As announced on the mailing list, WireGuard will be in Linux 5.6. As a
result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is
moving to its own wireguard-tools repo. Meanwhile, the out-of-tree
kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux-
compat repo. Yesterday, releases were cut out of these repos, so this
commit bumps packages to match. Since wg(8) and the compat kernel module
are versioned and released separately, we create a wireguard-tools
Makefile to contain the source for the new tools repo. Later, when
OpenWRT moves permanently to Linux 5.6, we'll drop the original module
package, leaving only the tools. So this commit shuffles the build
definition around a bit but is basically the same idea as before.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit ea980fb9c6)
f4d759b dhcp.c: further improve validation
Further improve input validation for CVE-2020-11752
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 9e7d11f3e2)
cdac046 dns.c: fix input validation fix
Due to a slight foobar typo, failing to de-reference a pointer, previous
fix not quite as complete as it should have been.
Improve CVE-2020-11750 fix
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 9f7c8ed078)
ab7a39a umdns: fix unused error
45c4953 dns: explicitly endian-convert all fields in header and question
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 22ae8bd50e)
gcc 8 & 9 appear to be more picky with regards access alignment to
packed structures, leading to this warning in dns.c:
dns.c:261:2: error: converting a packed ‘struct dns_question’ pointer
(alignment 1) to a ‘uint16_t’ {aka ‘short unsigned int’} pointer
(alignment 2) may result in an unaligned pointer value
[-Werror=address-of-packed-member]
261 | uint16_t *swap = (uint16_t *) q;
Work around what I think is a false positive by turning the warning off.
Not ideal, but not quite as not ideal as build failure.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 02640f0147)
kmod-usb-dwc2 and kmod-usb-ledtrig-usbport are not target default packages, and
Belkin F7C027 does not have a USB port anyway. Just drop it.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 1dedad2a00)
This service file has been misplaced from the very beginning.
Fixes: dcc34574ef ("oxnas: bring in new oxnas target")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 01961f163d)
ZyXEL Keenetic has 8MB flash, but OpenWrt uses only 4MB.
This commit fixes the problem.
WikiDevi page [1] says that ZyXEL Keenetic has FLA1: 8 MiB, there is
an article with specs [2] (in Russian).
[1] https://wikidevi.wi-cat.ru/ZyXEL_Keenetic
[2] https://3dnews.ru/608774/page-2.html
Fixes: FS#2487
Fixes: a7cbf59e0e ("ramips: add new device ZyXEL Keenetic as kn")
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
(cherry picked from commit fea232ae8f)
Use power led for device status.
The status led behavior has already been fixed in af28d8a539
("ath79: add support for GL.iNet GL-AR750S") when porting the
device to ath79. This fixes it for ar71xx as well.
Signed-off-by: Jan Alexander <jan@nalx.net>
[minor commit title/message adjustments]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit d394c354ee)
The labels on the LAN ports of the TP-Link Archer C60 v1/v2 are
actually inverted compared to the ports of the internal switch.
Add this information to 02_network.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 14a07fa1f0)
The adjustment of the MAC address for Archer C60 v2 in 10_fix_wifi_mac
is broken since a "mac" partition is not set up for this device on
ar71xx. Instead, the MAC address is already patched correctly in
11-ath10k-caldata.
Remove the useless adjustment.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit cbdc919024)
The MAC addresses for lan/wan are swapped compared to the vendor
firmware. This adjusts to vendor configuration, which is:
lan *:7b label
wan *:7c label+1
2.4g *:7b label
5g *:7a label-1
Only one address is stored in <&mac 0x8>, corresponding to the label.
This has been checked on revisions v1, v2 and v3.
Since ar71xx calculates the ath10k MAC address based on the ethernet
addresses, the number there is adjusted, too.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 14eb54938b)
Doing up & down on non-Ethernet devices (e.g. monitor mode interface)
was consuming memory.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ec8e8e2ef0)
This reverts commit cc78f934a9 since it
didn't contain a reference to the CVE it addresses. The next commit
will re-add the commit including a CVE reference in its commit message.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP
8d7970b8f3db pppd: Fix bounds check in EAP code
858976b1fc31 radius: Prevent buffer overflow in rc_mksid()
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 215598fd03)
The $(space) definition in the hostapd Makefile ceased to work with
GNU Make 4.3 and later, leading to syntax errors in the generated
Kconfig files.
Drop the superfluous redefinition and reuse the working $(space)
declaration from rules.mk to fix this issue.
Fixes: GH#2713
Ref: https://github.com/openwrt/openwrt/pull/2713#issuecomment-583722469
Reported-by: Karel Kočí <cynerd@email.cz>
Suggested-by: Jonas Gorski <jonas.gorski@gmail.com>
Tested-by: Shaleen Jain <shaleen@jain.sh>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit 766e778226)
This backports some security relevant patches from libubox master. These
patches should not change the existing API and ABI so that old
applications still work like before without any recompilation.
Application can now also use more secure APIs.
The new more secure interfaces are also available, but not used.
OpenWrt master and 19.07 already have these patches by using a more
recent libubox version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Call skb_orphan(skb) to call the owner's destructor function and make
the skb unowned.
This is necessary to prevent sk_wmem_alloc of a socket from overflowing,
which leads to ENOBUFS errors on application level.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(cherry picked from commit 996f02e5ba)
Fixes two CVEs:
- CVE-2019-15903 (Fix heap overflow triggered by XML_GetCurrentLineNumber)
- CVE-2018-20843 (Fix extraction of namespace prefixes from XML names)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit b4af2c689f)
Change the LED labels for hdd1/hdd2 in 01_leds to match their
counterpart in DTS.
Signed-off-by: Stephan Knauss <openwrt@stephans-server.de>
[improve commit title and message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit fbf297be38)
The Netgear WN2500RP V1 switch0 already works for LAN
however the port order for the LAN ports is inverted. Correct
physical port order watched from the back of the device is:
4 / 3 / 2 / 1
WAN port is absent on this device and therefore removed
from switch config.
Signed-off-by: Walter Sonius <walterav1984@gmail.com>
[move block to maintain alphabetic sorting]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 098cbc68ee)
The Netgear WNR3500 V2 switch0 already works for WAN/LAN
however the port order for the LAN ports is inverted. Correct
physical port order watched from the back of the device is:
Internet / 4 / 3 / 2 / 1 this resembles the Linksys E3000 V1.
Verfied with imagebuilder edit FILES=/etc/board.d/01_network
Signed-off-by: Walter Sonius <walterav1984@gmail.com>
(cherry picked from commit cf2f1fc687)
HC5962 has only 3 LAN ports, switch port 0 is unused
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(backported from commit 68f49df315)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
