Fixes two CVEs:
- CVE-2019-15903 (Fix heap overflow triggered by XML_GetCurrentLineNumber)
- CVE-2018-20843 (Fix extraction of namespace prefixes from XML names)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit b4af2c689f)
Including "sys/stat.h" from newer glibc will cause __u64 from linux uapi
header to be included, causing compilation failure for u-boot tools
USE_HOSTCC
Remove typedef for __u64 in include/compiler.h to fix the issue. It should be
safe because as of u-boot-2018.03, no ref to __u64 is found under u-boot tools/
directory
Error message snippet follows
HOSTCC tools/mkenvimage.o
In file included from /usr/include/asm-generic/types.h:7,
from /usr/include/asm/types.h:5,
from /usr/include/linux/types.h:5,
from /usr/include/linux/stat.h:5,
from /usr/include/bits/statx.h:30,
from /usr/include/sys/stat.h:446,
from tools/mkenvimage.c:21:
/usr/include/asm-generic/int-ll64.h:31:42: error: conflicting types for '__u64'
31 | __extension__ typedef unsigned long long __u64;
| ^~~~~
In file included from <command-line>:
././include/compiler.h:69:18: note: previous declaration of '__u64' was here
69 | typedef uint64_t __u64;
| ^~~~~
make[5]: *** [scripts/Makefile.host:116: tools/mkenvimage.o] Error 1
Ref: https://forum.openwrt.org/t/compile-error-19-07/44423
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1699194
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed style
diff payload with shell metacharacters. The ed editor does not need to be
present on the vulnerable system. This is different from CVE-2018-1000156.
https://nvd.nist.gov/vuln/detail/CVE-2019-13638
Signed-off-by: Russell Senior <russell@personaltelco.net>
(cherry picked from commit bcfd1d7685)
In GNU patch through 2.7.6, the following of symlinks is mishandled in
certain cases other than input files. This affects inp.c and util.c.
https://nvd.nist.gov/vuln/detail/CVE-2019-13636
Signed-off-by: Russell Senior <russell@personaltelco.net>
(cherry picked from commit 995bcc5329)
Go for openwrt passes pkg-config arguments in the format of
pkg-config --cflags -- pkg-name
which in turn will be passed down to the real pkg-config as something
like
pkg-config.real --cflags -- pkg-name --define...
and causes the real pkg-config implementation to missinterpret the given
argument list.
This also helps to fix https://github.com/golang/go/issues/27940
Signed-off-by: Arthur Skowronek <arthur.skowronek@tuta.io>
(cherry picked from commit 5f2cb6d7dc)
Main site hasn't resolved for days so just add a few mirrors instead
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit a56c21f582)
Some packages like libpfring assume the presense of lex, which on some
other systems is a symlink to flex but not all. Symlink flex to fix
compilation.
Arch Linux and Fedora do this as far as I know.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from 7ef38e42c8)
uscan reports a new CVE now that PKG_CPE_ID was added.
Reordered patches by date.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[re-title commit & refresh patches]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from a6bd9d0cb6)
A new test case was adding in one of the patches fixing a problem, this
also included a change in the test/Makefile.am to add this test case.
The build system detected a change in the Makefile.am and wants to
regenerate the Makefile.in, but this fails because automake-1.15 is not
installed yet. As automake depends on patch being build first, make sure
we do not modify the Makefile.am.
This fixes build problem seen by the build bots.
Fixes: 4797dddfde ("patch: apply upstream cve fixes")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from 759f111f8d)
The Makefile.am changed and now patch wants to use automake to
regenerate the Makefile.in. Make sure automake was build before we build
patch.
This fixes build problem seen by the build bots.
Fixes: 4797dddfde ("patch: apply upstream cve fixes")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from 07e8c217cb)
Apply two upstream patches to address two CVEs:
* CVE-2018-1000156
* CVE-2018-6952
Add PKG_CPE_ID to Makefile.
Build tested on apm821xx and ar71xx.
Signed-off-by: Russell Senior <russell@personaltelco.net>
(backported from 4797dddfde)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
On some systems (Gentoo) configure stage fails because of docbook2man
working with SGML rather than with XML. We don't need xmlwf man pages so
we disable this.
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
(backported from 6e80dd58bb)
Currently flash from WebIF is broken for Archer C7 v5 EU models as their
SupportList entries are missing.
The added entries originate from TP-Links latest Archer C7 v5 EU
firmware.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 53020ed4b9)
Update bison to 3.0.5
Bugfix release
Remove 001-fix-macos-vasnprintf.patch as it is fixed upstream
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit df02e7a3c7)
Add a temporary workaround to compile with glibc 2.28
as some constants were removed and others made private
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
Add a temporary workaround to compile with glibc 2.28
as some constants were removed and others made private
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
This PR adds support for a popular low-cost 2.4GHz N based AP
Specifications:
- SoC: Qualcomm Atheros QCA9533 (650MHz)
- RAM: 64MB
- Storage: 8 MB SPI NOR
- Wireless: 2.4GHz N based built into SoC 2x2
- Ethernet: 1x 100/10 Mbps, integrated into SoC, 24V POE IN
Installation:
Flash factory image through stock firmware WEB UI
or through TFTP
To get to TFTP recovery just hold reset button while powering on for
around 4-5 seconds and release.
Rename factory image to recovery.bin
Stock TFTP server IP:192.168.0.100
Stock device TFTP adress:192.168.0.254
Notes:
TP-Link does not use bootstrap registers so without this patch reference
clock detects as 40MHz while it is actually 25MHz.
This is due to messed up bootstrap resistor configuration on the PCB.
Provided GPL code just forces 25MHz reference clock.
That causes booting with completely wrong clocks, for example, CPU tries
to boot at 1040MHz while the stock is 650MHz.
So this PR depends on PR #672 to remove 40MHz reference clock.
Thanks to Sven Eckelmann <sven@narfation.org> for properly patching that.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 5c5bf8b865)
TP-Link Archer C7 v5 is a dual-band AC1750 router, based on Qualcomm/Atheros
QCA9563+QCA9880.
Specification:
- 750/400/250 MHz (CPU/DDR/AHB
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 3T3R 5 GHz
- 5x 10/100/1000 Mbps Ethernet
- 10x LED, 2x button
- UART header on PCB
Flash instruction:
1. Upload lede-ar71xx-generic-archer-c7-v5-squashfs-factory.bin via Web interface
Flash instruction using TFTP recovery:
1. Set PC to fixed ip address 192.168.0.66
2. Download lede-ar71xx-generic-archer-c7-v5-squashfs-factory.bin
and rename it to ArcherC7v5_tp_recovery.bin
3. Start a tftp server with the file tp_recovery.bin in its root directory
4. Turn off the router
5. Press and hold Reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time
the firmware should be transferred from the tftp server
8. Wait ~30 second to complete recovery.
Signed-off-by: Arvid E. Picciani <aep@exys.org>
(cherry picked from commit bf39d5594b)
The default image does not fit 2 MB anymore, expand os-image partition
to 4 MB.
Upgrading works transparently via sysupgrade in both directions.
Another option would have been to merge "os-image" and "rootfs" into a
single "firmware" partition using MTD_SPLIT_TPLINK_FW, but just
changing the sizes of the existing partitioning has been deemed safer
and actually tested on an affected device; the maximum for rootfs
changes from 27 MB to 25 MB.
Run-tested on TP-Link Archer C2600.
Signed-off-by: Joris de Vries <joris@apptrician.nl>
[slh: extend comments and commit message, rename rootfs]
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit b72b36653a)
Our pkg-config wrapper relies on the ability to redefine the $prefix and
$exec_prefix variables in order to construct proper search paths relative
to the build environment.
Patch the .pc file template to construct libdir, sharedlibdir and includedir
relative to the ${prefix} variable so that it can be overridden as needed.
This also fixes the libxml2/host build issue raised at
https://github.com/openwrt/packages/issues/6073 - it was caused by libxml2's
configure picking up a wrong host search path through zlib.pc, letting it
include the wrong endian.h, causing spurious member redeclaration errors in
system headers.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 4da832e201)
This tool is used to create headers on images for the
D-Link DNS-313 in gemini target.
Will be used after switching gemini to 4.14 kernel.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
MacOSX does not support "-Wl,-Bstatic" so do not force the static
linking.
We only copy the static libz library into the staging libraries
directories, the linker will anyway only find the static version and
link against that on all systems.
Fixes: 8dcd941d8b ("tools/zlib: move zlib build to tools")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Libressl version 2.7.0 and later implement more of the OpenSSL 1.1 API
and this needs some modifications of the code using it.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This version now uses autotools to configure the build system. They are
also using the newly added zlib package.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
These functions are not declared in any header file and only used in
same compile unit, mark them as static to remove one gcc warning and
make it easier for the compiler to optimize them out.
This also fixes some style problems to make this patch match the version
in the packages folder.
This is copied from this commit to the mtd-utils we pack into the image:
56d0dd56e9 ("mtd-utils: Mark some lzma functions as static")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This allows us to link the other tools against our libz and we do not
need the system zlib any more.
Only the static linked library is copied to the staging directory so we
have a statically linked library on all systems and not only on Linux.
This also adds the new dependencies of the packages which are depending
on zlib.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The new mkimage version requires a CONFIG_MKIMAGE_DTC_PATH variable to be
provided during build, in order to hardcode a path to a suitable DT
compiler executable.
Failure to do so will result in stray "sh: 1: -I: not found" errors when
invoking mkimage for FIT image generation.
Fix the issue by supplying "dtc" as CONFIG_MKIMAGE_DTC_PATH value during
build. As we intend our host utilities to be relocatable and since we're
already overriding PATH when invoking mkimage, an absolute path is not
required.
Fixes: b13e981d72 ("tools/mkimage: update to version 2018.03")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This activates support for fit images and some other new mkimage
features. Some of the patches were applied upstream and could be
removed.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Update cmake to 3.11.0
Remove 110-alpine_musl-compat.patch as it's integrated upstream
Rename and refresh patches
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Having the metainfo between kernel and rootfs prevents us from resizing
the kernel partition as necessary.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
TP-Link Archer C60 v2 is a dual-band AC1350 router, based on
Qualcomm/Atheros QCA9561 + QCA9886.
Specification:
- 775/650/258 MHz (CPU/DDR/AHB)
- 64 MB of RAM (DDR2)
- 8 MB of FLASH (SPI NOR)
- 3T3R 2.4 GHz
- 2T2R 5 GHz
- 5x 10/100 Mbps Ethernet
- 7x LED, 2x button
- UART header on PCB
Flash instruction (web):
Download lede-ar71xx-generic-archer-c60-v2-squashfs-factory.bin and use
OEM System Tools - Firmware Upgrade site.
Flash instruction (recovery):
1. Set PC to fixed IP address 192.168.0.66
2. Download lede-ar71xx-generic-archer-c60-v2-squashfs-factory.bin and
rename it to tp_recovery.bin
3. Start a tftp server with the file tp_recovery.bin in its root
directory
4. Turn off the router
5. Press and hold reset button
6. Turn on router with the reset button pressed and wait ~15 seconds
7. Release the reset button and after a short time the firmware should
be transferred from the tftp server
8. Wait ~30 second to complete recovery
Flash instruction (under U-Boot, using UART):
tftp 0x81000000 lede-ar71xx-...-sysupgrade.bin
erase 0x9f030000 +$filesize
cp.b $fileaddr 0x9f030000 $filesize
reset
Signed-off-by: Henryk Heisig <hyniu@o2.pl>