Fixes the following security vulnerabilities:
CVE-2017-8890
The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the
Linux kernel through 4.10.15 allows attackers to cause a denial of service
(double free) or possibly have unspecified other impact by leveraging use
of the accept system call.
CVE-2017-9074
The IPv6 fragmentation implementation in the Linux kernel through 4.11.1
does not consider that the nexthdr field may be associated with an invalid
option, which allows local users to cause a denial of service (out-of-bounds
read and BUG) or possibly have unspecified other impact via crafted socket
and send system calls.
CVE-2017-9075
The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9076
The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux
kernel through 4.11.1 mishandles inheritance, which allows local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls, a related issue to CVE-2017-8890.
CVE-2017-9077
The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel
through 4.11.1 mishandles inheritance, which allows local users to cause a
denial of service or possibly have unspecified other impact via crafted
system calls, a related issue to CVE-2017-8890.
CVE-2017-9242
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel
through 4.11.3 is too late in checking whether an overwrite of an skb data
structure may occur, which allows local users to cause a denial of service
(system crash) via crafted system calls.
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9074
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9075
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9076
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9077
Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9242
Ref: https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.71
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
x86 board.d only contains a case for the APU2, not the APU1. This
causes, for example, network configuration not to be created correctly.
Even though the APU1 seems to reaching EOL, there a still a lot of them
out there.
The APU1 and APU2 is configured in the same way and this patch should
also be considered for stable, as the error also exists there.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
The two phy operation mode where one phy is assigned to an interface
without lantiq,* device tree property and the other phy is assigned to
an interface with the lantiq,wan device property was broken with the
multicast package leaks between vlans fixes.
Move the multicast packages relevant portmap settings to the condition
which handles multicast packages for better readability.
Replace the priv->port_map based port_map only for the interface which
has the lantiq,switch device tree property set, to allow tagged
multicast packages in two phy mode where the lantiq,switch device tree
property isn't used.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The port is labeled as wan and was only used as lan port because of the
"tx ring full" issues fixed with 8f02f7c.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Using the lantiq,wan device tree property for one interface node and
the lantiq,switch device tree property for another interface node at
the same time was never intended/isn't supported at the moment.
The property is meant to be used in two phy operation mode where one
phy is assigned to an interface without lantiq,* device tree property
and the other phy is assigned to an interface with the lantiq,wan
device property to have two netdevs.
If both properties are used at the same time, the lantiq,wan interface
is shown as independent netdev but not able to operate independent. The
port needs to be managed via swconfig. These dependency is not obvious
and fooled already a lot of users.
Add a default WAN vlan for xrx200 devices having an ethernet WAN port
and remove the lantiq,wan device tree property. Leave it up to the user
to set the ethernet WAN port as default WAN interface or to use this
port as additional LAN port.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Explicitely disable X2APIC support on legacy targets since the targeted
processor types do not support it anyway there.
Fixes FS#285.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This fixes wrong GPIO numbers for LEDs and button in Wallys DR344 board
and sets color of all LEDs to green as the mass production boards have
only green one.
Actually, DR344 has 6 GPIO-connected LEDs and one button:
- GPIO11: status
- GPIO12: sig1
- GPIO13: sig2
- GPIO14: sig3
- GPIO15: sig4
- GPIO16: reset button
- GPIO17: lan
WAN LED is connected directly with AR8035 PHY.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
This aligns default network interfaces configuration with vendor
firmware: GE (eth0) -> wan, FE (eth1) -> lan.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
GMAC0 interface of AR9344 SOC in Wallys DR344 board is connected with
AR8035, not with AR8327. Without this fix, GE interface doesn't work at
all or shows high packet loss ratio.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Netgear X4 R7500 comes with a QCA988X. Select a firmware that matches
the ath10k chipset
Signed-off-by: Thomas Reifferscheid <thomas@reifferscheid.org>
Bump the 17.01 tree kernel to 4.4.69. Trunk 4.4 and 17.01 4.4 have diverged, talked this
through with jow, he was okay with a clean diff against 17.01 and not a backported trunk
patch.
The following patches were applied upstream:
* 062-[1-6]-MIPS-* series
* 042-0004-mtd-bcm47xxpart-fix-parsing-first-block
Reintroduced lantiq/patches-4.4/0050-MIPS-Lantiq-Fix-cascaded-IRQ-setup, as
it was incorrectly included upstream thus dropped from LEDE, but subsequently
reverted upstream. Thanks to Kevin Darbyshire-Bryant for pointing me to it.
Compile-tested on: ar71xx, ramips/mt7621, x86/64.
Run-tested on: ar71xx, ramips/mt7621, x86/64.
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
This model also contains few partitions non-discoverable partitions we
need to "protect". Othen than that it uses non-deprecated serial entry
in DTS that doesn't work with LEDE so we need to workaround it as well.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Refer to LINUX_KARCH instead of ARCH when bundling DTS files in the image
builder tarball.
While we're at it, also dereference symbolic links when copying as some
kernel architectures contain symbolic links in their DTS directories.
This fixes aarch64 imagebuilders such as brcm2708/bcm2710 ones in particular
as the kernel refers to "aarch64" as "arm64" internally.
Ref: https://forum.lede-project.org/t/lede-image-builder-problem/3680
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add missing include of ramips.sh in order to import the missing
ramips_board_name() procedure.
Fixes FS#774.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Build profile for Asmax AR 1004g refers to an invalid DTS "rg100a". The
correct DTS for this device is "ar1004g".
Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
It has been shown that the Fritz boxes have the correct mac address set
in the wireless calibration data/eeeprom. Use this mac address as base
for the ethernet and xdsl interface increment/decrement the address to
match the values stored in the tffs.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Do not assign the CPU port twice, this confuses LuCI and possible other
programs relying on topology information in board.json.
Ref: https://github.com/openwrt/luci/issues/1086
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The WN3000RPv3 is a repeater with a single ethernet port. Setting up the
switch, even to disable it, is unnecessary and possibly confusing.
Configure LAN as eth0 instead.
Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
Add support for the Observa Telecom VH4032N router.
This is another BCM6368 router, 128 MB RAM, 32MB flash and 3 USB
host ports.
The wifi chip is an onboard Broadcom BCM43222.
Signed-off-by: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com>
[jonas.gorski: use gpio-hog instead of abusing ephy-reset]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
The Sanlinking Technologies D240
(http://www.sanlinking.com/en/29-dual-4g-wifi-router.html) is basically the same
device as the ZBT WE826, so adding support for it in LEDE is straight forward.
The differences is that the D240 has two mini-PCIe slots (instead of one), blue
LEDs and supports PoE.
Specification:
* CPU: MT7620A
* 1x 10/100Mbps POE (802.3af/802.3at) Ethernet, 4x 10/100Mbps.
* 16 MB Flash.
* 128 MB RAM.
* 1x USB 2.0 port.
* 2x mini-PCIe slots.
* 2x SIM slots.
* 1x 2.4Ghz WIFI.
* 1x button.
Wifi, USB, switch and both mini-PCIe slots are working. I have not been able to
test the SD card reader.
The device comes pre-installed with an older version of OpenWRT, including Luci.
In order to install LEDE, you need to follow the existing procedure for updating
OpenWRT/LEDE using Luci. I.e., you need to access the UI and update the firmware
using the sysupgrade-image. Remember to select that you do not want to keep
existing settings. The default router address is 192.168.10.1 and
username/password admin/root (at least on my devices).
If you brick the device, the procedure for recovery is the same as for the
WE826. Please see the wiki page for that device for instructions.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
The comptible string is neither added by any LEDE patch nor exists in
in the kernel. Drop the sound node which was obviously added
accidentally with 9195d8da ("ramips: DTS rework").
Signed-off-by: Mathias Kresin <dev@kresin.me>
Use only the jedec,spi-nor compatible string. Everything else either
never worked or is only support to keep compatibility.
Remove the linux,modalias property. It is obsolete since kernel 4.4.
Signed-off-by: Mathias Kresin <dev@kresin.me>
ramips/rt288x WLI-TX4-AG300N was missing support for its 100Mbit switch which
should be included by default.
Signed-off-by: Yo Abe <abe.geel@gmail.com>
[Jo-Philipp Wich: picked from OpenWrt PR#359, rewrap commit msg, fix Sob]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
On some EX2700 devices, the MAC address from the eeprom data differs
from the actual MAC address. Fix that, and cleanup the DTS file
while we're at it.
Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
This patch adds support for the Netgear WN3000RPv3
http://www.netgear.com/support/product/wn3000rpv3.aspx
Specifications:
- SoC: MediaTek MT7620A (580MHz, ramips)
- RAM: 32MB DDR
- Storage: 8MB NOR SPI flash
- Wireless: builtin MT7620A, 2x2:2 with u.FL connectors
- Ethernet: 1x100M
- Serial: JP1 header, 57600-8N1
- Stock firmware based on OpenWRT Kamikaze
Like the EX2700, the bootloader expects a secondary image signature,
see https://forum.openwrt.org/viewtopic.php?pid=312577#p312577
This is why the same fakeroot image is used for the WN3000
Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
For the miwifi-mini, the offset of ethernet mac should be 0x28
which you can easyily dump from 'Factory' partition.
Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
The WN3000RPv3 is a repeater with a single ethernet port. Setting up the
switch, even to disable it, is unnecessary and possibly confusing.
Configure LAN as eth0 instead.
Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
