Changes between 3.0.15 and 3.0.16 [11 Feb 2025]
CVE-2024-13176[1] - Fixed timing side-channel in ECDSA signature
computation.
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In
particular the NIST P-521 curve is affected. To be able to measure this
leak, the attacker process must either be located in the same physical
computer or must have a very fast network connection with low latency.
CVE-2024-9143[2] - Fixed possible OOB memory access with invalid
low-level GF(2^m) elliptic curve parameters.
Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit
values for the field polynomial can lead to out-of-bounds memory reads
or writes. Applications working with "exotic" explicit binary (GF(2^m))
curve parameters, that make it possible to represent invalid field
polynomials with a zero constant term, via the above or similar APIs,
may terminate abruptly as a result of reading or writing outside of
array bounds. Remote code execution cannot easily be ruled out.
1. https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
2. https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
Build system: x86/64
Build-tested: bcm27xx/bcm2712
Run-tested: bcm27xx/bcm2712
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/17947
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit b4e6fd7b76440076eeff3a0789d40acbb5363ecf)
b43aeb5 wireless-regdb: assert and correct maximum bandwidth within frequency difference
68588bf wireless-regdb: Update regulatory info for Syria (SY) for 2020
0dda57e wireless-regdb: Update regulatory info for Moldova (MD) on 6GHz for 2022
b19ab0b wireless-regdb: Update regulatory info for Azerbaijan (AZ) on 6GHz for 2024
f67f40d wireless-regdb: Update regulatory info for Oman (OM)
bd70876 wireless-regdb: Update regulatory rules for Armenia (AM) on 2.4 and 5 GHz
6c7cbcc wireless-regdb: Permit 320 MHz bandwidth in 6 GHz band in ETSI/CEPT
f9f6b30 wireless-regdb: Update regulatory rules for Austria (AT)
39b47ea wireless-regdb: Update regulatory info for Cayman Islands (KY) for 2024
3dd7ceb wireless-regdb: allow NO-INDOOR flag in db.txt
4d754a1 wireless-regdb: Update regulatory rules for Iran (IR) on both 2.4 and 5Ghz for 2021
8c8308a wireless-regdb: Update frequency range with NO-INDOOR for Oman (OM)
c2f11e2 wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Rudy Andram <rmandrad@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17957
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit da2cc98458f46745de95e88b6066620fbd02b190)
Check the return value of malloc and pread in case they fail.
Signed-off-by: Qiyuan Zhang <zhang.github@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/16070
(cherry picked from commit 3f014543cd4bd099dc089cbb9b9b2d7b0db8a021)
Signed-off-by: Rafal Boni <rafal.boni@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17889
Signed-off-by: Robert Marko <robimarko@gmail.com>
Fix a bug in linksys_bootcount.c that resetbc won't work on nand
with min I/O size> 2048.
Check the boot-log entry's intergrity with checksum.
Signed-off-by: Qiyuan Zhang <zhang.github@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/16070
(cherry picked from commit 62da99e6d506f3517f50c1efd61e1911df507ae3)
Signed-off-by: Rafal Boni <rafal.boni@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17889
Signed-off-by: Robert Marko <robimarko@gmail.com>
`$(( ))` will convert uninitialized variable to "0". If we want to
use "-n" to check the string length, it's necessary to make sure the
converted variable is not empty.
Fixes: 652a6677d5fa ("base-files: Add new functions for ath11k caldata")
Fixes: https://github.com/openwrt/openwrt/issues/17818
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/17892
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 094b6f593fb4943005e13e2f8581e66bb7c2c8cf)
When eeprom name is not defined, the file load function should
return an error code so that it can fallthrough to read eeprom
form NIC inside eFuse.
Fixes: https://github.com/openwrt/openwrt/issues/17854
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Link: https://github.com/openwrt/openwrt/pull/17892
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 693108a31835d43d5e92f116b4dbd9fbed06b7ed)
It seems the that this was forgotten during initial adding of the
device in 0688cf5aebe1dc9a2e7f3820861783c2a7a75d44
Thanks to
https://forum.openwrt.org/t/zyxel-gs1900-10hp-revision-b1-support-openwrt-firmware/131841/32
for putting me on the right track for this problem
Error that is being fixed - running fw_printenv results in:
"Warning: Bad CRC, using default environment"
and not showing boardmodel
Workaround, manually changing /etc/fw_env.config to
"/dev/mtd1 0x0 0x400 0x10000"
Signed-off-by: Klaas Demter <psychic-stool-cozy@duck.com>
Link: https://github.com/openwrt/openwrt/pull/17920
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 71a966c480432febcc5dd120e5b01662fa8ec328)
Depending on the config / circumstances, the get_psk call can be called
multiple times from differnt places, which can lead to wrong sta->psk_idx
values. The correct call is the one that is also interested in the vlan_id,
so use the vlan_id pointer as indication of when to set sta->psk_idx.
Also fix off-by-one error for secondary PSKs
Fixes: b2a2c286170d ("hostapd: add support for authenticating with multiple PSKs via ubus helper")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 8118b2dace06de839e1e23f018059995f4af5e11)
The 00 address_mask needs to be inverted, otherwise the mac address
allocation will modify the last byte instead of the first one.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 1ee44825ad0d00527c8850446affc820d74c6e8b)
93458ac dns: fix response to TYPE_PTR query
68af311 fix unicast response port and timeout
a2b4979 service: announce all services in single dns answer
4537734 display announced services in ubus call umdns browse
0b50c29 display more srv attributes in output of ubus browse function
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit d162fd5ed44af7a33c9aefd72479c1c77f3234e4)
c293afa01c13 network: add support for the local_network option
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit c34eee5f39827ca38c9d4d0acef46848098867fe)
322500403615 service: add default group @ to match all nodes
5f7860306200 ubus: rename unetd_ubus_notify to unetd_ubus_network_notify
d13752814651 enroll: add PEX sub-protocol to support enrolling new nodes into a network
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit c0f06cb6ac002ce90c10839b3d98aed8b41a2da5)
47b54cf5a4b6 types: introduce `ucv_array_sort_r()` and `ucv_object_sort_r()`
efeb57806552 types, vm: refactor usage of global variables
f9d2faf67de6 vm: reset signals when freeing VM
4e86847d802d lib: utilize `ucv_array_sort_r()` and `ucv_object_sort_r()`
c71444ea301f types: ucv_resource_create(): rename `typename` parameter to `type`
373df7299c79 nl80211: properly support split_wiphy_dump for single phys
9bcd25f54708 lexer: Preserve keyword, regexp flags until processing non-comment tokens
0a7ff4715cb8 main: pretty-print `-p` output by default
4c3d5b469156 struct: Add new buffer API for incremental packing/unpacking
efc4122124cb struct: do not use global variables for caching types
Fixes: https://github.com/jow-/ucode/issues/248
Fixes: https://github.com/jow-/ucode/issues/250
Fixes: https://github.com/efahl/owut/issues/25
Link: https://github.com/openwrt/openwrt/pull/17191
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit af6f1a90bbc824bd22814568c5b6990aa082ce8b)
b0b5d93 Merge pull request #234 from IdWV/fs
60e7a88 Merge pull request #232 from sebastianertz/lib-digest
1752779 digest: implement compile time option to exclude less common algorithms
c7268a1 ci: include libmd in MacOS CI builds
fcb6f70 lib: introduce digest library
1323a27 Merge pull request #246 from jow-/fix-upvalue-resolve
ed5ce8f types: resolve upvalue values in arrays and objects
a6e0641 vm: resolve upvalues before pushing them onto the stack
ef1baab ci: drop OpenWrt tests for now
63e18ea fs: eliminate the usage of global variables
b1bd7b5 types: add ucv_resource_create() helper
3408edf Merge pull request #244 from nbd168/nl80211
8af77e7 nl80211: add new attributes for multi-radio support
1423ad7 nl80211: cover extended feature and EHT rate info attributes
ee1d6d8 Merge pull request #237 from sebastianertz/math
4b18a9b Merge pull request #213 from jow-/improve-vector-macros
1f022c0 math: removed global variable for thread safety
e5fe6b1 treewide: refactor vector usage code
20307ee utils: improve vector utilities
aa18952 Merge pull request #241 from jow-/socket-local-fanout-decl
79ccd9c socket: provide local definition of `struct fanout_args`
402280d Merge pull request #239 from jow-/safe-insert-during-obj-iteration
07afe96 Merge pull request #240 from jow-/stricter-number-conversion
736d450 types: fix potential use after free on adding keys during iteration
4134e71 vallist: more thoroughly check for trailing garbage after numeric string
9cf53dd Merge pull request #226 from jow-/lexer-improvements
2b2e732 lexer: make api functions public
855854f lexer: emit comment and template statement block tokens
328a50f lexer: improve token position reporting
fa22732 Merge pull request #225 from jow-/compiler-fix-keyword-property-labels-after-spread
6e88c62 Merge pull request #224 from jow-/lib-fs-readline-leak
94d1211 compiler: properly treat property names after spread expressions
67cd123 fs: fix potential memory leak on i/o errors in .read()
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit ba9cdbeea862fada261b0a874e464b63ffa860ac)
Makes it easier to enable MDNS on wan without having to edit the firewall
configuration for it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 05138fe898ce2d102795bdc979a6d874a3d24424)
Unless another toolchain is present (or selected), build the bpf toolchain
whenever a package is selected that needs it.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 6605e45676815156f0c47d4117ee401e6616fcac)
To find the DS record for a given zone the parent zone's nameserver must
be queried and not the nameserver for the zone. Otherwise DNSSEC
verification for unsigned delegations breaks.
Signed-off-by: Uwe Kleine-König <uwe+openwrt@kleine-koenig.org>
Link: https://patchwork.ozlabs.org/project/openwrt/patch/20250127151223.1420006-1-uwe+openwrt@kleine-koenig.org/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6dc0f0c50cf1072ec3751c0fb1fc152a0a86487d)
Adjust wolfssl version for apk by removing the "-stable"
from the OpenWrt version, although it is still needed for
upstream download archive name.
Define PKG_BUILD_DIR accordingly.
Utilize new short version to simplify ABI_VERSION calculation.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/16906
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit be952e98bc1d768a0da5b84e59a6e7c04a1cdab8)
Commit d12753929165 removed support for it
Fixes: #17738
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a3154cfeb6c381576682a8cc5427a8b1bd9daf96)
Pass the correct device name in the network_del ubus call
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 80ba0d958dc96fb7aba26614f71325507fabd58a)
The USB PHY on the ar9330 and similar SoCs needs the PHY driver. In
OpenWrt 23.05 it was compiled into the kernel. The kernel 6.6
configuration does not compile it in any more, make the
kmod-usb-chipidea driver select it to add it to the images.
Fixes: https://github.com/openwrt/openwrt/issues/17710
Fixes: 04bdf9b3323e ("ath79: disable ath79 USB phy drivers by default")
Link: https://github.com/openwrt/openwrt/pull/17720
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b467e5a0afebbc4982213c03f90dfc6deb717b36)
atm_qos struct should be the same both for user and kernel spaces. Via
the __SO_ENCODE() macro it is used to define the SO_ATMQOS socket IOC.
During the VRX518 support introduction, the atm_trafprm sturct nested
into the atm_qos stucture was update with newer fields that are
referenced by the ATM TC layer of the VRX518 TC driver. These new fields
are intended to communicate information for extra traffic classes
supported by the driver. But we are still using vanilla kernel headers
to build the toolchain. Due to the atm.h header incoherency br2684ctl
from linux-atm tools is incapable to configure the ATM bridge netdev:
br2684ctl: Interface "dsl0" created sucessfully
br2684ctl: Communicating over ATM 0.1.2, encapsulation: LLC
br2684ctl: setsockopt SO_ATMQOS 22 <-- EINVAL errno
br2684ctl: Fatal: failed to connect on socket; File descriptor in bad state
There are two options to fix this incoherency. (a) update the header
file in the toolchain to build linux-atm against updated atm_trafprm and
atm_qos structures, or (b) revert atm_trafprm changes.
Since there are no actual users of the extra ATM QoS traffic classes,
just drop these extra traffic classes from vrx518_tc ATM TC layer and
drop the kernel patch updating atm.h.
Besides fixing the compatibility with linux-atm tools, removing the
kernel patch should simplify kernel updates removing unneeded burden of
maintenance.
Run tested with FRITZ!Box 7530 with disabled extra traffic classes and
then removed them entirely before the submission.
CC: John Crispin <john@phrozen.org>
Fixes: cfd42a0098 ("ipq40xx: add Intel/Lantiq ATM hacks")
Suggested-by: Andre Heider <a.heider@gmail.com>
Reported-and-tested-by: nebibigon93@yandex.ru
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Link: https://patchwork.ozlabs.org/project/openwrt/patch/20250122222654.21833-4-ryazanov.s.a@gmail.com/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6d6dc3a3c967174598a44503f4af281574660356)
ATM TC layer have some issues which effectively prevent VRX518 from
being used as ADSL modem. Specifically, there one crash during the ATM
layer configuration and wrong PVC ID selection on packet receiving what
breaks RX path. Fix both of the issues. Make subif iface registration
optional to prevent the crash (see more details in the new patch) and
update the hardcoded PVC ID to match the first allocated channel.
Run tested with FRITZ!Box 7530.
Fixes: 474bbe23b7 ("kernel: add Intel/Lantiq VRX518 TC driver")
Reported-and-tested-by: nebibigon93@yandex.ru
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Link: https://patchwork.ozlabs.org/project/openwrt/patch/20250122222654.21833-3-ryazanov.s.a@gmail.com/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 470335450e67002366fcbcd7334b15bdf008e44d)
It looks like VRX518 returns phys addr of data buffer in the 'data_ptr'
field of the RX descriptor and an actual data offset within the buffer
in the 'byte_off' field. In order to map the phys address back to
virtual we need the original phys address of the allocated buffer.
In the same driver applies offset to phys address before the mapping,
what leads to WARN_ON triggering in plat_mem_virt() function with
subsequent kernel panic:
WARNING: CPU: 0 PID: 0 at .../sw_plat.c:764 0xbf306cd0 [vrx518_tc@8af9f5d0+0x25000]
...
Unable to handle kernel NULL pointer dereference at virtual address 00000000
pgd = aff5701e
[00000000] *pgd=00000000
Internal error: Oops: 5 [#1] SMP ARM
Noticed in ATM mode, when chip always returns byte_off = 4.
In order to fix the issue, pass the phys address to plat_mem_virt() as
is and apply byte_off later for proper DMA syncing and on mapped virtual
address when copying RXed data into the skb.
Run tested with FRITZ!Box 7530 on both ADSL and VDSL (thanks Jan) links.
Fixes: 474bbe23b7 ("kernel: add Intel/Lantiq VRX518 TC driver")
Tested-by: Jan Hoffmann <jan@3e8.eu> # VDSL link
Reported-and-tested-by: nebibigon93@yandex.ru # ADSL link
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Link: https://patchwork.ozlabs.org/project/openwrt/patch/20250122222654.21833-2-ryazanov.s.a@gmail.com/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7bd579689d2304c73c263be3e030d76c551d6e87)
The lldp_class and lldp_location config option are only valid when
compiled with LLDP-MED support. If not they will cause lldpd not to
start.
Signed-off-by: Sebastian Pflieger <sebastian@pflieger.email>
Link: https://github.com/openwrt/openwrt/pull/17571
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 2c22d7c3a4a7edcce1af656c8cddb1ab163e3d02)
lldpd was updated, so reset PKG_RELEASE after the PKG_VERSION update.
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit abbec429b40f149f9c5a99a64ee7bf4e804fbb7d)
Changes (breaking):
- Remove support for building 802.3bt TLVs (broken).
Fix:
- Fix memory leaks in EDP/FDP decoding when receiving some TLVs twice.
- Do not set interface description continuously.
- Use a different Netlink socket for changes and queries.
Signed-off-by: Sebastian Pflieger <sebastian@pflieger.email>
Link: https://github.com/openwrt/openwrt/pull/17570
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit a18385041eaeaf6d98ab79a30ce5fba4e712b765)
047b2efc1348 CMakeLists.txt: bump minimum cmake version
16ff0badbde7 CMakeLists: add support for including ABIVERSION in the library version number
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit e046f8c318618162fcdd768c4a9eadd53c239629)
Increase PKG_RELEASE as follow-up for
("lantiq: fritz_cal_extract with reverse option for AVM FritzBox 7430").
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 4a8717b5e76edbc8e1f63122f8b05685e0b779db)
This implementation of fritz_cal_extract can also retrieve firmware
data stored in reverse byte order, as found in the AVM 7430 device.
This is done by intermediate storage in a buffer presumably large enough
to hold the complete data set. Currently, this buffer size is 128kB + 1kB
(some extra space for skipped data).
In the usual case of "forward" data, this implementation should behave
like the original implementation in all common cases. limit [-l] will
determine the amount of data read and size of buffer allocated.
However, if you are reading reversed data or didn't set a limit, the buffer
may be too small to hold all data. In this case, you can choose a higher
limit [-l] to enforce a sufficient buffer size.
Signed-off-by: Dustin Gathmann <dzsoftware@posteo.org>
Link: https://github.com/openwrt/openwrt/pull/15501
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit b2cac2a9785ada7c30388349f5d9a9bdcff2e730)
Adds patches for the temperature sensor on RTL822x.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit d7e82c78d7a2a84404198dab8faf8e142939eb05)
The patch adding temperature sensor support for r8169 has been removed upstream
and the functionality will be added to Realtek PHY instead:
1f691a1fc4
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit 0de9999a7819acf74f6adeaa27be363cf72409ab)
