Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
*) Fixed X.400 address type confusion in X.509 GeneralName.
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
vulnerability may allow an attacker who can provide a certificate chain and
CRL (neither of which need have a valid signature) to pass arbitrary
pointers to a memcmp call, creating a possible read primitive, subject to
some constraints. Refer to the advisory for more information. Thanks to
David Benjamin for discovering this issue. (CVE-2023-0286)
This issue has been fixed by changing the public header file definition of
GENERAL_NAME so that x400Address reflects the implementation. It was not
possible for any existing application to successfully use the existing
definition; however, if any application references the x400Address field
(e.g. in dead code), note that the type of this field has changed. There is
no ABI change.
[Hugo Landau]
*) Fixed Use-after-free following BIO_new_NDEF.
The public API function BIO_new_NDEF is a helper function used for
streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
be called directly by end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1
filter BIO onto the front of it to form a BIO chain, and then returns
the new head of the BIO chain to the caller. Under certain conditions,
for example if a CMS recipient public key is invalid, the new filter BIO
is freed and the function returns a NULL result indicating a failure.
However, in this case, the BIO chain is not properly cleaned up and the
BIO passed by the caller still retains internal pointers to the previously
freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
then a use-after-free will occur. This will most likely result in a crash.
(CVE-2023-0215)
[Viktor Dukhovni, Matt Caswell]
*) Fixed Double free after calling PEM_read_bio_ex.
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
data. If the function succeeds then the "name_out", "header" and "data"
arguments are populated with pointers to buffers containing the relevant
decoded data. The caller is responsible for freeing those buffers. It is
possible to construct a PEM file that results in 0 bytes of payload data.
In this case PEM_read_bio_ex() will return a failure code but will populate
the header argument with a pointer to a buffer that has already been freed.
If the caller also frees this buffer then a double free will occur. This
will most likely lead to a crash.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
internal uses of these functions are not vulnerable because the caller does
not free the header argument if PEM_read_bio_ex() returns a failure code.
(CVE-2022-4450)
[Kurt Roeckx, Matt Caswell]
*) Fixed Timing Oracle in RSA Decryption.
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA padding
modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
(CVE-2022-4304)
[Dmitry Belyavsky, Hubert Kario]
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 4ae86b3358a149a17411657b12103ccebfbdb11b)
The original commit removed the upstreamed patch 010-padlock.patch, but
it's not on OpenWrt 22.03, so it doesn't have to be removed.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
To download a package the LLVM bins are not strictly needed.
Currently with an example run of make package/bridger/download V=s, the
build fail with
make[2]: Entering directory '/home/ansuel/openwrt-ansuel/openwrt/package/network/services/bridger'
bash: line 1: /home/ansuel/openwrt-ansuel/openwrt/staging_dir/host/llvm-bpf/bin/clang: No such file or directory
bash: line 1: [: : integer expression expected
/home/ansuel/openwrt-ansuel/openwrt/include/bpf.mk:71: *** ERROR: LLVM/clang version too old. Minimum required: 12, found: . Stop.
make[2]: Leaving directory '/home/ansuel/openwrt-ansuel/openwrt/package/network/services/bridger'
time: package/network/services/bridger/download#0.04#0.00#0.06
ERROR: package/network/services/bridger failed to build.
This is wrong since it may be needed to download the required packages
first and then compile them later.
Fix this by ignoring the LLVM bin check on non compile steps.
Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 116c73fd71c75e38c4d707dc5a74e6993874098f)
unetd always includes $(INCLUDE_DIR)/bpf.mk. This file always checks if
the LLVM version is supported in CLANG_VER_VALID. unetd only needs bpf
when UNETD_VXLAN_SUPPORT is set. It fails when UNETD_VXLAN_SUPPORT is
not set and llvm is not installed.
Fix it by only checking the LLVM version when a LLVM toolchain is
available.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit c58177b5dcb3461efef0adefe570dd8a8d966ec4)
We've few low spec (make -j3) build workers attached to the 22.03
buildbot instance which from time to time exhibit following build
failure during image generation (shortened for brewity):
+ dd bs=512 if=root.ext4 of=openwrt-22.03...sdcard.img.gz.img
dd: failed to open 'root.ext4': No such file or directory
Thats happening likely due to the fact, that on buildbots we've
`TARGET_PER_DEVICE_ROOTFS=y` which produces differently named filesystem
image in the SD card image target dependency chain:
make_ext4fs -L rootfs ... root.ext4+pkg=68b329da
and that hardcoded `root.ext4` image filename becomes available from
other Make targets in the later stages. So lets fix this issue by using
IMAGE_ROOTFS Make variable which should contain proper path to the root
filesystem image.
Fixing remaining subtargets ommited in commit 5c3679e39b61 ("at91:
sama7: fix racy SD card image generation").
Fixes: 5c3679e39b61 ("at91: sama7: fix racy SD card image generation")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 3b669bc3f32f7594f38187a284a65ca2c35a0121)
We've few low spec (make -j3) build workers attached to the 22.03
buildbot instance which from time to time exhibit following build
failure during image generation:
+ dd bs=512 if=root.ext4 of=openwrt-22.03-snapshot-r20028-43d71ad93e-at91-sama7-microchip_sama7g5-ek-ext4-sdcard.img.gz.img seek=135168 conv=notrunc
dd: failed to open 'root.ext4': No such file or directory
Thats likely due to the fact, that on buildbots we've
`TARGET_PER_DEVICE_ROOTFS=y` which produces differently named filesystem
image in the SD card image target dependency chain:
make_ext4fs -L rootfs ... root.ext4+pkg=68b329da
and that hardcoded root.ext4 becomes available from other target in the
later stages. So lets fix this issue by using IMAGE_ROOTFS Make variable
which should contain proper path to the root filesystem image.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 5c3679e39b615ff29c9315f810e8e15775cc2d01)
This update mac80211 to version 5.15.92-1. This includes multiple
bugfixes. Some of these bugfixes are fixing security relevant bugs.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The phy-mode property must be defined on the MAC instead of the PHY. Define
phy-mode under gmac1 which the external phy is connected to.
Tested-by: Petr Louda <petr.louda@outlook.cz>
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
(cherry picked from commit 5155200f97adaeaaac7b752b5a6a5e41cba3db6a)
Add squashfs and ramdisk to features as these are commonly used images
for the octeontx.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
(cherry picked from commit af5635e6ca12d3be275560a58ac6e2793e218fcd)
Add LTE packages required for operating the LTE modems shipped with
the GL-XE300.
Example configuration for an unauthenticated dual-stack APN:
network.wwan0=interface
network.wwan0.proto='qmi'
network.wwan0.device='/dev/cdc-wdm0'
network.wwan0.apn='internet'
network.wwan0.auth='none'
network.wwan0.delay='10'
network.wwan0.pdptype='IPV4V6'
Signed-off-by: Tom Herbers <mail@tomherbers.de>
(cherry picked from commit 67f283be4430ebfb46be6c00fcc7c12a6adabce3)
This adds an label-mac-device alias which refrences the mac which is
printed on the Label of the device.
Signed-off-by: Tom Herbers <mail@tomherbers.de>
(cherry picked from commit f83f5f8452edd3115aacf333b0038da89639a218)
This commit adds the LTE led for GL.iNet GL-XE300
to the default leds config.
Signed-off-by: Leo Soares <leo@hyper.ag>
(cherry picked from commit 35a0f2b00c44a43ad087327f0cbdb1c9c5e60c49)
Signed-off-by: Tom Herbers <mail@tomherbers.de>
This adds missing HE modes to mac80211_prepare_ht_modes.
Previously mesh without wpa_supplicant would be initialized with 802.11g
/NO-HT only, as this method did not parse channel bandwidth for HE
operation.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit a63430eac33ceb1dbf96d3667e2a0f2e04ba391f)
_oob_read returns number of bitflips on success while
bbt_nand_read should return 0.
Fixes: 2d49e49b18 ("mediatek: bmt: use generic mtd api")
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit f183ce35b8ea2fd991ac489fb223b09a1ecb4db0)
From uboot Documentation for uboot-2022.01 for tools-only we can build
with NO_SDL=1 to skip installing the sdl2 package.
Follow this to fix compilation error on macos
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Wifi LED did not work using phy0radio, which somehow slipped through in
the previous testing
Signed-off-by: Florian Maurer <f.maurer@outlook.de>
(cherry picked from commit 2e3d1edf59109d6329a00d90b1e953261d602af5)
Patch the mbedtls source instead of modifying the compile-targets
in the prepare buildstep within OpenWrt.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 00f1463df7e690862403208082f71fb4741baf02)
This reverts commit c0b4303d2e2f4a9e1d4684fd584e6b6548666f0f as it was
reported, that it breaks all packages depending on libstdcpp due to
changed ABI.
References: https://github.com/openwrt/packages/issues/20340
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This fixes spurious build-errors on OpenWrt, where the AM_ICONV macro
is undefined while invoking autoconfig. Later in the build, the ICONV
LDOPTIONS are set to @LIBICONV@, failing the build.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 9300a20dcce2217b121bd2020cc1a4ea41fa4475)
Both mirrors provided in the Makefile only serve gzipped tarballs.
Fixes: #10871
Fixes: 9edfe7dd13d9 ("source: Switch to xz for packages and tools where possible")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit bd911b45389b3da299948b457a1fc645febd2248)
libstdcxx-dual-abi needs to be enabled to actually support C++11 ABI.
Enable the config flag to also permit support of .NET 6 development on
OpenWrt.
Signed-off-by: Ivan Maslov <avenger_msoft@mail.ru>
[ reword commit description and title ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3c06a344e9c7c03c49c9153342e68a5390651323)
Allign dl_github_archieve.py to 8252511dc0b5a71e9e64b96f233a27ad73e28b7f
change. On supported system the sigid bit is applied to files and tar
archieve that on tar creation. This cause unreproducible tar for these
system and these bit should be dropped to produce reproducible tar.
Add the missing option following the command options used in other
scripts.
Fixes: 75ab064d2b38 ("build: download code from github using archive API")
Suggested-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 5f1758ef14575df4e86896526b1c2035c231899e)
This fixes a security problem in ksmbd. It currently has the
ZDI-CAN-18259 ID assigned, but no CVE yet.
Backported from:
8824b7af40cc4f3b5a6a
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 76c67fcc66116381c69439f20159b636573080ba)
The WIFI LED already worked for me with the latest openwrt 22.03 version.
Wifi LED did not with an older 22.x version (in gluon - there phy0radio did nothing but phy0tpt did show activity
the WAN interface has the name "wan" and not "pppoe-wan" on this device
fixes#7757 (and FS#2987)
Signed-off-by: Florian Maurer <f.maurer@outlook.de>
(cherry picked from commit 0820d620123a03b6db6642acb6e950d22ffb030f)
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
When a new tag for a release is created, the just checkout repo from
github actions will already have such tag locally created.
This will result in git fetch --tags failing with error rejecting the
remote tag with (would clobber existing tag).
Add -f option to overwrite any local tags and always fetch them from
remote.
Fixes: e24a1e6f6d7f ("CI: build: add support for external toolchains from stable branch")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f655923b362e9f2d70672eee9c1fa82550a145a6)
brcmsmac needs bcma. bcma is build into the kernel for the other bcm47xx
subtargets, but not for the legacy target because it only uses ssb. We
could build bcma as a module for bcm47xx_legacy, but none of these old
devices uses a wifi card supported by brcsmac.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit cb7d662dac897dd7df6ba6ba60417db822bd68f2)
the 5.10 uml build currently breaks with:
/usr/bin/ld: arch/um/os-Linux/signal.o: in function `sigusr1_handler':
arch/um/os-Linux/signal.c:141: undefined reference to `uml_pm_wake'
But there's an upstream fix for this. Backport the fix
for now but also let upstream know so it finds its way
through the -stable releases.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 8bea5edf89e57c32b98620540a457441f5f8ddeb)
This fixes compile of the bmips target.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit f620eb70f1a10385c33a9833e1c97d8c7fef0093)
libxxhash is now available in the OpenWrt package feed and gdb will link
against it if gdb finds this library. Explicitly deactivate the usage
of xxhash.
This should fix the build of gdb in build bots.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a442974cfa89c7182c37b3b422b2d49319e2b339)
Allow forced flashing of a factory firmware image, after checking for the
correct FIT magic header and Linksys board-specific footer. Details of the
footer are already described in scripts/linksys-image.sh.
This is convenient as it avoids using a TFTP server or OEM GUI, and allows
restoring OEM firmware or installing a "breaking" OpenWrt update (e.g DSA
migration and kernel repartition) directly from the command line.
Devices supported at this time include EA6350v3, EA8300, MR8300 and WHW01.
Reviewed-by: Robert Marko <robimarko@gmail.com>
Tested-by: Wyatt Martin <wawowl@gmail.com> # WHW01
Tested-by: Tony Ambardar <itugrok@yahoo.com> # EA6350v3
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 6fc334cbdc2b1716786768c545b761b338962b43)
This is used to access footer data in firmare files, and is simpler and
less error-prone than using 'dd' with calculated offsets.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 9cbc825b30a60c4c4b466301b87e15e59b107f24)
The ABI of the wolfssl library changed a bit between version 5.5.3 and
5.5.4. This release update will trigger a rebuild of all packages which
are using wolfssl to make sure they are adapted to the new ABI.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit ee47a28cec01c7943238bae45f65a98e4fc9abbe)
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.
Fixes the following CVEs:
* CVE-2022-46393: Fix potential heap buffer overread and overwrite in
DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
* CVE-2022-46392: An adversary with access to precise enough information
about memory accesses (typically, an untrusted operating system
attacking a secure enclave) could recover an RSA private key after
observing the victim performing a single private-key operation if the
window size used for the exponentiation was 3 or smaller.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit af3c9b74e177019b18055c263099a42c1c6c3453)
Applications with libmbedtls, e.g. curl, fail on mpc85xx with:
curl[7227]: illegal instruction (4) at b7c94288 nip b7c94288 lr b7c6b528 code 1 in libmbedcrypto.so.2.28.1[b7c3e000+7e000]
curl[7227]: code: 3d7e0000 809e8004 91490000 816b814c 7d6903a6 4e800421 80010024 83c10018
curl[7227]: code: 38210020 7c0803a6 4e800020 9421fff0 <7d4d42e6> 7c6c42e6 7d2d42e6 7c0a4840
This is due to a bug in gcc-11.2.0. It is fixed with gcc-11.3.0.
Import the patch that is fixing the issue.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Tweaking the KCONFIG line of kmod-ata-marvell-sata makes the hack patch
unnecessary
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 2e375e9b3148cfdb9b19494a25eebc2fa7b256a3)
