This reverts commit cc78f934a9 since it
didn't contain a reference to the CVE it addresses. The next commit
will re-add the commit including a CVE reference in its commit message.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP
8d7970b8f3db pppd: Fix bounds check in EAP code
858976b1fc31 radius: Prevent buffer overflow in rc_mksid()
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 215598fd03)
The $(space) definition in the hostapd Makefile ceased to work with
GNU Make 4.3 and later, leading to syntax errors in the generated
Kconfig files.
Drop the superfluous redefinition and reuse the working $(space)
declaration from rules.mk to fix this issue.
Fixes: GH#2713
Ref: https://github.com/openwrt/openwrt/pull/2713#issuecomment-583722469
Reported-by: Karel Kočí <cynerd@email.cz>
Suggested-by: Jonas Gorski <jonas.gorski@gmail.com>
Tested-by: Shaleen Jain <shaleen@jain.sh>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit 766e778226)
This backports some security relevant patches from libubox master. These
patches should not change the existing API and ABI so that old
applications still work like before without any recompilation.
Application can now also use more secure APIs.
The new more secure interfaces are also available, but not used.
OpenWrt master and 19.07 already have these patches by using a more
recent libubox version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Call skb_orphan(skb) to call the owner's destructor function and make
the skb unowned.
This is necessary to prevent sk_wmem_alloc of a socket from overflowing,
which leads to ENOBUFS errors on application level.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(cherry picked from commit 996f02e5ba)
Fixes two CVEs:
- CVE-2019-15903 (Fix heap overflow triggered by XML_GetCurrentLineNumber)
- CVE-2018-20843 (Fix extraction of namespace prefixes from XML names)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit b4af2c689f)
Change the LED labels for hdd1/hdd2 in 01_leds to match their
counterpart in DTS.
Signed-off-by: Stephan Knauss <openwrt@stephans-server.de>
[improve commit title and message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit fbf297be38)
The Netgear WN2500RP V1 switch0 already works for LAN
however the port order for the LAN ports is inverted. Correct
physical port order watched from the back of the device is:
4 / 3 / 2 / 1
WAN port is absent on this device and therefore removed
from switch config.
Signed-off-by: Walter Sonius <walterav1984@gmail.com>
[move block to maintain alphabetic sorting]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 098cbc68ee)
The Netgear WNR3500 V2 switch0 already works for WAN/LAN
however the port order for the LAN ports is inverted. Correct
physical port order watched from the back of the device is:
Internet / 4 / 3 / 2 / 1 this resembles the Linksys E3000 V1.
Verfied with imagebuilder edit FILES=/etc/board.d/01_network
Signed-off-by: Walter Sonius <walterav1984@gmail.com>
(cherry picked from commit cf2f1fc687)
HC5962 has only 3 LAN ports, switch port 0 is unused
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(backported from commit 68f49df315)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
There are two identical wmac nodes in the dts file of MediaTek
LinkIt Smart 7688, so delete one of them.
Signed-off-by: Jack Chen <redchenjs@live.com>
(cherry picked from commit 4be271a486)
CONFIG_PINCTRL_SUN4I_A10 controls both the A10 and the A20 enablong of
the pinctrl driver, this is necessary since upstream commit
5d8d349618a9464714c07414c5888bfd9416638f ("pinctrl: sunxi: add A20
support to A10 driver") which has been included in v4.13 and onwards.
Fixes: ad2b3bf310 ("sunxi: Add support for kernel 4.14")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit 32e4eaef1b)
The button events "pressed" and "released" were switched. Tested with v18.06.4.
Signed-off-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit 3e1325b219)
commit e09da0169a ("ar71xx: fix Mikrotik board detection")
was generated based on testing a rb-912 board, on which detection failed.
Testing on more hardware shows something fun:
machine : MikroTik RouterBOARD 922UAGS-5HPacD
machine : Mikrotik RouterBOARD 912UAG-5HPnD
Both lowercase and uppercase are used.
So ensure we support both now ..
Fixes: e09da0169a ("ar71xx: fix Mikrotik board detection")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 845b2a1cfe)
Fix a typo in the machine type being extracted from /proc/cpuinfo
which causes all Mikrotik board to be undetected properly.
This lead to sysupgrade issues and probably some others too.
Fixes: acf2b6c888 ("ar71xx: base-files: fix board detect on new MikroTik devices")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit e09da0169a)
Move all MikroTik devices to new function to increase script execution
speed.
Machine name in new version of MikroTik RouterBOARD devices add "RB"
before model name:
Old machine name: MikroTik RouterBOARD 951Ui-2nD
New: MikroTik RouterBOARD RB951Ui-2nD
So this patch should fix it for all currently supported MikroTik boards.
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
[rebased,commit message facelift,script fixes]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[spotted missing 922UAGS-5HPacD]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit acf2b6c888)
[backport: do not add boards not supported in 18.06]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Some hAP lite routers aren't detected because
/proc/cpuinfo shows "RouterBOARD RB941-2nD"
instead of "RouterBOARD 941-2nD".
Fix that.
Signed-off-by: Julien Rabier <taziden@flexiden.org>
[Alter string to include all flavours + slight rewrite of commit msg]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 6570f3c93a)