is not applicable in
practice.
When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data
field is encrypted using RC4. This vulnerability allows unauthenticated
EAPOL-Key frames to be processed and due to the RC4 design, this makes
it possible for an attacker to modify the plaintext version of the Key
Data field with bitwise XOR operations without knowing the contents.
This can be used to cause a denial of service attack by modifying
GTK/IGTK on the station (without the attacker learning any of the keys)
which would prevent the station from accepting received group-addressed
frames. Furthermore, this might be abused by making wpa_supplicant act
as a decryption oracle to try to recover some of the Key Data payload
(GTK/IGTK) to get knowledge of the group encryption keys.
Full recovery of the group encryption keys requires multiple attempts
(128 connection attempts per octet) and each attempt results in
disconnection due to a failure to complete the 4-way handshake. These
failures can result in the AP/network getting disabled temporarily or
even permanently (requiring user action to re-enable) which may make it
impractical to perform the attack to recover the keys before the AP has
already changes the group keys. By default, wpa_supplicant is enforcing
at minimum a ten second wait time between each failed connection
attempt, i.e., over 20 minutes waiting to recover each octet while
hostapd AP implementation uses 10 minute default for GTK rekeying when
using TKIP. With such timing behavior, practical attack would need large
number of impacted stations to be trying to connect to the same AP to be
able to recover sufficient information from the GTK to be able to
determine the key before it gets changed.
Vulnerable versions/configurations
All wpa_supplicant versions.
Acknowledgments
Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU
Leuven for discovering and reporting this issue.
Possible mitigation steps
- Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This
can be done also on the AP side.
- Merge the following commits to wpa_supplicant and rebuild:
WPA: Ignore unauthenticated encrypted EAPOL-Key data
This patch is available from https://w1.fi/security/2018-1/
- Update to wpa_supplicant v2.7 or newer, once available
Stijn Tintel [Thu, 28 Jun 2018 09:44:10 +0000 (11:44 +0200)]
kernel: add pending e1000e fixes
The previous round of fixes for the 82574 chip cause an issue with
emulated e1000e devices in VMware ESXi 6.5. It also contains changes
that are not strictly necessary. These patches fix the issues introduced
in the previous series, revert the unnecessary changes to avoid
unforeseen fallout, and avoid a case where interrupts can be missed.
The final two patches of this series are already in the kernel, so no
need to include them here.
Hauke Mehrtens [Mon, 21 May 2018 11:58:52 +0000 (13:58 +0200)]
mbedtls: Update to 2.12.0
Multiple security fixes
* CVE-2018-0497 Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel
* CVE-2018-0498 Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel
Disable OFB block mode and XTS block cipher mode, added in 2.11.0.
Disable Chacha20 and Poly1305 cryptographic primitives, added in 2.12.0
Patch the so version back to the original one, the API changes are
looking no so invasive.
The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
163.967 Bytes
ipkg for mips_24kc after:
164.753 Bytes
Hauke Mehrtens [Mon, 21 May 2018 11:58:53 +0000 (13:58 +0200)]
mbedtls: Activate the session cache
This make sit possible to store informations about a session and reuse
it later. When used by a server it increases the time to create a new
TLS session from about 1 second to less than 0.1 seconds.
The size of the ipkg file increased by about 800 Bytes.
ipkg for mips_24kc before:
163.140 Bytes
ipkg for mips_24kc after:
163.967 Bytes
Pawel Dembicki [Thu, 15 Feb 2018 21:21:25 +0000 (22:21 +0100)]
kernel: generic: fix problem with w1-gpio-custom
In boards with fdt is impossible to use kmod-w1-gpio-custom.
w1-gpio-custom create platform structure for w1-gpio module,
but if board use fdt, data is ignored in w1-gpio probe.
Override the default shutdown action (stop) and close all processes
of dropbear
Since commit 498fe85, the stop action only closes the process
that's listening for new connections, maintaining the ones with
existing clients.
This poses a problem when restarting or shutting-down a device,
because the connections with existing SSH clients, like OpenSSH,
are not properly closed, causing them to hang.
This situation can be avoided by closing all dropbear processes when
shutting-down the system, which closes properly the connections with
current clients.
Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
[Luis: Rework commit message] Signed-off-by: Luis Araneda <luaraneda@gmail.com>
(cherry picked from commit 1e177844bc814d3846312c91cd0f7a54df4f32b9)
Antti Seppälä [Fri, 6 Jul 2018 06:35:37 +0000 (09:35 +0300)]
kernel: usb: dwc2 DMA alignment fixes
Add two patches submitted for upstream review that significantly improve
the dwc2 driver on openwrt from kernel stability and performance
perspectives.
* New microcode update packages from AMD upstream:
+ New Microcodes:
sig 0x00800f12, patch id 0x08001227, 2018-02-09
+ Updated Microcodes:
sig 0x00600f12, patch id 0x0600063e, 2018-02-07
sig 0x00600f20, patch id 0x06000852, 2018-02-06
* Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support,
plus other unspecified fixes/updates.
John Crispin [Mon, 30 Jul 2018 21:56:14 +0000 (23:56 +0200)]
netifd: update to latest git HEAD
a0a1e52 fix compile error 75ee790 interface-ip: fix eui64 ifaceid generation (FS#1668) ca97097 netifd: make sure the vlan ifname fits into the buffer b8c1bca iprule: remove bogus assert calls a2f952d iprule: fix broken in_dev/out_dev checks 263631a vlan: use alloca to get rid of IFNAMSIZE in vlan_dev_set_name() 291ccbb ubus: display correct prefix size for IPv6 prefix address 908a9f4 CMakeLists.txt: add -Wimplicit-fallthrough to the compiler flags b06b011 proto-shell.c: add a explicit "fall through" comment to make the compiler happy 60293a7 replace fall throughs in switch/cases where possible with simple code changes 5cf7975 iprule: rework interface based rules to handle dynamic interfaces 57f87ad Introduce new interface event "create" (IFEV_CREATE) 03785fb system-linux: fix build error on older kernels d1251e1 system-linux: adjust bridge isolate mode for upstream attribute naming e9eff34 system-linux: extend link mode speed definitions c1f6a82 system-linux: add autoneg and link-partner output
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 3c4eeb5d21073dea5a021012f9e65ce95f81806e) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
drivers/net/ethernet/mtk/gsw_mt7620.c: In function 'mt7620_hw_init':
drivers/net/ethernet/mtk/gsw_mt7620.c:171:14: error: 'mdio_mode' undeclared (first use in this function); did you mean 'd_move'?
} else if (!mdio_mode) {
^~~~~~~~~
d_move
Chen Minqiang [Fri, 3 Aug 2018 17:14:07 +0000 (01:14 +0800)]
mt7620: gsw: make IntPHY and ExtPHY share mdio addr 4 possible
To share mdio addr for IntPHY and ExtPHY,
as described in the documentation (MT7620_ProgrammingGuide.pdf).
(refer: http://download.villagetelco.org/hardware/MT7620/MT7620_ProgrammingGuide.pdf)
when port4 setup to work as gmac mode, dts like:
&gsw {
mediatek,port4 = "gmac";
};
we should set SYSCFG1.GE2_MODE==0x0 (RGMII).
but SYSCFG1.GE2_MODE may have been set to 3(RJ-45) by uboot/default
so we need to re-set it to 0x0
before this changes:
gsw: 4FE + 2GE may not work correctly and MDIO addr 4 cannot be used by ExtPHY
after this changes:
gsw: 4FE + 2GE works and MDIO addr 4 can be used by ExtPHY
When PHY's are defined on the MDIO bus in the DTS, gigabit support was
being masked out for no apparent reason, pegging all such ports to 10/100.
If gigabit support must be disabled for some reason, there should be a
"max-speed" property in the DTS.
Reported-by: James McKenzie <openwrt@madingley.org> Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
(cherry picked from commit 379fe506729a20c5fdb072840cb662b032e90c36)
Koen Vandeputte [Thu, 2 Aug 2018 13:00:17 +0000 (15:00 +0200)]
iperf: bump to 2.0.12
2.0.12 change set (as of June 25th 2018)
o Change the unicast TTL default value from 1 to the system default (to be compatable with previous versions.) Mulitcast still defaults to 1.
o adpative formatting bug fix: crash occurs when values exceed 1 Tera. Add support for Tera and Peta and eliminate the potential crash condition
o configure default compile to include isochronous support (use configure --disable-isochronous to remove support)
o replace 2.0.11's --vary-load option with a more general -b option to include <mean>,<stdev>, e.g. -b 100m,40m, which will pull from a log normal distribution every 0.1 seconds
o fixes for windows cross compile (using mingw32)
o compile flags of -fPIE for android
o configure --enable-checkprograms to compile ancillary binaries used to test things such as delay, isoch, pdf generation
o compile tests when trying to use 64b seq numbers on a 32b platform
o Fix GCC ver 8 warnings
2.0.11 change set (as of May 24th, 2018)
o support for -b on server (read rate limiting)
o honor -T (ttl) for unicast. (Note: the default value is 1 so this will impact unicast tests that require routing)
o support for --isochronous traffic with optional frames per second, mean and variance uses a log normal distribution (requires configure w/-enable-isochronous and compile)
o support for --udp triggers (requires configure w/ --enable-udptriggers, early code with very limited support)
o support for --udp-histogram with optional bin width and number of bins (default is 1 millisecond bin width and 1000 bins)
o support for frame (burst) latency histograms when --isochronous is set
o support for --tx-sync with -P for synchonrized writes. Initial use is for WiFi OFDMA latency testing.
o support for --incr-dstip with -P for simultaneous flows to multiple destinations (use case is for OFDMA)
o support for --vary-load with optional weight, uses log normal distribution (requires -b to set the mean)
o support for --l2checks to detect L2 length errors not detected by v4 or v6 payload length errors (requires linux, berkeley packet filters BPFs and AF_PACKET socket support)
o support for server joining mulitcast source specific multicast (S,G) and (*,G) for both v4 and v6 on platforms that support it
o improved write counters (requires -e)
o accounting bug fix on client when write fails, this bug was introduced in 2.0.10
o slight restructure client/server traffic thread code for maintainability
o python: flow example script updates
o python: ssh node object using asyncio
o python: histograms in flows with plotting (assumed gnuplot available)
o python: hierarchical clustering of latency histograms (early code)
o man pages updates
o Note: latency histograms require client and server system clock synchronization. A GPS disciplined oscillator using Precision Time Protocol works well for this.
Jo-Philipp Wich [Wed, 1 Aug 2018 07:11:17 +0000 (09:11 +0200)]
sdk: bundle usbip userspace sources
Bundle the usbip utility sources shipped with the Linux kernel tree in
order to allow the usbip packages from the package feed to build within
the OpenWrt SDK.
include/feeds.mk: fix distfeeds.conf without per-feed repos
commit 514a4b3e1b4e4 ("include/feeds.mk: rework generation of opkg
distfeeds.conf") made the per-feed "base" repo unconditional, making
the default configuration fail when PER_FEED_REPO is disabled:
root@wrt1900ac-1:~# cat /etc/opkg/distfeeds.conf
src/gz openwrt_core http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages
src/gz openwrt_base http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base
root@wrt1900ac-1:~# opkg update
Downloading http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading http://openwrt.mork.no/18.06.0/targets/mvebu/cortexa9/packages/Packages.sig
Signature check passed.
Downloading http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz
*** Failed to download the package list from http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz
Collected errors:
* opkg_download: Failed to download http://openwrt.mork.no/18.06.0/packages/arm_cortex-a9_vfpv3/base/Packages.gz, wget returned 8.
bcm53xx: switch USB 3.0 PHY DT description to use MDIO bus
USB 3.0 PHY is attached to the MDIO bus and should be supported
(accessed) as a MDIO device. This wasn't known initially which resulted
in writing driver that was working with MDIO bus (using some magic
values) without knowing it.
This commit updates DT to properly describe MDIO & USB 3.0 PHY and
enables required kernel drivers.
kernel: backport mtd support for subpartitions in DT
This is a new & warm feature that allows nesting partiitons in DT and
mixing their types (e.g. static vs. dynamic). It's very useful for
boards that have most partitions static but some of them require extra
parsing (e.g. a "firmware" partition).
It's required to successfully backport support for new devices using
that new syntax in their DT files.
Since brcm63xx has a custom alternative patch the upstream one is being
reverted for it. The plan is to make brcm63xx use the upstream
implementation.
Axel Neumann [Mon, 21 May 2018 18:32:09 +0000 (20:32 +0200)]
Re-enable arbitrary IPv6 addresses as outer ip4-in-ip6 tunnel source address
The 666-Add-support-for-MAP-E-FMRs-mesh-mode.patch kernel patches
break the possibility for using an ip4ip6 tunnel interface as a fall
back interface accepting ip4-in-ip6 tunneled packets from any remote
address. This works out of the box with any normal (non-666-patched)
kernel and can be configured by setting up an 'ip -6 tunnel' with type
'any' or 'ip4ip6' and a remote address of '::'.
The misbehavior comes with line 290 the patch which discards all packets
that do not show the expected saddr, even if no single fmr rule was
defined and despite the validity of the saddr was already approved earlier.
Signed-off-by: Axel Neumann <neumann@cgws.de> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from 65c05301c2)
Daniel Golle [Tue, 31 Jul 2018 03:17:52 +0000 (05:17 +0200)]
kernel: remove duplicate #define's in at803x Ethernet PHY driver
AT803X_REG_CHIP_CONFIG and AT803X_BT_BX_REG_SEL have been defined
upstream by commit f62265b53ef3 ("at803x: double check SGMII side autoneg")
An existing local patch then added those exact same defines again which
isn't necessary, so remove them.
Fixes: f791fb4af450 ("kernel: add linux 4.9 support") Fixes: b3f95490b9be ("kernel: generic: Add kernel 4.14 support") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 67fcff6aaf)
Daniel Golle [Tue, 31 Jul 2018 02:50:38 +0000 (04:50 +0200)]
kernel: re-add patch for AT8032 Ethernet PHY
The patch was wrongly removed by a kernel version bump to 4.9.106 in
the believe that it was merged upstream thow it wasn't. This lead to
unrecoverable link losses on devices which use those PHYs such as
many ubnt single-port CPEs.
Fixes: 6f8eb1b50f ("kernel: bump 4.9 to 4.9.106 for 18.06") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit a497e47762)
projects / thirdparty / openwrt.git / log
