Commit Graph

45833 Commits

Author SHA1 Message Date
Eneas U de Queiroz
1fcd833c9a build: call ipkg-remove using xargs if #args>=512
The wildcard call to clean up luci package (luci*) can pick up over
2,300 files when the full tree is built. Running make package/luci/clean
or a second run of make package/luci/compile would fail with an
'Argument list too long' error.

To avoid that, a maybe_use_xargs function was created that runs the
command straight as usual if the number of arguments is < 512, or saves
the list in a temporary file and feeds it to xargs otherwise.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 78d1f3ac61)
2021-03-19 11:48:31 +01:00
Eneas U de Queiroz
33df82be36 build: package-ipkg: avoid calling wildcard twice
Instead of calling $(wildcard) to check if the removal list is empty,
then calling it again to actually remove the files, define a function so
that the arguments are expanded only once when it gets called.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 40acc13ca7)
2021-03-19 11:48:28 +01:00
Koen Vandeputte
3402334413 kernel: bump 4.14 to 4.14.224
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Compile-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2021-03-10 13:55:56 +01:00
Koen Vandeputte
55e9d87754 kernel: bump 4.14 to 4.14.223
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2021-03-10 13:55:56 +01:00
Eneas U de Queiroz
c64742a96e wolfssl: bump to v4.7.0-stable
Biggest fix for this version is CVE-2021-3336, which has already been
applied here.  There are a couple of low severity security bug fixes as
well.

Three patches are no longer needed, and were removed; the one remaining
was refreshed.

This tool shows no ABI changes:
https://abi-laboratory.pro/index.php?view=objects_report&l=wolfssl&v1=4.6.0&v2=4.7.0

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit d1dfb577f1)
2021-03-06 15:48:43 +01:00
Stefan Lippers-Hollmann
4b19b2db78 hostapd: P2P: Fix a corner case in peer addition based on PD Request
p2p_add_device() may remove the oldest entry if there is no room in the
peer table for a new peer. This would result in any pointer to that
removed entry becoming stale. A corner case with an invalid PD Request
frame could result in such a case ending up using (read+write) freed
memory. This could only by triggered when the peer table has reached its
maximum size and the PD Request frame is received from the P2P Device
Address of the oldest remaining entry and the frame has incorrect P2P
Device Address in the payload.

Fix this by fetching the dev pointer again after having called
p2p_add_device() so that the stale pointer cannot be used.

This fixes the following security vulnerabilities/bugs:

- CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c
  in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision
  discovery requests. It could result in denial of service or other
  impact (potentially execution of arbitrary code), for an attacker
  within radio range.

Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit 1ca5de13a1)
2021-03-06 15:48:43 +01:00
Petr Štetiar
0a08a9a2b4 build: fix checks for GCC11
Fedora 34 already uses GCC11.

Reported-by: Marcin Juszkiewicz <marcin-openwrt@juszkiewicz.com.pl>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit cae69d5581)
2021-03-06 15:48:03 +01:00
Adrian Schmutzler
a5672f6b96 Revert "base-files: source functions.sh in /lib/functions/system.sh"
This reverts commit 86aeac4fc9.

The reverted commit introduced a cyclic dependency between
/lib/functions.sh and /lib/functions/system.sh. Further details
are found in 282e817350 ("base-files: do not source system.sh
in functions.sh"), which was applied to master some time ago and
is included in 21.02.

With the current age of 19.07 branch, it seems safer to revert this
mostly cosmetic feature than investing further time into disentangling
the dependencies.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-03-01 22:33:20 +01:00
Koen Vandeputte
b4a4d04b91 kernel: bump 4.14 to 4.14.222
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2021-02-26 10:11:21 +01:00
Adrian Schmutzler
86aeac4fc9 base-files: source functions.sh in /lib/functions/system.sh
The file /lib/functions/system.sh depends on find_mtd_index() and
find_mtd_part() located in /lib/function.sh, so let's source that
file.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(backported from commit ae636effd2)
2021-02-24 18:05:02 +01:00
Raphaël Mélotte
e9c0c5021c hostapd: backport ignoring 4addr mode enabling error
This is a backport of the upstream commit 58bbbb598144 ("nl80211: Ignore
4addr mode enabling error if it was already enabled").

 nl80211_set_4addr_mode() could fail when trying to enable 4addr mode on
 an interface that is in a bridge and has 4addr mode already enabled.
 This operation would not have been necessary in the first place and this
 failure results in disconnecting, e.g., when roaming from one backhaul
 BSS to another BSS with Multi AP.

 Avoid this issue by ignoring the nl80211 command failure in the case
 where 4addr mode is being enabled while it has already been enabled.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
[bump PKG_RELEASE, more verbose commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit fb860b4e41)
2021-02-20 10:57:43 +01:00
Stijn Segers
a36d2ee310 ramips: remove factory image for TP-Link Archer C20 v1
Similarly to the Archer C2 v1, the Archer C20 v1 will brick when one
tries to flash an OpenWrt factory image through the TP-Link web UI.
The wiki page contains an explicit warning about this [1].

Disable the factory image altogether since it serves no purpose.

[1] https://openwrt.org/toh/tp-link/tp-link_archer_c20_v1#installation

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
(backported from commit 0265cba40a)
2021-02-19 20:13:26 +01:00
Mathias Kresin
6aef4bc7c3 lantiq: fritz7320: enable USB power supply
The USB ports if a FRIZZ!Box 7320 do not supply power to connected
devices.

Add the GPIOs enabling USB power as regulator, to enable USB power
supply as soon as the USB driver is loaded.

Fixes FS#3624

Signed-off-by: Mathias Kresin <dev@kresin.me>
(cherry picked from commit 6e4e97b2256327bb380ee2a83da9a1ddf657e395)
2021-02-18 00:21:30 +01:00
Eneas U de Queiroz
6bf5bfc19f openssl: bump to 1.1.1j
This fixes 4 security vulnerabilities/bugs:

- CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support
  SSLv2, but the affected functions still exist. Considered just a bug.

- CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and
  EVP_DecryptUpdate may overflow the output length argument in some
  cases where the input length is close to the maximum permissable
  length for an integer on the platform. In such cases the return value
  from the function call will be 1 (indicating success), but the output
  length value will be negative.

- CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to
  create a unique hash value based on the issuer and serial number data
  contained within an X509 certificate. However it was failing to
  correctly handle any errors that may occur while parsing the issuer
  field (which might occur if the issuer field is maliciously
  constructed). This may subsequently result in a NULL pointer deref and
  a crash leading to a potential denial of service attack.

- Fixed SRP_Calc_client_key so that it runs in constant time. This could
  be exploited in a side channel attack to recover the password.

The 3 CVEs above are currently awaiting analysis.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 482c9ff289)
2021-02-17 09:28:22 +01:00
Hauke Mehrtens
f44153038e OpenWrt v19.07.7: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-16 23:30:33 +01:00
Hauke Mehrtens
d5ae565873 OpenWrt v19.07.7: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-16 23:30:28 +01:00
Koen Vandeputte
c4a6851c72 kernel: bump 4.14 to 4.14.221
Refreshed all patches.

Remove upstreamed hunk in:
- 302-dts-support-layerscape.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2021-02-15 16:22:37 +01:00
Baptiste Jonglez
f8b849103d ramips: ethernet: Disable TSO support to improve stability
Stability of this Ethernet driver has been a long-standing issue, with
many people reporting frequent "transmit queue timeouts" and even
occasional crashes.

Disabling TSO in the driver helps with stability, although it is likely a
workaround and might not fix the issue completely.

There is a slight slowdown in forwarding performance for TCP packets
(75 kpps vs. 80 kpps with comparable CPU utilization), but this is still
enough to forward close to 1 Gbit/s of full-sized packets across multiple
flows.

Master is using a different ethernet driver, so this is not a backport.
Because of this different driver, the upcoming 21.02 release does not seem
to be affected by these stability issues.

Thanks to mrakotiq for the initial patch.

Fixes: FS#2628
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
2021-02-15 10:12:59 +01:00
David Bauer
fec1aa6dfb mt76: update to the latest version
5c768de mt76: mt76x0: disable GTK offloading

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-15 01:21:54 +01:00
Kurt Roeckx
224fa47bf9 ramips: mark toggle input on EX6150 as a switch
The Netgear EX6150 has an Access Point/Extender switch. Set it as
an EV_SW. Otherwise when it's set to Access Point, it will trigger
failsafe mode during boot.

Fixes: FS#3590
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
(cherry picked from commit 539966554d)
2021-02-15 00:02:23 +01:00
Hauke Mehrtens
3a05aa17db mac80211: Remove 357-mac80211-optimize-skb-resizing.patch
This patch was adapted to apply on top of some stable changes, but we
are not sure if this is working correctly. Felix suggested to remove
this patch for now.

Fixes: 0a59e2a76e ("mac80211: Update to version 4.19.161-1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-14 20:27:50 +01:00
Stijn Segers
171d8bce0c ramips: remove factory image for TP-Link Archer C2 v1
Initial commit 8375623a06 ("ramips: add support for TP-Link Archer
C2") contains detailed installation instructions, which do not mention
a factory image. From what I can see, no support to install OpenWrt
through the vendor web interface has been added since. The factory
image is also conspicuously absent from the device page in the wiki.
Yet, it is available for download.

I bricked my Archer C2 loading the factory image through the web UI.
Serial showed this error during bootloop:

  Uncompressing Kernel Image ... LZMA ERROR 1 - must RESET board to recover

This patch disables the undocumented factory image so users won't get
tricked into thinking easy web UI flashing actually works.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
(backported from commit ad5e29d38a)
2021-02-14 18:56:05 +01:00
Adrian Schmutzler
2eb8444363 ath79: fix USB power GPIO for TP-Link TL-WR810N v1
The TP-Link TL-WR810N v1 is known to cause soft-brick on ath79 and
work fine for ar71xx [1]. On closer inspection, the only apparent
difference is the GPIO used for the USB regulator, which deviates
between the two targets.

This applies the value from ar71xx to ath79.

Tested successfully by a forum user.

[1] https://forum.openwrt.org/t/tp-link-tl-wr810n-v1-ath79/48267

Fixes: cdbf2de777 ("ath79: Add support for TP-Link WR810N")
Fixes: FS#3522

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 6934d30cf8)
2021-02-12 00:02:05 +01:00
Hauke Mehrtens
d5a8e85878 wolfssl: Backport fix for CVE-2021-3336
This should fix CVE-2021-3336:
DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not
cease processing for certain anomalous peer behavior (sending an
ED22519, ED448, ECC, or RSA signature without the corresponding
certificate).

The patch is backported from the upstream wolfssl development branch.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1f559cafe5)
2021-02-10 00:23:45 +01:00
Daniel González Cabanelas
cf5e5204d9 bcm63xx: sprom: override the PCI device ID
The PCI device ID detected by the wifi drivers on devices using a fallback
SPROM is wrong. Currently the chipnum is used for this parameter.

Most SSB based Broadcom wifi chips are 2.4 and 5GHz capable. But on
devices without a physical SPROM, the only one way to detect if the device
suports both bands or only the 5GHz band, is by reading the device ID from
the fallback SPROM.

In some devices, this may lead to a non working wifi on a 5GHz-only card,
or in the best case a working 2.4GHz-only in a dual band wifi card.

The offset for the deviceid in SSB SPROMs is 0x0008, whereas in BCMA is
0x0060. This is true for any SPROM version.

Override the PCI device ID with the one defined at the fallback SPROM, to
detect the correct wifi card model and allow using the 5GHz band if
supported.

The patch has been tested with the following wifi radios:

BCM43222: b43: both 2.4/5GHz working
          brcm-wl: both 2.4/5GHz working

BCM43225: b43: 2.4GHz, working
	 brcmsmac: working
	 brcm-wl: it lacks support

BCM43217: b43: 2.4GHz, working
	 brcmsmac: it lacks support
	 brcm-wl: it lacks support

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>

Backported from a0e0e621ca
2021-02-07 19:08:08 +01:00
Koen Vandeputte
4465b44fc1 kernel: bump 4.14 to 4.14.219
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2021-02-05 09:30:47 +01:00
Daniel González Cabanelas
4b9ade65ec bcm63xx: R5010UNv2: fix flash partitions for 16MB flash
The router Nucom R5010UN v2 has the partitions defined for a 8MB flash,
but the flash chip is 16MB size. We are wasting half of the flash.

Fix it and use generic names for partitions.

Fixes: 474cde6123 ("brcm63xx: probe SPI flash through DT")

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
(cherry picked from commit cef9e5a49f)
2021-02-04 22:19:13 +01:00
Daniel Golle
ab9cb390be hostapd: fix P2P group information processing vulnerability
A vulnerability was discovered in how wpa_supplicant processing P2P
(Wi-Fi Direct) group information from active group owners.
This issue was discovered by fuzz testing of wpa_supplicant by Google's
OSS-Fuzz.

https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[added the missing patch]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry-picked from commit 7c8c4f1be6)
2021-02-04 09:19:29 +01:00
Baptiste Jonglez
1e90091c5d opkg: update to latest git HEAD of branch openwrt-19.07
c5dccea libopkg: fix md5sum calculation
7cad0c0 opkg_verify_integrity: better logging and error conditions
14d6480 download: purge cached packages that have incorrect checksum
456efac download: factor out the logic for building cache filenames
b145030 libopkg: factor out checksum and size verification
74bac7a download: remove compatibility with old cache naming scheme

Fixes: FS#2690

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
2021-02-03 22:37:31 +01:00
Koen Vandeputte
312c05611b kernel: bump 4.14 to 4.14.218
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2021-02-02 11:52:31 +01:00
Felix Fietkau
3100649458 wolfssl: enable HAVE_SECRET_CALLBACK
Fixes wpad-wolfssl build

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 55e23f2c02)
2021-02-02 10:09:37 +01:00
Hauke Mehrtens
e9d2aa9dc6 wolfssl: Fix hostapd build with wolfssl 4.6.0
This fixes the following build problem in hostapd:
mipsel-openwrt-linux-musl/bin/ld: /builder/shared-workdir/build/tmp/ccN4Wwer.ltrans7.ltrans.o: in function `crypto_ec_point_add':
<artificial>:(.text.crypto_ec_point_add+0x170): undefined reference to `ecc_projective_add_point'
mipsel-openwrt-linux-musl/bin/ld: <artificial>:(.text.crypto_ec_point_add+0x18c): undefined reference to `ecc_map'
mipsel-openwrt-linux-musl/bin/ld: /builder/shared-workdir/build/tmp/ccN4Wwer.ltrans7.ltrans.o: in function `crypto_ec_point_to_bin':
<artificial>:(.text.crypto_ec_point_to_bin+0x40): undefined reference to `ecc_map'

Fixes: ba40da9045 ("wolfssl: Update to v4.6.0-stable")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e7d0d2e9dc)
2021-02-02 10:09:19 +01:00
Eneas U de Queiroz
2044c01de8 wolfssl: Update to v4.6.0-stable
This version fixes a large number of bugs and fixes CVE-2020-36177.

Full changelog at:
https://www.wolfssl.com/docs/wolfssl-changelog/
or, as part of the version's README.md:
https://github.com/wolfSSL/wolfssl/blob/v4.6.0-stable/README.md

Due a number of API additions, size increases from 374.7K to 408.8K for
arm_cortex_a9_vfpv3-d16.  The ABI does not change from previous version.

Backported patches were removed; remaining patch was refreshed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
[added reference to CVE]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ba40da9045)
2021-02-02 10:08:11 +01:00
Petr Štetiar
5ac0b2b431 mvebu: omnia: make initramfs image usable out of the box
Currently it's not possible to boot the device with just initramfs image
without additional effort as the initramfs image doesn't contain device
tree.  Fix it by producing FIT based image which could be booted with
following commands:

 setenv bootargs earlyprintk console=ttyS0,115200
 tftpboot ${kernel_addr_r} openwrt-mvebu-cortexa9-cznic_turris-omnia-initramfs-kernel.bin
 bootm ${kernel_addr_r}

Acked-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Reviewed-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry-picked from commit 337ff74894)
2021-02-02 10:06:04 +01:00
David Bauer
a7a207e18b mt76: update to the latest version
4ba1709 mt76: mt7603: add additional EEPROM chip ID

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-01 13:09:37 +01:00
Hauke Mehrtens
1ce5008597 wireguard: Fix compile with kernel 4.14.217
Backport a patch from wireguard to fix a compile problem with kernel
4.14.217.

Fixes: 2ecb22dc51 ("kernel: bump 4.14 to 4.14.217")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-29 21:12:43 +01:00
Hauke Mehrtens
2ecb22dc51 kernel: bump 4.14 to 4.14.217
Refreshed all patches.

Compile-tested on: ipq40xx, lantiq/xrx200, x86/64, ipq806x
Runtime-tested on: ipq40xx, lantiq/xrx200, x86/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-25 23:18:42 +01:00
Hauke Mehrtens
11f4918ebb dnsmasq: backport fixes
This should fix some error messages shown in the log like this one:
dnsmasq[16020]: failed to send packet: Network unreachable
dnsmasq[16020]: failed to send packet: Address family not supported by protocol

Fixes: e87c0d934c ("dnsmasq: Update to version 2.83")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-24 17:42:53 +01:00
Hans Dedecker
9999c87d3a netifd: fix IPv6 routing loop on point-to-point links
753c351 interface-ip: add unreachable route if address is offlink

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-01-21 21:06:20 +01:00
Hans Dedecker
250dbb3a60 odhcp6c: fix IPv6 routing loop on point-to-point links
64e1b4e ra: fix routing loop on point to point links
f16afb7 ra: align ifindex resolving

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-01-21 21:06:20 +01:00
Koen Vandeputte
d816c6cd31 kernel: bump 4.14 to 4.14.216
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2021-01-21 15:36:18 +01:00
Paul Spooren
c21d59dc11 imagebuilder: pass IB=1 on checking requirements
The patch 4a1a58a3  build, imagebuilder: Do not require libncurses-dev
was supposed to remove libncurses as a requirement for the ImageBuilder.
However as the IB=1 is only exported during building, not for checking
requirements, it did never actually work.

This commit export IB=1 to the requirement check.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 4f38063640)
2021-01-19 12:59:49 -10:00
Hauke Mehrtens
6fc02f2a45 OpenWrt v19.07.6: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-19 15:12:28 +01:00
Hauke Mehrtens
b12284a14c OpenWrt v19.07.6: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-19 15:12:19 +01:00
Hauke Mehrtens
8055e38794 dnsmasq: Backport some security updates
This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
  Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
  overflow in sort_rrset() when DNSSEC is used. This can allow a remote
  attacker to write arbitrary data into target device's memory that can
  lead to memory corruption and other unexpected behaviors on the target
  device.
* CVE-2020-25682:
  Dnsmasq versions before 2.83 is susceptible to buffer overflow in
  extract_name() function due to missing length check, when DNSSEC is
  enabled. This can allow a remote attacker to cause memory corruption
  on the target device.
* CVE-2020-25683:
  Dnsmasq version before 2.83 is susceptible to a heap-based buffer
  overflow when DNSSEC is enabled. A remote attacker, who can create
  valid DNS replies, could use this flaw to cause an overflow in a heap-
  allocated memory. This flaw is caused by the lack of length checks in
  rtc1035.c:extract_name(), which could be abused to make the code
  execute memcpy() with a negative size in get_rdata() and cause a crash
  in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
  A lack of proper address/port check implemented in Dnsmasq version <
  2.83 reply_query function makes forging replies easier to an off-path
  attacker.
* CVE-2020-25685:
  A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
  versions before 2.83 reply_query function allows remote attackers to
  spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
  Multiple DNS query requests for the same resource name (RRNAME) by
  Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
  traffic, using a birthday attack (RFC 5452), that can lead to DNS
  cache poisoning.
* CVE-2020-25687:
  Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
  overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
  remote attacker, who can create valid DNS replies, could use this flaw
  to cause an overflow in a heap-allocated memory. This flaw is caused
  by the lack of length checks in rtc1035.c:extract_name(), which could
  be abused to make the code execute memcpy() with a negative size in
  sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
  Service.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-19 14:10:02 +01:00
Hauke Mehrtens
733e62a8e1 uboot-at91: Add PKG_MIRROR_HASH to fix download
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.

I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 20a7c9d5c9)
2021-01-18 22:13:08 +01:00
Hauke Mehrtens
53814dadaf at91bootstrap: Add PKG_MIRROR_HASH to fix download
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.

I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a141e7a00e)
2021-01-18 22:12:21 +01:00
Rosen Penev
e30d3ea95f mbedtls: update to 2.16.9
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f13b623f5e)
2021-01-18 01:42:26 +01:00
Hauke Mehrtens
c7b9c85819 kernel: bump 4.14 to 4.14.215
Refreshed all patches.

Compile-tested on: ipq40xx, lantiq/xrx200, x86/64, ipq806x
Runtime-tested on: ipq40xx, lantiq/xrx200, x86/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-17 17:21:00 +01:00
Hauke Mehrtens
c9388fa986 kernel: bump 4.14 to 4.14.214
Refreshed all patches.

Removed patches because included in upstream:
- 499-mtd-parser-cmdline-Fix-parsing-of-part-names-with-co.patch
- 0071-2-PCI-qcom-Fixed-IPQ806x-PCIE-reset-changes.patch

Compile-tested on: ipq40xx, lantiq/xrx200, x86/64, ipq806x
Runtime-tested on: ipq40xx, lantiq/xrx200, x86/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-12 23:55:26 +01:00