GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed style
diff payload with shell metacharacters. The ed editor does not need to be
present on the vulnerable system. This is different from CVE-2018-1000156.
https://nvd.nist.gov/vuln/detail/CVE-2019-13638
Signed-off-by: Russell Senior <russell@personaltelco.net>
This version bump includes a bunch of fixes and improvements, which
should fix gpsd build breakage in the package feeds.
Ref: https://github.com/SCons/scons/blob/master/src/CHANGES.txt
Signed-off-by: Russell Senior <russell@personaltelco.net>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This seems to be identical to CPE210 v1 despite having removable
antennas.
Specifications:
* SoC: Qualcomm Atheros AR9344 (560 MHz)
* RAM: 64MB
* Storage: 8 MB
* Wireless: 2.4GHz N based built into SoC 2x2
* Ethernet: 2x 100/10 Mbps, integrated into SoC, 24V POE IN
Installation:
Flash factory image through stock firmware WEB UI
or through TFTP:
To get to TFTP recovery just hold reset button while powering on for
around 4-5 seconds and release.
Rename factory image to recovery.bin
Stock TFTP server IP:192.168.0.100
Stock device TFTP address:192.168.0.254
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This is a preparation for ath79 support of the CPE210/CPE510 v1.
Kernel size is chosen equal to the latest update for CPE610 v1.
This also updates the partition size in ar71xx target, so code
remains consistent if someone looks up the device. Since CPE210,
CPE510, WBS210 and WBS510 (all v1) share the same partition
layout definition, and are on deprecated target anyway, this
changes them all at once.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Fixes following issue reported by Coverity scan:
*** CID 1452085: Security best practices violations (TOCTOU)
/tools/firmware-utils/src/uimage_padhdr.c: 100 in main()
94
95 if (!infname || !outfname) {
96 usage(argv[0]);
97 exit(1);
98 }
99
>>> CID 1452085: Security best practices violations (TOCTOU)
>>> Calling function "stat" to perform check on "infname".
100 if (stat(infname, &statbuf) < 0) {
Fixes: a1c6a316d2 ("ramips: add support for Fon FON2601")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
In GNU patch through 2.7.6, the following of symlinks is mishandled in
certain cases other than input files. This affects inp.c and util.c.
https://nvd.nist.gov/vuln/detail/CVE-2019-13636
Signed-off-by: Russell Senior <russell@personaltelco.net>
Since the switch to Python 3 build fails if CONFIG_USE_MKLIBS is set
("Strip unnecessary functions from libraries" in menuconfig) as
mklibs hasn't been converted to run on Python 3.
* update to most recent upstream version which brings some
reproducibility fixes
* converted to Python 3 using 2to3
* fixed mixed tab/spaces indentation
* fixed use of string.* functions
* some more minor fixes to make Python 3 happy
Fixes commit 19938c8de7 ("build: switch to Python 3")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Build tested on ath79 with following packages from packages feed which
build depends on scons. None of them build anymore as it seems, that the
SConscripts are written for Python2.
* packages/net/iotivity (KO, doesn't build even with latest 1.3.1 release)
SyntaxError: invalid syntax
File "/openwrt/build_dir/target-mips_24kc_musl/iotivity-1.2.1/build_common/SConscript", line 40
print "\nError: Current system (%s) isn't supported\n" % host
LookupError: unknown encoding: string_escape:
File "/home/petr/testing/openwrt/build_dir/target-mips_24kc_musl/iotivity-1.3.1/SConstruct", line 28:
SConscript('build_common/SConscript')
* packages/net/smartsnmpd (KO, seems dead, no commit since 2015):
SyntaxError: Missing parentheses in call to 'print'
File "/openwrt/build_dir/target-mips_24kc_musl/smartsnmpd-2014-08-13/SConstruct", line 156
print "Can't find liblua or liblua5.1!"
* packages/utils/gpsd (KO, doesn't build even with latest 3.18.1 release):
AttributeError: 'list' object has no attribute 'keys':
File "/openwrt/build_dir/target-mips_24kc_musl/gpsd-3.18.1/SConstruct", line 1758:
all_manpages = list(base_manpages.keys()) + list(python_manpages.keys())
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Making all in tests
depbase=`echo handshake_table.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
gcc -DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\" -DPACKAGE_VERSION=\"2.9.2\" -DPACKAGE_STRING=\"libressl\ 2.9.2\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\" -DVERSION=\"2.9.2\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE_SYMLINK=1 -DHAVE_ERR_H=1 -DHAVE_READPASSPHRASE_H=1 -DHAVE_ASPRINTF=1 -DHAVE_MEMMEM=1 -DHAVE_READPASSPHRASE=1 -DHAVE_STRLCAT=1 -DHAVE_STRLCPY=1 -DHAVE_STRNDUP=1 -DHAVE_STRNLEN=1 -DHAVE_STRSEP=1 -DHAVE_TIMEGM=1 -DHAVE_GETPROGNAME=1 -DHAVE_SYSLOG=1 -DHAVE_POLL=1 -DHAVE_SOCKETPAIR=1 -DHAVE_ARC4RANDOM=1 -DHAVE_ARC4RANDOM_BUF=1 -DHAVE_ARC4RANDOM_UNIFORM=1 -DHAVE_TIMINGSAFE_BCMP=1 -DHAVE_CLOCK_GETTIME=1 -DHAVE_VA_COPY=1 -DHAVE___VA_COPY=1 -DSIZEOF_TIME_T=8 -I. -I../include -I../include/compat -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS= -I ../crypto/modes -I ../crypto/asn1 -I ../ssl -I ../tls -I ../apps/openssl -I ../apps/openssl/compat -D_PATH_SSL_CA_FILE=\"../apps/openssl/cert.pem\" -I/Users/kevin/wrt/staging_dir/host/include -D__STRICT_ALIGNMENT -O2 -I/Users/kevin/wrt/staging_dir/host/include -fpic -Wall -std=gnu99 -fno-strict-aliasing -fno-strict-overflow -D_FORTIFY_SOURCE=2 -fstack-protector-strong -Qunused-arguments -Wno-pointer-sign -MT handshake_table.o -MD -MP -MF $depbase.Tpo -c -o handshake_table.o handshake_table.c &&\
mv -f $depbase.Tpo $depbase.Po
make[4]: *** No rule to make target `/Users/kevin/wrt/build_dir/host/libressl-2.9.2/crypto/.libs/libcrypto_la-cpuid-macosx-x86_64.o', needed by `handshake_table'. Stop.
make[3]: *** [all-recursive] Error 1
A similar error & clues from
e783d60473
"
LibreSSL 2.9.1 now has a test that requires libtls.a, however, when building a
shared library only build, the --disable-static flag is passed to libressl,
which prevents the building of libtls.a.
With libtls.a not being built, the following error occurs:
libressl-2.9.1/tls/.libs/libtls.a', needed by 'handshake_table'. Stop.
There are three options to fix this:
1) Stick with autotools, and provide a patch that removes building anything in
the tests folder.
2) Pass --enable-static to LIBRESSL_CONF_OPTS
3) Change the package type to cmake, as a cmake build does not have this issue."
It appears we cannot change to cmake because cmake has a dependency on
an ssl library.
Take option 1 and do not build the tests.
Also take the opportunity to remove man page building as well.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Fixes following errors:
src/mkfwimage.c:279:8: error: format specifies type 'long' but the argument has type 'off_t' (aka 'long long') [-Werror,-Wformat]
d->stats.st_size,
^~~~~~~~~~~~~~~~
src/mkfwimage.c:280:8: error: format specifies type 'long' but the argument has type 'long long' [-Werror,-Wformat]
d->partition_length - d->stats.st_size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
src/mkfwimage.c:378:6: error: format specifies type 'unsigned long' but the argument has type 'long long' [-Werror,-Wformat]
d->stats.st_size - d->partition_length);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Reported-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
src/mkfwimage.c:276:8: error: format '%lld' expects argument of type 'long long int', but argument 4 has type '__off_t' {aka 'const long int'} [-Werror=format=]
src/fw.h:71:36: error: format '%llu' expects argument of type 'long long unsigned int', but argument 6 has type '__off_t' {aka 'long int'} [-Werror=format=]
inlined from 'main' at src/mkfwimage.c:543:12:
/string_fortified.h:106:10: error: '__builtin_strncpy' output truncated before terminating nul copying 4 bytes from a string of the same length [-Werror=stringop-truncation]
inlined from 'write_part' at src/mkfwimage.c:235:2,
string_fortified.h:106:10: error: '__builtin_strncpy' specified bound 16 equals destination size [-Werror=stringop-truncation]
inlined from 'main' at src/mkfwimage.c:477:5:
string_fortified.h:106:10: error: '__builtin_strncpy' specified bound 256 equals destination size [-Werror=stringop-truncation]
inlined from 'main' at src/mkfwimage.c:496:5:
string_fortified.h:106:10: error: '__builtin_strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation]
inlined from 'main' at src/mkfwimage.c:481:5:
string_fortified.h:106:10: error: '__builtin_strncpy' specified bound 4096 equals destination size [-Werror=stringop-truncation]
inlined from 'main' at src/mkfwimage.c:485:5:
string_fortified.h:106:10: error: '__builtin_strncpy' specified bound 16 equals destination size [-Werror=stringop-truncation]
Runtested on ath79 and UBNT Bullet M XW.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fix 4 errors reported by gcc 9
3 mismatched format type errors
1 unused variable error
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
While looking at the ath25 build breakage of 19.07 images today I've
encountered following error:
mkfwimage -B XS5 -v [...] ath25-ubnt5-squashfs-sysupgrade.bin.new
ERROR: Failed creating firmware layout description - error code: -2
Which is barely human readable and needs poking into the source code, so
this patch makes the error more verbose and usable by mere mortals.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Let's enforce additional automatic checks enforced by the compiler in
order to catch possible errors during compilation.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
TP-Link CPE510-v2/v3 is an outdoor wireless CPE for 5 GHz with
one Ethernet port based on Atheros AR9344
Specifications:
- Based on the same underlying hardware as the TP-Link CPE510
- Power, LAN, and 4 green LEDs
- 1 10/100Mbps Shielded Ethernet Port (Passive PoE in)
- Built-in 13dBi 2x2 dual-polarized directional MIMO antenna
- Adjustable transmission power from 0 to 23dBm/200mw
Flashing instructions:
Flash factory image through stock firmware WEB UI
or through TFTP
To get to TFTP recovery just hold reset button while powering on for
around 4-5 seconds and release.
Rename factory image to recovery.bin
Stock TFTP server IP:192.168.0.100
Stock device TFTP adress:192.168.0.254
Signed-off-by: Andrew Cameron <apcameron@softhome.net>
[whitespace fixes]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
TP-Link RE650 v1 is a dual-band AC2600 range extender,
based on MediaTek MT7621A and MT7615E. According to the
wikidevi entry for RE650 this device is identical with
TP-Link RE500 as hardware. This patch supports only RE650.
Hardware specification:
- SoC 880 MHz - MediaTek MT7621AT
- 128 MB of DDR3 RAM
- 16 MB - Winbond 25Q128FVSG
- 4T4R 2.4 GHz - MediaTek MT7615E
- 4T4R 5 GHz - MediaTek MT7615E
- 1x 1 Gbps Ethernet - MT7621AT integrated
- 7x LEDs (Power, 2G, 5G, WPS(x2), Lan(x2))
- 4x buttons (Reset, Power, WPS, LED)
- UART header (J1) - 2:GND, 3:RX, 4:TX
Serial console @ 57600,8n1
Flash instructions:
Upload
openwrt-ramips-mt7621-tplink_re650-v1-squashfs-factory.bin
from the RE650 web interface.
TFTP recovery to stock firmware:
Unfortunately, I can't find an easy way to recover the RE
without opening the device and using modified binaries. The
TFTP upload will only work if selected from u-boot, which
means you have to open the device and attach to the serial
console. The TFTP update procedure does *not* accept the
published vendor firmware binaries. However, it allows to
flash kernel + rootfs binaries, and this works if you have
a backup of the original contents of the flash. It's probably
possible to create special image out of the vendor binaries
and use that as recovery image.
Signed-off-by: Georgi Vlaev <georgi.vlaev@gmail.com>
[re-added variables for kernel header]
Signed-off-by: David Bauer <mail@david-bauer.net>
Update gengetopt to 2.23
Remove 100-dependency_fix.patch, fixed upstream
Rework no tests and docs patch
Fix typo in copyright section
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Increase the Kernel partition to address the issue discussed here
https://forum.openwrt.org/t/cpe610-v1-sysupgrade-bin-missing-too-big/39637/5
Switch Back to the okli Loader to support increased partition size
Signed-off-by: Andrew Cameron <apcameron@softhome.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [add <> for e-mail]
TP-Link CPE610-v1 is an outdoor wireless CPE for 5 GHz with
one Ethernet port based on Atheros AR9344
Specifications:
- Based on the same underlying hardware as the TP-Link CPE510
- Power, LAN, WLAN5G green LEDs
- 23dBi high-gain directional 2×2 MIMO antenna and a dedicated metal reflector
Flashing instructions:
Flash factory image through stock firmware WEB UI
or through TFTP
To get to TFTP recovery just hold reset button while powering on for
around 4-5 seconds and release.
Rename factory image to recovery.bin
Stock TFTP server IP:192.168.0.100
Stock device TFTP adress:192.168.0.254
Signed-off-by: Andrew Cameron <apcameron@softhome.net>
The first version of this script allowed just 4Mb factory images.
With this patch is possible to set the maximum size of the payload.
For an 8Mb flash, the corresponding maxsize is:
8 * 1024 * 1024 - 5 * 64 * 1024 = 8388608 - 327680 = 8060928
If the -m argument is not set, the default maximum size will be
used for backward compatibility.
Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
This reverts commit 0111b86f1d as it
breaks on Linux distributions without ed support
./fix-libmath_h: line 1: ed: command not found
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This commit adds the partition layout used by the TP-Link Archer D50
and probably by the TP-Link Archer D7 to mktplinkfw2.
Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
Extended mksenaofw to support new "capwap" header structure.
This supports flashing from factory 3.0.0, 3.0.1, 3.1.0 and 3.5.5
firmware.
Note that the factory image format changes for 3.1 and later firmware,
and that the 3.1.0 and 3.5.5 Engenius firmware will refuse the
factory_30.bin file. Similarly, the 3.0.0 and 3.0.1 Engenius firmware
will refuse the factory_35.bin file.
Flashing from the Engenius 3.1.0 firmware with the factory_35.bin
firmware has not been tested, as 3.1.0 firmware (Engenius "middleFW")
is only intended as part of the upgrade path to 3.5.5 firmware.
Modified ipq40xx image Makefile to appropriately invoke mksenaofw
with new parameters to configure the capwap header.
Note that there is currently no method to return to factory firmware,
so this is a one-way street.
Path from factory 3.0.0 and 3.0.1 (EnGenius) software to OpenWrt is
to navigate to 192.168.1.1 on the stock firmware and navigate to the
firmware menu. Then copy the URL you have for that page, something like
http://192.168.1.1/cgi-bin/luci/;stok=12345abcdef/admin/system/flashops
and replace the trailing /admin/system/flashops with just /easyflashops
You should then be presented with a simple "Firmware Upgrade" page.
On that page, BE SURE TO CLEAR the "Keep Settings:" checkbox.
Choose the openwrt-ipq40xx-engenius_ens620ext-squashfs-factory_30.bin,
click "Upgrade" and on the following page select "Proceed".
Path from factory 3.5.5 (EnGenius) software to OpenWrt is simply to
use the stock firmware update menu. Choose the
openwrt-ipq40xx-engenius_ens620ext-squashfs-factory_35.bin and click
"Upload" and "Proceed".
The device should then flash the OpenWrt firmware and reboot. Note
that this resets the device to a default configuration with Wi-Fi
disabled, LAN1/PoE acting as a WAN port (running DHCP client) and LAN2
acting as a LAN port with a DHCP server on 192.168.1.x (AP is at
192.168.1.1)
Signed-off-by: Steve Glennon <s.glennon@cablelabs.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[sorry, for unfixing the 80-lines eyesores.]
This patch enable gnu99 mode for the nec-enc utility which
fixes the following build-breaking errors on some older
architectures.
nec-enc.c: In function ‘xor_data’:
nec-enc.c:34:2: error: ‘for’ loop initial declarations are only allowed in C99 or C11 mode
for (int i = 0; i < len; i++) {
^~~
nec-enc.c:34:2: note: use option -std=c99, -std=gnu99, -std=c11 or -std=gnu11 to compile your code
nec-enc.c: In function ‘main’:
nec-enc.c:101:3: error: ‘for’ loop initial declarations are only allowed in C99 or C11 mode
for (int i = 0; i < n; i++) {
^~~
Spotted-By: Buildbot
Fixes: fac27643f0 ("firmware-utils: add nec-enc")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
nec-enc provides firmware encoding/decoding with model specific key
for NEC devices.
known devices:
- Aterm WF1200CR
- Aterm WG1200CR
- Aterm WG2600HS
usage:
nec-enc -i infile -o outfile -k key
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[checkpatch fixes, marked usage as noreturn, added static function,
moved buf* from stack to the global data segment]
I made a similar change to this here:
https://github.com/openwrt/packages/pull/8159
However, it turns out this did not fix the problem as the problem has to
do with tools/xz and not the xz package. The error is the same and causes
linking errors as can be seen above.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This provides board configuraion tables for various Tegra boards needed
by cbootimage tool to create flashable bootloader images.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tegra BCT and bootable flash image generator/compiler
>From documentation:
This project provides a tool which compiles BCT (Boot Configuration
Table) images to place into the boot flash of a Tegra-based device.
The tool will either:
a) Compile a textual representation of a BCT into a binary image.
b) Generate an entire boot image from a previously compiled BCT and a
bootloader binary.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Specifications:
* SoC: Qualcomm Atheros QCA9533 (650MHz)
* RAM: 64MB
* Storage: 8 MB SPI NOR
* Wireless: 2.4GHz N based built into SoC 2x2
* Ethernet: 1x 100/10 Mbps, integrated into SoC, 24V POE IN
Installation:
Flash factory image through stock firmware WEB UI or TFTP
To get to TFTP recovery just hold reset button while powering
on for around 4-5 seconds and release.
Rename factory image to recovery.bin
Stock TFTP server IP:192.168.0.100
Stock device TFTP adress:192.168.0.254
Thanks to robimarko for the work inside the ar71xx tree.
Thanks to adrianschmutzler for deep discussion and fixes.
Signed-off-by: Mario Schroen <m.schroen@web.de>
[Split into DTS/DTSI, read-only config partition in DTSI]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[renamed dtsi filename, light subject touches]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This is also helpful to add support in ath79.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Some boards with JBOOT have partiton between bootloader
and kernel image. This patch add possibility to change kernel
partition start address.
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
The cmake bump to 3.14.0 breaks build on all targets. Revert it for now.
This reverts commit a3446257a8.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Update CMake to 3.14.0
Refresh patches
Remove inofficial fossies.org and replace with GitHub (link on official site)
Remote 150-C-feature-checks-Match-warnings-more-strictly.patch as it's
a no longer needed backport from upstream.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
TP-Link RE350K v1 (FCC ID: TE7RE350K) is a wall-plug AC1200 Wi-Fi range
extender with 'Kasa Smart' support. Device is based on Qualcomm/Atheros
QCA9558 + QCA9882 + AR8035 platform and is available only on US market.
Specification:
- 720/600/200 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of flash (SPI NOR)
- 1x 1 Gbps Ethernet (AR8035)
- 2T2R 2.4 GHz (QCA9558), with ext. PA (SE2565T) and LNA (SKY65971-11)
- 2T2R 5 GHz (QCA9882), with ext. PA (SE5003L1-R) and LNA (SKY65981-11)
- 2x U.FL connector on PCB
- 2x dual-band PCB antennas
- 1x LED, 2x dual-color LED (all driven by GPIO)
- 3x button (app config, led, reset)
- 1x mechanical on/off slide switch
- 1x UART (4-pin, 2.54 mm pitch) header on PCB
- 1x JTAG (8-pin, 1.27 mm pitch) header on PCB
Flash instruction:
Use 'factory' image directly in vendor GUI (default IP: 192.168.0.254,
default credentials: admin/admin).
Warning:
This device does not include any kind of recovery mechanism in U-Boot.
Vendor firmware access:
You can access vendor firmware over serial (RX line requires jumper
resistor in R306 place, near XTAL) with: root/sohoadmin credentials.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>