This fixes the following security problems:
* CVE-2019-9494: cache attack against SAE
* CVE-2019-9495: cache attack against EAP-pwd
* CVE-2019-9496: SAE confirm missing state validation in hostapd/AP
* CVE-2019-9497: EAP-pwd server not checking for reflection attack)
* CVE-2019-9498: EAP-pwd server missing commit validation for scalar/element
* CVE-2019-9499: EAP-pwd peer missing commit validation for scalar/element
* CVE-2019-11555: EAP-pwd message reassembly issue with unexpected fragment
Most of these problems are not relevant for normal users, SAE is only
used in ieee80211s mesh mode and EAP-pwd is normally not activated.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The bump to 4.9.181 broke build for bcm2708 and bcm2709. Revert the
offending patch.
The same revert is also queued for the next upstream 4.9.y release.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
It's a simple typo in the DNS file, which was pretty serious.
No scripts were working properly. Fix it up.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[integrate into openwrt target]
This patch adds a missing type property which prevented
the creation of oneshot and timer led triggers when they
are specified in the /etc/board.d/01_leds files.
i.e.:
ucidef_set_led_timer "system" "system" "zhuotk:green:system" "1000" "1000"
Fixes: b06a286a48 ("base-files: cleanup led functions in uci-defaults.sh")
Signed-off-by: Robinson Wu <wurobinson@qq.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[also fix oneshot as well]
There is a problem with the EA8500, the switch will not work after soft
reboot, the only way to get it working again is to power cycle it
manually.
There are probably several issues in the play, it's quite hard to fix it
without having access to the actual device, so I don't see any other
option now, then revert the offending commit.
Ref: PR#2047
Fixes: FS#2168 ("Switch no longer work after restart on Linksys EA8500")
Reported-by: Adam <424778940z@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
err_free_stats has been deprecated. Replace with err_netdev.
Compile-tested on: mvebu
Runtime-tested on: mvebu
Fixes: f63a1caf22 ("kernel: bump 4.14 to 4.14.125")
Signed-off-by: George Amanakis <gamanakis@gmail.com>
[altered hashes]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
It's needed for applying some hardware quirks. This fixes:
drivers/net/wireless/broadcom/brcm80211/brcmfmac/dmi.c:60:20: error: 'DMI_PRODUCT_SKU' undeclared here (not in a function); did you mean 'DMI_PRODUCT_UUID'?
DMI_EXACT_MATCH(DMI_PRODUCT_SKU, "T8"),
Fixes: 2cd234d96b ("mac80211: brcm: backport remaining brcmfmac 5.2 patches")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4d11c4c378)
1) Crash/Oops fixes
2) One-line patch for BCM43456 support
3) Fix communication with some specific FullMAC firmwares
4) Potential fix for "Invalid packet id" errors
5) Important helper for reporting FullMAC firmware crashes
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Memory is allocated with devm_kzalloc() on every page program
and leaks until device is closed (which never happens).
Convert to kzalloc() and handle error paths manually.
Signed-off-by: Mantas Pucka <mantas@8devices.com>
The "bridge allow reception on disabled port" implementation
was broken after these commits:
b765f4be40 ("kernel: bump 4.14 to 4.14.114")
456f486b53 ("kernel: bump 4.9 to 4.9.171")
This leads to issues when for example WDS is used, tied to a bridge:
[ 96.503771] wlan1: send auth to d4:5f:25:eb:09:82 (try 1/3)
[ 96.517956] wlan1: authenticated
[ 96.526209] wlan1: associate with d4:5f:25:eb:09:82 (try 1/3)
[ 97.086156] wlan1: associate with d4:5f:25:eb:09:82 (try 2/3)
[ 97.200919] wlan1: RX AssocResp from d4:5f:25:eb:09:82 (capab=0x11 status=0 aid=1)
[ 97.208706] wlan1: associated
[ 101.312913] wlan1: deauthenticated from d4:5f:25:eb:09:82 (Reason: 2=PREV_AUTH_NOT_VALID)
It seems upstream introduced a new patch, [1]
so we have to reimplement these patches properly:
target/linux/generic/pending-4.9/150-bridge_allow_receiption_on_disabled_port.patch
target/linux/generic/pending-4.14/150-bridge_allow_receiption_on_disabled_port.patch
[1] https://lkml.org/lkml/2019/4/24/1228
Fixes: b765f4be40 ("kernel: bump 4.14 to 4.14.114")
Fixes: 456f486b53 ("kernel: bump 4.9 to 4.9.171")
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
[updated commit message and title]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Drop the legacy start() and stop() procedures and define a proper
reload signal action instead.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f664d560df)
Rather than wait until the patches hit vanilla and
get backported via the stable kernel, this patch
patches the crypto4xx driver with the latest fixes
from the upstream linux-crypto tree.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Highlights of this version:
- Change default RSA, DSA and DH size to 2048 bit
- Reject invalid EC point coordinates
This avoids CVE-2019-9498 and CVE-2019-9499 in hostapd
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
This fixes a patch for the ARC architecture.
This was found by the build bot.
Fixes: 810ee3b84a ("kernel: bump 4.14 to 4.14.104")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
It was present as 4.4 compatibility, but since we now use 4.9 or later
with the new upstream solution, we don't need it anymore.
This also fixes a serious regression introduced by ac9bcefa3b, which
changed the precedence of linux,part-probe and the new-type partitions
node compatible string, causing caldata partitions to be overwritten.
Fixes: ac9bcefa3b ("kernel: use V10 of mtd patchset adding support for "compatible" string")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit 7880a6f7fe)
The binding works the same, so we can just drop the revert and the patch.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit abb28bec25)
Network for the Archer C25 v1 is set up without switch for no
obvious reason. The LED setup is even done switch-based.
This patch changes network setup so a switch is created.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This fixes a patch for the ARC architecture.
This was found by the build bot.
Fixes: 5183df0dbf ("kernel: bump 4.9 to 4.9.161")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This adds the host staging directory to the include path to make it use
the zlib.h files from the staging include directory and also link
against the zlib version from the staging directory.
This fixes a compile problem when the zlib header were not installed on
the build host.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The root file system of the a5-v11 image was too big and broke the
build, remove the USB modules from the default image to make it smaller.
This should fix the build again.
This was found by the build bot.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This reverts commit c6aa9ff388.
Further testing has revealed that we will need to allow concurrent
requests after all, especially for situations where CGI processes
initiate further HTTP requests to the local host.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f00a4ae6e0)
Go for openwrt passes pkg-config arguments in the format of
pkg-config --cflags -- pkg-name
which in turn will be passed down to the real pkg-config as something
like
pkg-config.real --cflags -- pkg-name --define...
and causes the real pkg-config implementation to missinterpret the given
argument list.
This also helps to fix https://github.com/golang/go/issues/27940
Signed-off-by: Arthur Skowronek <arthur.skowronek@tuta.io>
(cherry picked from commit 5f2cb6d7dc)
Hauke Mehrtens
Matthias Schiffer
Linus Walleij
Robinson Wu
Koen Vandeputte
Petr Štetiar
George Amanakis
Rafał Miłecki
Mantas Pucka
Christian Lamparter
Chen Minqiang
Jo-Philipp Wich
Eneas U de Queiroz
Hans Dedecker
Jonas Gorski
Adrian Schmutzler
Ted Hess
Arthur Skowronek