Commit Graph

51186 Commits

Author SHA1 Message Date
Rafał Miłecki
494b889af8 bcm53xx: backport early DT patches queued for 5.16
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 366be2183e)
2022-12-04 12:06:24 +01:00
Rafał Miłecki
94c2ceed9e bcm53xx: specify switch ports for more devices
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ae33ce2af2)
2022-12-04 12:06:24 +01:00
Rafał Miłecki
1ba74c168b bcm53xx: backport missed DT patch cleaning up CRU block
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 8a4d4d4243)
2022-12-04 12:06:24 +01:00
Rafał Miłecki
8035ac0195 bcm53xx: backport the latest upstream DT changes
This includes:
1. BCM5301X changes from 5.14 and queued 5.15 stuff
2. NSP changes from 5.11 - 5.15 for kernel 5.10

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit bce00f47e5)
2022-12-04 12:06:24 +01:00
Hauke Mehrtens
06bec84625 mac80211: Update to version 5.10.157
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-12-03 22:34:17 +01:00
Rafał Miłecki
660d8f4048 bcm4908: update DTS files with the latest changes
The most affecting change is move of files from bcm4908/ to the bcmbca/.
That required updating few paths.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 45ac906c64)
2022-12-01 16:35:09 +01:00
Rafał Miłecki
7492906d13 kernel: improve description of NTFS kernel packages
This helps choosing the right NTFS driver from two available options.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b066ad7d9a)
2022-12-01 16:23:13 +01:00
Rafał Miłecki
8a11563b06 base-files: support "metric" in board.json
It allows prepopulating /etc/config/network interface-s with predefined
metric. It may be useful for devices with multiple WAN ports.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 7f443d2d9a)
2022-12-01 16:09:27 +01:00
Rafał Miłecki
b01b9244b4 kernel: update U-Boot nvmem driver to v6.2 release version
Backport queued patches that
1. Fix CRC32 calculation for redundant images
2. Fix CRC32 on big-endian
3. Fix parting images with Broadcom header

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 797177ad85)
2022-12-01 16:09:27 +01:00
Rafał Miłecki
940adf4b67 bcm4908: fix Asus GT-AX6000 image
1. Include Linux DTB
2. Add 50991 variant (seems to differ by 1 PHY we don't support yet)

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b8f8c6f2dd)
2022-12-01 16:09:27 +01:00
Rafał Miłecki
01b096a64b bcm4908: use upstream patches for Asus GT-AC5300 LEDs
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit d51e990ff8)
2022-12-01 15:59:34 +01:00
Nick Hainke
b33090a0fa wolfssl: update to v5.5.3
Remove "200-ecc-rng.patch" because it was upstramed by:
e2566bab21
Refreshed "100-disable-hardening-check.patch".

Fixes CVE 2022-42905.

Release Notes:
- https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.2-stable
- https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.3-stable

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 745f1ca976)
2022-11-27 16:36:53 +01:00
Hauke Mehrtens
e506a0d50f kernel: bump 5.4 to 5.4.224
Compile-tested: x86/64
Run-tested: x86/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-27 16:28:00 +01:00
Arınç ÜNAL
794ddf5ca2 ramips: fix GB-PC1 and GB-PC2 LEDs
Add the missing LEDs for GB-PC2. Some of these LEDs don't exist on the
device schematics. Tests on a GB-PC2 by me and Petr proved otherwise.

Remove ethblack-green and ethblue-green LEDs for GB-PC1. They are not wired
to GPIO 3 or 4 and the wiring is currently unknown.

Set ethyellow-orange to display link state and activity of the ethyellow
interface for GB-PC2.

Link: https://github.com/ngiger/GnuBee_Docs/blob/master/GB-PCx/Documents/GB-PC2_V1.1_schematic.pdf
Tested-by: Petr Louda <petr.louda@outlook.cz>
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
(cherry picked from commit 2a6ef7f53d)
2022-11-27 16:27:52 +01:00
Arınç ÜNAL
d604032c2a ramips: fix GB-PC1 and GB-PC2 device support
Change switch port labels to ethblack & ethblue.
Change lan1 & lan2 LEDs to ethblack_act & ethblue_act and fix GPIO pins.
Add the external phy with ethyellow label on the GB-PC2 devicetree.
Do not claim rgmii2 as gpio, it's used for ethernet with rgmii2 function.
Enable ICPlus PHY driver for IP1001 which GB-PC2 has got.
Update interface name and change netdev function.
Enable lzma compression to make up for the increased size of the kernel.
Make spi flash bindings on par with mainline Linux to fix read errors.

Tested on GB-PC2 by Petr.

Tested-by: Petr Louda <petr.louda@outlook.cz>
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
(cherry picked from commit 4807bd6a00)
2022-11-27 16:27:37 +01:00
Tomasz Maciej Nowak
c58384be89 ipq40xx: luma_wrtq-acn329: swap ethernet MAC addresses
Adjust them according to OEM firmware.

Fixes: e24635710c (" ipq40xx: add support for Luma Home WRTQ-329ACN")
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
2022-11-27 15:13:54 +01:00
John Audia
04ca5a8678 openssl: bump to 1.1.1s
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]

  *) Fixed a regression introduced in 1.1.1r version not refreshing the
     certificate data to be signed before signing the certificate.
     [Gibeom Gwon]

 Changes between 1.1.1q and 1.1.1r [11 Oct 2022]

  *) Fixed the linux-mips64 Configure target which was missing the
     SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
     platform.
     [Adam Joseph]

  *) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
     causing incorrect results in some cases as a result.
     [Paul Dale]

  *) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
     report correct results in some cases
     [Matt Caswell]

  *) Fixed a regression introduced in 1.1.1o for re-signing certificates with
     different key sizes
     [Todd Short]

  *) Added the loongarch64 target
     [Shi Pujin]

  *) Fixed a DRBG seed propagation thread safety issue
     [Bernd Edlinger]

  *) Fixed a memory leak in tls13_generate_secret
     [Bernd Edlinger]

  *) Fixed reported performance degradation on aarch64. Restored the
     implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
     32-bit lane assignment in CTR mode") for 64bit targets only, since it is
     reportedly 2-17% slower and the silicon errata only affects 32bit targets.
     The new algorithm is still used for 32 bit targets.
     [Bernd Edlinger]

  *) Added a missing header for memcmp that caused compilation failure on some
     platforms
     [Gregor Jasny]

Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit a0814f04ed)
2022-11-27 14:04:37 +01:00
David Bauer
175a3cb22a mediatek: add missing config symbols
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 101c0c00a7)
2022-11-27 14:03:36 +01:00
Hauke Mehrtens
778afce43e kernel: Add missing mediatek configuration options
When building the mediatek/mt7629 target in OpenWrt 22.03 the kernel
does not have a configuration option for CONFIG_CRYPTO_DEV_MEDIATEK. Add
this option to the generic kernel configuration and also add two other
configuration options which are removed when we refresh the mt7629
kernel configuration.

Fixes: 2bea35cb55 ("mediatek: remove crypto-hw-mtk package")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit dcc0fe24ea)
(cherry picked from commit bfd070e7fa)
2022-11-27 14:03:36 +01:00
Aleksander Jan Bajkowski
206012e252 lantiq: add 6.1 tag to upstream patch
Add 6.1 tag to upstream patch now that 6.1 got tagged. This permits to
track patch in a better way and directly drop them on kernel bump.

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
(cherry picked from commit 802ca492d8)
2022-11-27 14:03:08 +01:00
Aleksander Jan Bajkowski
5c85a3e607 lantiq: enable interrupts on second VPEs
This patch is needed to handle interrupts by the second VPE on the Lantiq
ARX100, xRX200, xRX300 and xRX330 SoCs. Switching some ICU interrupts to
the second VPE results in a hang. Currently, the vsmp_init_secondary()
function is responsible for enabling these interrupts. It only enables
Malta-specific interrupts (SW0, SW1, HW4 and HW5).

The MIPS core has 8 interrupts defined. On Lantiq SoCs, hardware
interrupts are wired to an ICU instance. Each VPE has an independent
instance of the ICU. The mapping of the ICU interrupts is shown below:
SW0(IP0) - IPI call,
SW1(IP1) - IPI resched,
HW0(IP2) - ICU 0-31,
HW1(IP3) - ICU 32-63,
HW2(IP4) - ICU 64-95,
HW3(IP5) - ICU 96-127,
HW4(IP6) - ICU 128-159,
HW5(IP7) - timer.

This patch enables all interrupt lines on the second VPE.

This problem affects multithreaded SoCs with a custom interrupt controller.
SOCs with 1004Kc core and newer use the MIPS GIC. At this point, I am aware
that the Realtek RTL839x and RTL930x SoCs may need a similar fix. In the
future, this may be replaced with some generic solution.

Tested on Lantiq xRX200.

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
(cherry picked from commit fbd33d6164)
2022-11-27 14:03:08 +01:00
Rafał Miłecki
829cc60a28 kernel: backport flow_dissect support for tag_brcm
This change helps BCM4908 SoC. It was capable of 940 Mb/s masq NAT while
using iperf but users reported lower & unstable speeds for HTTP based
tests.

For LibreSpeed tests this bumps NAT speed from ~930 Mb/s to ~990 Mb/s
(not that this value seems real but speed bump definitely is).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-11-24 16:45:02 +01:00
Hauke Mehrtens
079ce0413a kernel: bump 5.4 to 5.4.224
Manually adapted:
 generic/pending-5.4/680-NET-skip-GRO-for-foreign-MAC-addresses.patch
 lantiq/patches-5.4/0028-NET-lantiq-various-etop-fixes.patch

Compile-tested: x86/64
Run-tested: x86/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-11-13 01:06:12 +01:00
Hauke Mehrtens
dec6584b22 iwinfo: update to latest HEAD
0dad3e6 Add support for CCMP-256 and GCMP-256 ciphers

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit cc6a323e23)
2022-11-12 21:06:50 +01:00
Hauke Mehrtens
1eda1a7946 iwinfo: update to latest HEAD
705d3b5 iwinfo: Add missing auth_suites mappings for WPA3

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit cc2dfc5e4d)
2022-11-12 21:06:50 +01:00
Pawel Dembicki
8f459812b8 uboot-layerscape: adjust LS1012A-IOT config and env
In a254279a6c LS1012A-IOT kernel image was switched to FIT.

But u-boot config is lack of FIT and ext4 support.

This patch enables it.

It also fix envs, because for some reason this board need to use "loadaddr"
variable in brackets.

Fixes: #9894
Fixes: a254279a6c ("layerscape: Change to combined rootfs on sd images")
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(cherry picked from commit d75ed3726d)
2022-11-12 21:05:43 +01:00
Rafał Miłecki
1d12cfdce2 bcm4908: backport upstream BQL support for bcm4908_enet
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ae57770c95)
(cherry picked from commit 6198eb3e64)
2022-11-03 09:40:06 +01:00
Rafał Miłecki
973c18fb8c bcm4908: backport bcm4908_enet fix for NULL dereference
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 31e4e56654)
2022-11-03 09:26:20 +01:00
Rafał Miłecki
da4e3881ea bcm4908: optimize Ethernet driver by using build_skb()
This should slightly improve performance thanks to the better cache
usage.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 6a02205a4d)
2022-11-03 09:12:09 +01:00
Rafał Miłecki
ab26cddca2 kernel: mtd: backport SafeLoader parser
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 711f1a8bcb)
2022-11-02 08:31:52 +01:00
Rafał Miłecki
3e8a713bc4 kernel: mtd: backport extended dynamic partitions support
This gets rid of "nvmem-cells" limitation. Dynamic partitions can be
defined for any (sub)partitions layout.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4eda414b09)
2022-10-27 09:22:03 +02:00
Robert Senderek
09a649ff4b ramips: rt3883: enable lzma-loader for Belkin F9K1109v1
Fixes boot loader LZMA decompression issues

Fixes: #10968
Signed-off-by: Robert Senderek <robert.senderek@10g.pl>
(cherry picked from commit ac296f6210)
2022-10-23 22:48:04 +02:00
Hauke Mehrtens
b3142fff2a mac80211: Update to version 5.10.149-1
This updates mac80211 to version 5.10.149-1 which is based on kernel
5.10.149.
The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-10-23 20:52:28 +02:00
Rafał Miłecki
9cec59ca38 kernel: mtd: fix unbalanced of_node_put() in dynamic partitions code
Fixes: edf3363959 ("kernel: backport mtd dynamic partition patch")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 76a470d5df)
2022-10-21 11:46:05 +02:00
Hauke Mehrtens
060aa0021f kernel: bump 5.4 to 5.4.219
Merged upstream:
 bcm53xx/patches-5.4/083-v6.0-clk-iproc-Do-not-rely-on-node-name-for-correct-PLL-s.patch

Compile-tested: x86/64
Run-tested: x86/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-10-18 20:25:06 +02:00
Hauke Mehrtens
32f8c6fdf8 OpenWrt v21.02.5: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-10-15 15:02:49 +02:00
Hauke Mehrtens
ea34ce11c1 OpenWrt v21.02.5: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-10-15 15:02:44 +02:00
Felix Fietkau
fa9a932fdb mac80211: backport security fix and disable MBSSID support
Fixes: CVE-2022-41674
Fixes: CVE-2022-42719
Fixes: CVE-2022-42720
Fixes: CVE-2022-42721
Fixes: CVE-2022-42722
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-13 21:16:38 +02:00
Hauke Mehrtens
e0bb4b7a78 OpenWrt v21.02.4: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-10-09 19:13:55 +02:00
Hauke Mehrtens
66ee6c2231 OpenWrt v21.02.4: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-10-09 19:13:29 +02:00
Christian Lamparter
82ebc173b3 firmware: intel-microcode: update to 20220809
Debian's changelog by Henrique de Moraes Holschuh <hmh@debian.org>:

  * New upstream microcode datafile 20220809
    * Fixes INTEL-SA-00657, CVE-2022-21233
      Stale data from APIC leaks SGX memory (AEPIC leak)
    * Fixes unspecified errata (functional issues) on Xeon Scalable
    * Updated Microcodes:
      sig 0x00050653, pf_mask 0x97, 2022-03-14, rev 0x100015e, size 34816
      sig 0x00050654, pf_mask 0xb7, 2022-03-08, rev 0x2006e05, size 44032
      sig 0x000606a6, pf_mask 0x87, 2022-04-07, rev 0xd000375, size 293888
      sig 0x000706a1, pf_mask 0x01, 2022-03-23, rev 0x003c, size 75776
      sig 0x000706a8, pf_mask 0x01, 2022-03-23, rev 0x0020, size 75776
      sig 0x000706e5, pf_mask 0x80, 2022-03-17, rev 0x00b2, size 112640
      sig 0x000806c2, pf_mask 0xc2, 2022-03-19, rev 0x0028, size 97280
      sig 0x000806d1, pf_mask 0xc2, 2022-03-28, rev 0x0040, size 102400
      sig 0x00090672, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
      sig 0x00090675, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
      sig 0x000906a3, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
      sig 0x000906a4, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
      sig 0x000a0671, pf_mask 0x02, 2022-03-17, rev 0x0054, size 103424
      sig 0x000b06f2, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
      sig 0x000b06f5, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit bb73828b89)
2022-10-09 17:43:41 +02:00
Nick Hainke
2179d0670d wireless-regdb: update to 2022-08-12
Changes:
9dc9c89 wireless-regdb: update regulatory database based on preceding changes
442bc25 wireless-regdb: update 5 GHz rules for PK and add 60 GHz rule
daee7f3 wireless-regdb: add 5 GHz rules for GY

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 1d2d69c810)
2022-10-09 16:31:48 +02:00
Stijn Tintel
c028078e0b wireless-regdb: bump to 2022.06.06
902b321 wireless-regdb: Update regulatory rules for Israel (IL)
  20f6f34 wireless-regdb: add missing spaces for US S1G rules
  25652b6 wireless-regdb: Update regulatory rules for Australia (AU)
  081873f wireless-regdb: update regulatory database based on preceding changes
  166fbdd wireless-regdb: add db files missing from previous commit
  e3f03f9 Regulatory update for 6 GHz operation in Canada (CA)
  888da5f Regulatory update for 6 GHz operation in United States (US)
  647bcaa Regulatory update for 6 GHz operation in FI
  c6b079d wireless-regdb: update regulatory rules for Bulgaria (BG) on 6GHz
  2ed39be wireless-regdb: Remove AUTO-BW from 6 GHz rules
  7a6ad1a wireless-regdb: Unify 6 GHz rules for EU contries
  68a8f2f wireless-regdb: update regulatory database based on preceding changes

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit e3e9eb31a2)
2022-10-09 16:31:41 +02:00
Sungbo Eo
93f60510b4 wireless-regdb: update to version 2022.02.18
e061299 wireless-regdb: Raise DFS TX power limit to 250 mW (24 dBm) for the US
2ce78ed wireless-regdb: Update regulatory rules for Croatia (HR) on 6GHz
0d39f4c wireless-regdb: Update regulatory rules for South Korea (KR)
acad231 wireless-regdb: Update regulatory rules for France (FR) on 6 and 60 GHz
ea83a82 wireless-regdb: add support for US S1G channels
4408149 wireless-regdb: add 802.11ah bands to world regulatory domain
5f3cadc wireless-regdb: Update regulatory rules for Spain (ES) on 6GHz
e0ac69b Revert "wireless-regdb: Update regulatory rules for South Korea (KR)"
40e5e80 wireless-regdb: Update regulatory rules for South Korea (KR)
e427ff2 wireless-regdb: Update regulatory rules for China (CN)
0970116 wireless-regdb: Update regulatory rules for the Netherlands (NL) on 6GHz
4dac44b wireless-regdb: update regulatory database based on preceding changes

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 19a90262df)
2022-10-09 16:31:30 +02:00
Oscar Molnar
830b07f08e build: add support for python3.11 and higher
python3.11 beta is out but fails to run the makefile currently
this supports python versions from 3.6 to 3.99 with the python3 binary
it also checks specifically for 3.11 as it is the latest version out

Signed-off-by: Oscar Molnar <oscar@tymscar.com>
(cherry picked from commit a9e8eec221)
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz> [rebase for 21.02]
2022-10-05 22:21:18 +02:00
Hauke Mehrtens
084a8a2faf kernel: bump 5.4 to 5.4.215
Compile-tested: x86/64
Run-tested: x86/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-10-05 21:46:38 +02:00
Petr Štetiar
8444302a92 treewide: fix security issues by bumping all packages using libwolfssl
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.

So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all
packages using wolfSSL library.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f1b7e1434f)
(cherry picked from commit 562894b39d)
2022-10-05 21:09:50 +02:00
Petr Štetiar
914d912741 wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173)
Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: CVE-2022-39173
Fixes: https://github.com/openwrt/luci/issues/5962
References: https://github.com/wolfSSL/wolfssl/issues/5629
Tested-by: Kien Truong <duckientruong@gmail.com>
Reported-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ec8fb542ec)
(cherry picked from commit ce59843662)
2022-10-05 21:09:48 +02:00
Ivan Pavlov
4be7eb7735 wolfssl: bump to 5.5.0
Remove upstreamed: 101-update-sp_rand_prime-s-preprocessor-gating-to-match.patch

Some low severity vulnerabilities fixed
OpenVPN compatibility fixed (broken in 5.4.0)
Other fixes && improvements

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 3d88f26d74)
(cherry picked from commit 0c8425bf11)
2022-10-05 21:09:47 +02:00
Eneas U de Queiroz
a13dacbfe0 wolfssl: bump to 5.4.0
This version fixes two vulnerabilities:
-CVE-2022-34293[high]: Potential for DTLS DoS attack
-[medium]: Ciphertext side channel attack on ECC and DH operations.

The patch fixing x86 aesni build has been merged upstream.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 9710fe70a6)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit ade7c6db1e)
2022-10-05 21:09:46 +02:00