This should fix CVE-2021-3336:
DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not
cease processing for certain anomalous peer behavior (sending an
ED22519, ED448, ECC, or RSA signature without the corresponding
certificate).
The patch is backported from the upstream wolfssl development branch.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1f559cafe5)
A vulnerability was discovered in how wpa_supplicant processing P2P
(Wi-Fi Direct) group information from active group owners.
This issue was discovered by fuzz testing of wpa_supplicant by Google's
OSS-Fuzz.
https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[added the missing patch]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry-picked from commit 7c8c4f1be6)
c5dccea libopkg: fix md5sum calculation
7cad0c0 opkg_verify_integrity: better logging and error conditions
14d6480 download: purge cached packages that have incorrect checksum
456efac download: factor out the logic for building cache filenames
b145030 libopkg: factor out checksum and size verification
74bac7a download: remove compatibility with old cache naming scheme
Fixes: FS#2690
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
This fixes the following build problem in hostapd:
mipsel-openwrt-linux-musl/bin/ld: /builder/shared-workdir/build/tmp/ccN4Wwer.ltrans7.ltrans.o: in function `crypto_ec_point_add':
<artificial>:(.text.crypto_ec_point_add+0x170): undefined reference to `ecc_projective_add_point'
mipsel-openwrt-linux-musl/bin/ld: <artificial>:(.text.crypto_ec_point_add+0x18c): undefined reference to `ecc_map'
mipsel-openwrt-linux-musl/bin/ld: /builder/shared-workdir/build/tmp/ccN4Wwer.ltrans7.ltrans.o: in function `crypto_ec_point_to_bin':
<artificial>:(.text.crypto_ec_point_to_bin+0x40): undefined reference to `ecc_map'
Fixes: ba40da9045 ("wolfssl: Update to v4.6.0-stable")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e7d0d2e9dc)
This version fixes a large number of bugs and fixes CVE-2020-36177.
Full changelog at:
https://www.wolfssl.com/docs/wolfssl-changelog/
or, as part of the version's README.md:
https://github.com/wolfSSL/wolfssl/blob/v4.6.0-stable/README.md
Due a number of API additions, size increases from 374.7K to 408.8K for
arm_cortex_a9_vfpv3-d16. The ABI does not change from previous version.
Backported patches were removed; remaining patch was refreshed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
[added reference to CVE]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ba40da9045)
Backport a patch from wireguard to fix a compile problem with kernel
4.14.217.
Fixes: 2ecb22dc51 ("kernel: bump 4.14 to 4.14.217")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This should fix some error messages shown in the log like this one:
dnsmasq[16020]: failed to send packet: Network unreachable
dnsmasq[16020]: failed to send packet: Address family not supported by protocol
Fixes: e87c0d934c ("dnsmasq: Update to version 2.83")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
overflow in sort_rrset() when DNSSEC is used. This can allow a remote
attacker to write arbitrary data into target device's memory that can
lead to memory corruption and other unexpected behaviors on the target
device.
* CVE-2020-25682:
Dnsmasq versions before 2.83 is susceptible to buffer overflow in
extract_name() function due to missing length check, when DNSSEC is
enabled. This can allow a remote attacker to cause memory corruption
on the target device.
* CVE-2020-25683:
Dnsmasq version before 2.83 is susceptible to a heap-based buffer
overflow when DNSSEC is enabled. A remote attacker, who can create
valid DNS replies, could use this flaw to cause an overflow in a heap-
allocated memory. This flaw is caused by the lack of length checks in
rtc1035.c:extract_name(), which could be abused to make the code
execute memcpy() with a negative size in get_rdata() and cause a crash
in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
A lack of proper address/port check implemented in Dnsmasq version <
2.83 reply_query function makes forging replies easier to an off-path
attacker.
* CVE-2020-25685:
A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
versions before 2.83 reply_query function allows remote attackers to
spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
Multiple DNS query requests for the same resource name (RRNAME) by
Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
traffic, using a birthday attack (RFC 5452), that can lead to DNS
cache poisoning.
* CVE-2020-25687:
Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
remote attacker, who can create valid DNS replies, could use this flaw
to cause an overflow in a heap-allocated memory. This flaw is caused
by the lack of length checks in rtc1035.c:extract_name(), which could
be abused to make the code execute memcpy() with a negative size in
sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
Service.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.
I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 20a7c9d5c9)
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.
I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a141e7a00e)
Fixes: CVE-2020-1971, defined as high severity, summarized as:
NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS
attack.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 882ca13d92)
The removed patches were applied upstream.
The changes to 357-mac80211-optimize-skb-resizing.patch are more
complex. I think the patch already took care of the new changes done
upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
On the Turris Omnia 2019, u-boot environment is located at 0xF0000, instead
of 0xC0000. The switch happened with u-boot-omnia package version 2019-04-2
(May 10, 2019).
Check the installed u-boot release, and set the default accordingly.
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
[bump PKG_RELEASE, use lower case for hex offset]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 04d3b517dc)
wireguard-tools is trying to import the menuconfig section
from the wireguard package, but since it's not anymore in
the same makefile this seems to fail and wireguard-tools
ends up in "extra packages" category instead with other
odds and ends.
Same for the description, it's trying to import it from the
wireguard package but it fails so it only shows the line
written in this makefile.
remove the broken imports and add manually the entries
and description they were supposed to load
Fixes: ea980fb9c6 ("wireguard: bump to 20191226")
Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
[fix trailing whitespaces, add Fixes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit a4d52522c7)
This PR backports upstream fix for CVE-2020-8037. This fix is only
relevant for tcpdump package, tcpdump-mini is not affeted by this issue.
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 5bb3cc749e)
Mainline u-boot dynamically passes the mtd partitions via devicetree:
$ cat /proc/mtd
dev: size erasesize name
mtd0: 003f0000 00001000 "firmware"
mtd1: 00010000 00001000 "u-boot-env"
Add support for this setup.
Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit 60c9a27cbc)
amd64-microcode (3.20191218.1)
* New microcode update packages from AMD upstream:
+ Removed Microcode updates (known to cause issues):
sig 0x00830f10, patch id 0x08301025, 2019-07-11
* README: update for new release
amd64-microcode (3.20191021.1)
* New microcode update packages from AMD upstream:
+ New Microcodes:
sig 0x00830f10, patch id 0x08301025, 2019-07-11
+ Updated Microcodes:
sig 0x00800f12, patch id 0x08001250, 2019-04-16
sig 0x00800f82, patch id 0x0800820d, 2019-04-16
amd64-microcode (3.20181128.1)
* New microcode update packages from AMD upstream:
+ New Microcodes:
sig 0x00800f82, patch id 0x0800820b, 2018-06-20
Signed-off-by: Tan Zien <nabsdh9@gmail.com>
(cherry picked from commit 182c7d955f)
Boolean attributes were parsed the same way as string attributes,
so a value of { "bool_attr": "true" } would be parsed correctly, but
{ "bool_attr": true } (without quotes) was parsed as false.
Fixes FS#3284
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7f676b5ed6)
Not a large change from last time, but should fix at least one rare wave-2
crash.
Tested on Netgear R7800.
Signed-off-by: Michael Yartys <michael.yartys@gmail.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit 91aab77bf1)
[adapt variables and package names]
[remove changes to non-full htt-mgt variants because we did not backport
a882bfce05 ("ath10k-ct-firmware: add htt-mgt variants")]
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Tested-by: Baptiste Jonglez <git@bitsofnetworks.org> [QCA9886, QCA9887]
No release notes this time.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit 06f510df6e)
[adapt variables and package names because we did not backport
2e5e9b459e ("ath10k-ct-firmware: rename ct-htt packages")]
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Release notes for 017:
Wave-1:
* March 19, 2020: Fix problem where power-save was not enabled when going off-channel to scan.
The problem was a boolean logic inversion in the chmgr code, a regression I introduced
a long time ago.
* March 19, 2020: When scanning only on current working channel, do not bother with disable/enable
powersave. This should make an on-channel scan less obtrusive than it was previously.
* March 23, 2020: Fix channel-mgr use-after-free problem that caused crashes in some cases. The crash
was exacerbated by recent power-save changes.
* March 23, 2020: Fix station-mode power-save related crash: backported the fix from 10.2 QCA firmware.
* March 23, 2020: Attempt to better clean up power-save objects and state, especially in station mode.
Release notes for 016:
Wave-1 changes, some debugging code for a crash someone reported, plus:
* February 28, 2020: Fix custom-tx path when sending in 0x0 for rate-code. Have tries == 0 mean
one try but NO-ACK (similar to how wave-2 does it).
wave-2:
* Fixed some long-ago regressions related to powersave and/or multicast. Maybe fix some
additional multicast and/or tx-scheduling bugs.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Acked-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 84f4a783c6)
This supports better per-chain noise floor reporting, which in turn allows for
better RSSI reporting in the driver.
Wave-2 fixes a long-standing rate-ctrl problem when connected to xbox (and probably other devices).
Wave-2 has fix for crash likely related to rekeying.
Wave-1 has some debugging code added where a user reported a crash.
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> [ipq806x+qca9984,ipq4019+qca9986]
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
(cherry picked from commit 1862263883)
The release notes since last time for wave-1:
* No changes to wave-1, but I make a version .014 copy anyway to keep
the makefile in sync.
The release notes since last time for wave-2:
* December 16, 2019: Wave-2 has a fix to make setting txpower work
better. Before setting the power was ignored at
least some of the time (it also appeared to work
mostly, so I guess it was being correctly set in
other ways).
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit 6598264266)
This fixes the following compile errors after the wolfssl 4.5.0 update:
LD wpa_cli
../src/crypto/tls_wolfssl.c: In function 'tls_match_alt_subject':
../src/crypto/tls_wolfssl.c:610:11: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
type = GEN_EMAIL;
^~~~~~~~~
ENAVAIL
../src/crypto/tls_wolfssl.c:610:11: note: each undeclared identifier is reported only once for each function it appears in
../src/crypto/tls_wolfssl.c:613:11: error: 'GEN_DNS' undeclared (first use in this function)
type = GEN_DNS;
^~~~~~~
../src/crypto/tls_wolfssl.c:616:11: error: 'GEN_URI' undeclared (first use in this function)
type = GEN_URI;
^~~~~~~
../src/crypto/tls_wolfssl.c: In function 'wolfssl_tls_cert_event':
../src/crypto/tls_wolfssl.c:902:20: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
if (gen->type != GEN_EMAIL &&
^~~~~~~~~
ENAVAIL
../src/crypto/tls_wolfssl.c:903:20: error: 'GEN_DNS' undeclared (first use in this function)
gen->type != GEN_DNS &&
^~~~~~~
../src/crypto/tls_wolfssl.c:904:20: error: 'GEN_URI' undeclared (first use in this function)
gen->type != GEN_URI)
^~~~~~~
Makefile:2029: recipe for target '../src/crypto/tls_wolfssl.o' failed
Fixes: 00722a720c ("wolfssl: Update to version 4.5.0")
Reported-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit bc19481826)
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
channel attacks are present.
* Leak of private key in the case that PEM format private keys are
bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
processed and returned to the application.
Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/
Fix a build error on big endian systems by backporting a pull request:
https://github.com/wolfSSL/wolfssl/pull/3255
The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk: 386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk: 391528
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 00722a720c)
32-bit x86 fail to compile fast-math feature when compiled with frame
pointer, which uses a register used in a couple of inline asm functions.
Previous versions of wolfssl had this by default. Keeping an extra
register available may increase performance, so it's being restored for
all architectures.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 750d52f6c9)
This version adds many bugfixes, including a couple of security
vulnerabilities:
- For fast math (enabled by wpa_supplicant option), use a constant time
modular inverse when mapping to affine when operation involves a
private key - keygen, calc shared secret, sign.
- Change constant time and cache resistant ECC mulmod. Ensure points
being operated on change to make constant time.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 3481f6ffc7)
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues and the most notable of them
are described in more detail in the security advisories.
* Local side channel attack on RSA and static Diffie-Hellman
* Local side channel attack on classical CBC decryption in (D)TLS
* When checking X.509 CRLs, a certificate was only considered as revoked
if its revocationDate was in the past according to the local clock if
available.
Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.8
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit 66893063ab)
Mbed TLS 2.16.7 is a maintenance release of the Mbed TLS 2.16 branch,
and provides bug fixes and minor enhancements. This release includes
fixes for security issues and the most severe one is described in more
detail in a security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07
* Fix a side channel vulnerability in modular exponentiation that could
reveal an RSA private key used in a secure enclave.
* Fix side channel in mbedtls_ecp_check_pub_priv() and
mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private
key that didn't include the uncompressed public key), as well as
mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
f_rng argument. An attacker with access to precise enough timing and
memory access information (typically an untrusted operating system
attacking a secure enclave) could fully recover the ECC private key.
* Fix issue in Lucky 13 counter-measure that could make it ineffective when
hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT
macros).
Due to Mbed TLS moving from ARMmbed to the Trusted Firmware project, some
changes to the download URLs are required. For the time being, the
ARMmbed/mbedtls Github repository is the canonical source for Mbed TLS.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
[Use https://codeload.github.com and new tar.gz file]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 201d6776a0)
