Commit Graph

50688 Commits

Author SHA1 Message Date
Álvaro Fernández Rojas
670526efa3 bcm27xx: enable bcm2711 HW RNG
Also add a patch setting its quality, which should make it usable by khwrngd.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-20 19:53:50 +01:00
Álvaro Fernández Rojas
7747b3fa36 generic: add bcm2835-rng quality patch
This patch allows devices without a high resolution timer to boot up faster.
It should speed up boots for bcm2708 and bcm63xx.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-20 18:59:25 +01:00
Petr Štetiar
1bf6d70e60 openwrt-keyring: add OpenWrt 21.02 GPG/usign keys
49283916005d usign: add 21.02 release build pubkey
bc4d80f064f2 gpg: add OpenWrt 21.02 signing key

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2021-02-20 15:59:47 +01:00
Andreas Eberlein
a3e6521c1a x86: add led driver for PC Engines APU1
This driver adds the LED support for the PC Engines APU1.
This integrates the Linux kernel driver and includes a patch to support
 newer firmware versions. Also the default LED configuration is updated
 to use the correct devices.

Signed-off-by: Andreas Eberlein <foodeas@aeberlein.de>
2021-02-20 00:29:18 -10:00
Christian Lamparter
09e66112f1 wolfssl: fix Ed25519 typo in config prompt
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-02-20 11:11:13 +01:00
Raphaël Mélotte
fb860b4e41 hostapd: backport ignoring 4addr mode enabling error
This is a backport of the upstream commit 58bbbb598144 ("nl80211: Ignore
4addr mode enabling error if it was already enabled") which fixes same
issue as in the current fix contained in '130-wpa_supplicant-multi_ap_roam.patch',
but in a different way:

 nl80211_set_4addr_mode() could fail when trying to enable 4addr mode on
 an interface that is in a bridge and has 4addr mode already enabled.
 This operation would not have been necessary in the first place and this
 failure results in disconnecting, e.g., when roaming from one backhaul
 BSS to another BSS with Multi AP.

 Avoid this issue by ignoring the nl80211 command failure in the case
 where 4addr mode is being enabled while it has already been enabled.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
[bump PKG_RELEASE, more verbose commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2021-02-20 10:38:48 +01:00
David Bauer
bb817bb4b8 sdk: expose binary strip settings
Expose the SDK options for binary stripping to the menuconfig. This
way, packages can easily be built with debug symbols using the SDK.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-20 01:29:36 +01:00
Stijn Segers
af1b6799c6 ramips: overwrite reset gpio properties in EX6150 DTS
The Netgear EX6150 can, just like the D-Link DIR-860L rev B1, fail to
initialise both radios in some cases. Add the reset GPIOs explicitly
so the PCI-E devices get re-initialised properly. See also FS #3632.

Error shows up in dmesg as follows:

  [    1.560764] mt7621-pci 1e140000.pcie: pcie1 no card, disable it (RST & CLK)

Tested-by: Kurt Roeckx <kurt@roeckx.be>
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
[removed period from commit title]
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-20 01:27:00 +01:00
David Bauer
10e84bde36 openssl: update package sources
OpenSSL downloads itself are distributed using Akamai CDN, so use these
sources as the highest priority.

Remove a stale mirror which seems to be offline for a longer time
already.

Add fallbacks to the old release path also for the mirrors.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-20 01:26:40 +01:00
David Bauer
d6b785d477 ath79: add kernel 5.10 support
This adds Kernel 5.10 support for the generic, nand and tiny subtargets.

The following patch is not contained, as it needs to be reworked:
platform/920-mikrotik-rb4xx.patch

Tested-on:
 - Siemens WS-AP3610
 - Enterasys WS-AP3710
 - Aerohive HiveAP 121
 - TP-Link TL-WA901 v2
 - TP-Link TL-WR741 v1

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-20 01:26:33 +01:00
David Bauer
fb64e2c30f ath79: ar934x-nand: add kernel 5.10 compatibility
Adapt the driver to make it work with the NAND subsystem changes between
kernel 5.4 and 5.10.

Tested-on: Aerohive HiveAP121

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-20 01:26:22 +01:00
David Bauer
da55758cc5 ath79: specify device-type for PCI controllers
Specify the device_type property for PCI as well as PCIe controllers.
Otherwise, the PCI range parser will not be selected when using kernel
5.10.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-20 01:26:14 +01:00
David Bauer
3832403771 ath79: ag71xx: make kernel 5.10 compatible
Add the necessary kernel version ifdef switches in order to support the
kernel version 5.10.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-20 01:26:04 +01:00
David Bauer
5bd6d9377d mpc85xx-p1010: add Kernel 5.10 support
Tested on: Sophos RED 15W

The TP-Link WL-WDR4900 needs to be disabled when 5.10 becomes the
default kernel.

When building with all kmods enabled, the resulting kernel image
exceeds the maximum size the bootloader reads from the flash.

For more information, see GitHub issue #1773

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-20 01:26:00 +01:00
David Bauer
422b3e1993 rockchip: add Kernel 5.10 support
Remove all upstreamed patches and add the kernel configuration for
version 5.10.

The Rock Pi 4 was split in multiple versions. Add a DTS with the old
name in order to keep compatibility while having kernel 5.4 and 5.10 in
parallel. Switch to the Rock Pi 4A DTS once Kernel 5.4 support is
removed.

Tested-on: Nanoi R2S

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-20 01:26:00 +01:00
Sungbo Eo
2ff9686040 kirkwood: rename files-5.4 to files
Move local DTS files from "files-5.4" to "files" directory so kernel 5.10
can use it.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2021-02-19 15:56:04 +01:00
Yangbo Lu
a31842e7fd layerscape: add new devices in README and clean up
Support new devices LS1046AFRWY and LX2160ARDB in README.
Clean up README, and add missing LS1021ATWR deploy guide.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[adjust set of devices added, update commit message/title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-19 15:30:10 +01:00
Yangbo Lu
80dcd14abe layerscape: add LX2160ARDB (Rev2.0 silicon) board support
The QorIQ LX2160A reference design board provides a comprehensive platform
that enables design and evaluation of the LX2160A processor.

- Enables network intelligence with the next generation Datapath (DPPA2)
  which provides differentiated offload and a rich set of IO, including
  10GE, 25GE, 40GE, and PCIe Gen4

- Delivers unprecedented efficiency and new virtualized networks

- Supports designs in 5G packet processing, network function
  virtualization, storage controller, white box switching, network
  interface cards, and mobile edge computing

- Supports all three LX2 family members (16-core LX2160A; 12-core LX2120A;
  and 8-core LX2080A)

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[use AUTORELEASE, add dtb to firmware part]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-19 15:29:46 +01:00
Yangbo Lu
f59d7aab2a layerscape: add ddr-phy package
Add ddr-phy package for layerscape. Currently only LX2160ARDB
requires the package.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[use AUTORELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-19 15:27:45 +01:00
Yangbo Lu
2c2d77bd3b layerscape: add FRWY-LS1046A board support
The LS1046A Freeway board (FRWY) is a high-performance computing,
evaluation, and development platform that supports the QorIQ
LS1046A architecture processor capable of support more than 32,000
CoreMark performance. The FRWY-LS1046A board supports the QorIQ
LS1046A processor, onboard DDR4 memory, multiple Gigabit Ethernet,
USB3.0 and M2_Type_E interfaces for Wi-Fi.

The FRWY-LS1046A-TP includes the Coral Tensor Flow Processing Unit
that offloads AI/ML inferencing from the CPU to provide significant
boost for AI/ML applications. The FRWY-LS1046A-TP includes one M.2
TPU module and more modules can easily be added including USB
versions of the module to scale the AI/ML performance.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[rebase, use AUTORELEASE, fix sorting, add dtb to firmware part]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-19 15:27:15 +01:00
Adrian Schmutzler
a9075d42d7 layerscape: move rework-sdcard-images out of fsl-sdboot
Upcoming devices will not need the migration setup, so let's move
it out of the common definition.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-19 15:23:52 +01:00
Seo Suchan
ca6954e2dc ramips: use lzma-loader for Wevo devices
As kernel size increased it start to fail to load squishfs image,
using lzma-loader fixed it.
wevo_11acnas is almost same device as w2914ns-v2 except ram size,
so I expect same thing would've happen in that device too.

Signed-off-by: Seo Suchan <abnoeh@mail.com>
Reviewed-by: Sungbo Eo <mans0n@gorani.run>
2021-02-19 14:09:50 +01:00
Sander Vanheule
1e75909a35 ramips: mt7621: add TP-Link EAP235-Wall support
The TP-Link EAP235-Wall is a wall-mounted, PoE-powered AC1200 access
point with four gigabit ethernet ports.

When connecting to the device's serial port, it is strongly advised to
use an isolated UART adapter. This prevents linking different power
domains created by the PoE power supply, which may damage your devices.

The device's U-Boot supports saving modified environments with
`saveenv`. However, there is no u-boot-env partition, and saving
modifications will cause the partition table to be overwritten. This is
not an issue for running OpenWrt, but will prevent the vendor FW from
functioning properly.

Device specifications:
* SoC: MT7621DAT
* RAM: 128MiB
* Flash: 16MiB SPI-NOR
* Wireless 2.4GHz (MT7603EN): b/g/n, 2x2
* Wireless 5GHz (MT7613BEN): a/n/ac, 2x2
* Ethernet: 4× GbE
  * Back side: ETH0, PoE PD port
  * Bottom side: ETH1, ETH2, ETH3
* Single white device LED
* LED button, reset button (available for failsafe)
* PoE pass-through on port ETH3 (enabled with GPIO)

Datasheet of the flash chip specifies a maximum frequency of 33MHz, but
that didn't work. 20MHz gives no errors with reading (flash dump) or
writing (sysupgrade).

Device mac addresses:
Stock firmware uses the same MAC address for ethernet (on device label)
and 2.4GHz wireless. The 5GHz wireless address is incremented by one.
This address is stored in the 'info' ('default-mac') partition at an
offset of 8 bytes.
From OEM ifconfig:
    eth     a4:2b:b0:...:88
    ra0     a4:2b:b0:...:88
    rai0    a4:2b:b0:...:89

Flashing instructions:
* Enable SSH in the web interface, and SSH into the target device
* run `cliclientd stopcs`, this should return "success"
* upload the factory image via the web interface

Debricking:
U-boot can be interrupted during boot, serial console is 57600 baud, 8n1
This allows installing a sysupgrade image, or fixing the device in
another way.
* Access serial header from the side of the board, close to ETH3,
  pin-out is (1:TX, 2:RX, 3:GND, 4:3.3V), with pin 1 closest to ETH3.
* Interrupt bootloader by holding '4' during boot, which drops the
  bootloader into its shell
* Change default 'serverip' and 'ipaddr' variables (optional)
* Download initramfs with `tftpboot`, and boot image with `bootm`
    # tftpboot 84000000 openwrt-initramfs.bin
    # bootm

Revert to stock:
Using the tplink-safeloader utility from the firmware-utils package,
TP-Link's firmware image can be converted to an OpenWrt-compatible
sysupgrade image:
  $ ./staging_dir/host/bin/tplink-safeloader -B EAP235-WALL-V1 \
      -z EAP235-WALLv1_XXX_up_signed.bin -o eap235-sysupgrade.bin

This can then be flashed using the OpenWrt sysupgrade interface. The
image will appear to be incompatible and must be force flashed, without
keeping the current configuration.

Known issues:
- DFS support is incomplete (known issue with MT7613)
- MT7613 radio may stop responding when idling, reboot required.
  This was an issue with the ddc75ff704 version of mt76, but appears to
  have improved/disappeared with bc3963764d.
  Error notice example:
  [ 7099.554067] mt7615e 0000:02:00.0: Message 73 (seq 1) timeout

Hardware was kindly provided for porting by Stijn Segers.

Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
2021-02-19 14:00:08 +01:00
Stijn Segers
0265cba40a ramips: remove factory image for TP-Link Archer C20 v1
Similarly to the Archer C2 v1, the Archer C20 v1 will brick when one
tries to flash an OpenWrt factory image through the TP-Link web UI.
The wiki page contains an explicit warning about this [1].

Disable the factory image altogether since it serves no purpose.

[1] https://openwrt.org/toh/tp-link/tp-link_archer_c20_v1#installation

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2021-02-19 13:56:27 +01:00
Adrian Schmutzler
63e1ce3e09 ath79: fix position of SPDX license identifier
Strictly, the identifier needs to be in the line directly after the
shebang.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-19 13:53:22 +01:00
Adrian Schmutzler
45e8d9b480 mediatek: fix SPDX license identifier on local DTS files
The SPDX license identifier must be in the first line of a file,
unless there is a shebang (then it's the second line).

Fix this for the local files, do not care about the upstream patches.

While at it, update the identifiers where necessary.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-02-19 13:47:45 +01:00
Álvaro Fernández Rojas
31a06f8fcc bcm63xx: update ethernet kernel panics fix
Use new patch from Sieng Piaw Liew.

Signed-off-by: Sieng Piaw Liew <liew.s.piaw@gmail.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-19 12:28:19 +01:00
Álvaro Fernández Rojas
7febba3e50 cypress-firmware: fix PKG_SOURCE_URL
Download link has been moved.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-19 11:06:23 +01:00
Daniel Golle
c7293bcfcc
mediatek: move mt7623a-unielec-u7623*.dts* out of patch
Instead of adding those device tree sources using a patch, simply move
them to the newly created dts folder.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-19 10:00:46 +00:00
Álvaro Fernández Rojas
5bab472a11 bcm27xx: add diag LEDs
We can now use the power LED for diag in more devices thanks to the latest
patches from the RPi foundation.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-19 08:09:11 +01:00
Álvaro Fernández Rojas
0aaa2cce1c bcm27xx: bcm2708: add missing RPi B DTS file
RPI 1B DTS has been splitted into 2 files:
 - bcm2708-rpi-b.dts: Newest (rev2) RPI 1B
 - bcm2708-rpi-b-rev1.dts: Old (rev1) RPI 1B

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-19 08:09:11 +01:00
Daniel Golle
e3b8849088
mediatek: more clean solution for out-of-tree DTS
Use approach suggested by Adrian Schmutzler instead of introducing
another device variable.
Also revert the unnecessary white-space changes accidentally introduced
by the previous commit.

Fixed: c067b1e79b ("mediatek: move out-of-tree DTS files to dedicated dts folder")
Suggested-by: Adrian Schmutzler <mail@adrianschmutzler.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-19 01:25:49 +00:00
Daniel Golle
c067b1e79b
mediatek: move out-of-tree DTS files to dedicated dts folder
Use dedicated dts folder like on ramips to store device tree source
files for boards not already supported in vanilla Linux.
Doing so instead of having them in files-* has several advantages:
 * we don't need to duplicate them for several kernel versions
 * changes to a device tree don't trigger a complete kernel rebuild
 * the files are more obvious to find

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-19 00:05:53 +00:00
Álvaro Fernández Rojas
8ad61118fd bcm27xx: add support for RPI CM4 and RPI 400
Support added to bcm2709 (32 bits) and bcm2711 (64 bits).

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-18 23:43:18 +01:00
Álvaro Fernández Rojas
1d3a9b1c00 bcm27xx-userland: update to latest version
Adds some fixes and removes upstreamed patch.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-18 23:42:46 +01:00
Álvaro Fernández Rojas
f41e653da9 bcm27xx-gpu-fw: update to latest version
This is needed to add support for CM4 and RPI 400.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-18 23:42:46 +01:00
Álvaro Fernández Rojas
f07e572f64 bcm27xx: import latest patches from the RPi foundation
bcm2708: boot tested on RPi B+ v1.2
bcm2709: boot tested on RPi 3B v1.2 and RPi 4B v1.1 4G
bcm2710: boot tested on RPi 3B v1.2
bcm2711: boot tested on RPi 4B v1.1 4G

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-18 23:42:32 +01:00
John Audia
5d3a6fd970 kernel: bump 5.4 to 5.4.99
Ran update_kernel.sh in a fresh clone without any existing toolchains.
No manual changes needed.

Build system: x86_64
Build-tested: bcm27xx/bcm2711

Signed-off-by: John Audia <graysky@archlinux.us>
2021-02-18 20:04:50 +01:00
Felix Fietkau
0db9d11865 build: fix ABI version for PROVIDES symbols
GetABISuffix does not work for intra-package ABI version of provided symbols,
since ABIV_$(provided) is not set.
Fix ABI version by using $(ABIV_$(1)) directly

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-18 19:57:57 +01:00
Mathias Kresin
d2d32dcd5f kernel: lantiq: fix Module.symvers handling
If an external module uses exported symbols from another external
module, Kbuild needs to have full knowledge of all symbols to
avoid spitting out warnings about undefined symbols.

Use PKG_EXTMOD_SUBDIRS to point to the build directory which contains
the Module.symvers.

Pass KERNEL_MAKE_FLAGS to the external module build, to inject
KBUILD_EXTRA_SYMBOLS. KBUILD_EXTRA_SYMBOLS holds a space separated list
of Module.symvers, which list all exported symbols.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2021-02-18 08:43:08 +01:00
Mathias Kresin
ba07cc0cbb lantiq: fritz7320: enable USB power supply
The USB ports if a FRIZZ!Box 7320 do not supply power to connected
devices.

Add the GPIOs enabling USB power as regulator, to enable USB power
supply as soon as the USB driver is loaded.

Fixes FS#3624

Signed-off-by: Mathias Kresin <dev@kresin.me>
2021-02-18 08:43:08 +01:00
David Bauer
5408399fcb generic: don't lock when recursively deleting partitions
When recursively deleting partitions, don't acquire the masters
partition lock twice. Otherwise the process endy up in a deadlocked
state.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-18 01:16:40 +01:00
David Bauer
0621b23efb generic: add various kernel 5.10 config symbols
These symbols were unset when configuring for ath79.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-18 01:16:20 +01:00
David Bauer
634c13c186 mediatek: add support for Ubiquiti UniFi 6 LR
Hardware
--------

MediaTek MT7622
512MB DDR3 RAM
64M SPI-NOR Flash (Winbond W25Q512JV)
MediaTek MT7622 802.11bgn 4T4R WMAC
MediaTek MT7915 802.11ax 4T4R
Marvell AQR1112 100/1000/2500 NBase-T PHY
Holtek HT32F52241 LED controller
Reset Switch

UART
----

CPU UART0 at the pinout next to the Holtek MCU.

Pinout (first pin next to SoC / MCU)

0 3V3
1 RX
2 TX
3 GND

Settings are 115200 8N1.

Opening the case
----------------

Opening the case is not a nice task, as itis glued together. Insert a
flat knife between the front and back casing below the ethernet port.
Open up a gap this way and insert a flat scredriver, remove the knife.

Work your way around the casing by applying force to seperate the front
and back casing. This losens the glue and opens the plastic clips. Be
gentle, as these clips are very cheap and break quickly.

Installation
------------

1. Connect to the booted device at 192.168.1.20 using username/password
   "ubnt".

2. Transfer the OpenWrt sysupgrade image to the device using SCP.

3. Check the mtd partition number for bs / kernel0 / kernel1

   $ cat /proc/mtd

4. Set the bootselect flag to boot from kernel0

   $ dd if=/dev/zero bs=1 count=1 of=/dev/mtdblock6

5. Write the OpenWrt sysupgrade image to both kernel0 as well as kernel1

   $ dd if=openwrt.bin of=/dev/mtdblock8
   $ dd if=openwrt.bin of=/dev/mtdblock9

6. Reboot the device. It should boot into OpenWrt.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-18 01:15:45 +01:00
David Bauer
c9137e2ddf mediatek: add Ubiquiti LED driver
Add a driver for controlling the RGB LED via Ubiquitis own "LEDBAR" LED
controller based on the Holtek HT32F52241 MCU.

This driver is initially used by the Ubiquiti UniFi 6 LR, however
judging from FCC pictures the MCU is also found on the U6-Mesh as well
as the U6-Extender.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-02-18 01:15:33 +01:00
Álvaro Fernández Rojas
f323dec4f8 bcm63xx: add kernel 5.10 support
Runtime-tested on Comtrend AR-5387un.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-02-17 20:40:16 +01:00
Daniel Golle
5bb9954826 kernel: update kernel 5.10 to 5.10.16
Compile and runtime-tested on mediatek/mt7622

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-17 13:48:43 +00:00
Felix Fietkau
5ea33837f8 build: fix build with CONFIG_STRIP_KERNEL_EXPORTS
Only use symtab.h on the final kernel link

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-17 13:49:43 +01:00
Eneas U de Queiroz
482c9ff289 openssl: bump to 1.1.1j
This fixes 4 security vulnerabilities/bugs:

- CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support
  SSLv2, but the affected functions still exist. Considered just a bug.

- CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and
  EVP_DecryptUpdate may overflow the output length argument in some
  cases where the input length is close to the maximum permissable
  length for an integer on the platform. In such cases the return value
  from the function call will be 1 (indicating success), but the output
  length value will be negative.

- CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to
  create a unique hash value based on the issuer and serial number data
  contained within an X509 certificate. However it was failing to
  correctly handle any errors that may occur while parsing the issuer
  field (which might occur if the issuer field is maliciously
  constructed). This may subsequently result in a NULL pointer deref and
  a crash leading to a potential denial of service attack.

- Fixed SRP_Calc_client_key so that it runs in constant time. This could
  be exploited in a side channel attack to recover the password.

The 3 CVEs above are currently awaiting analysis.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2021-02-17 09:24:47 +01:00
Rosen Penev
b59905f045 gettext-full: update to 0.21
Add m4 patch to avoid conflict with tools/autoconf-archive.

Add build parallel as it seems to work now.

Remove a bunch of uClibc-ng hacks as it is not in the tree anymore.

Format security patch was fixed upstream.

Refreshed other patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-16 19:27:55 -10:00