Permalink
Commits on Aug 10, 2018
  1. mbedtls: update to version 2.7.5

    hauke committed Aug 10, 2018
    This fixes the following security problems:
    * CVE-2018-0497: Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel
    * CVE-2018-0498: Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel
    
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
  2. curl: fix some security problems

    hauke committed Aug 10, 2018
    This fixes the following security problems:
    * CVE-2017-1000254: FTP PWD response parser out of bounds read
    * CVE-2017-1000257: IMAP FETCH response out of bounds read
    * CVE-2018-1000005: HTTP/2 trailer out-of-bounds read
    * CVE-2018-1000007: HTTP authentication leak in redirects
    * CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write
    * CVE-2018-1000121: LDAP NULL pointer dereference
    * CVE-2018-1000122: RTSP RTP buffer over-read
    * CVE-2018-1000301: RTSP bad headers buffer over-read
    
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
  3. wpa_supplicant: fix CVE-2018-14526

    blogic authored and hauke committed Aug 10, 2018
    Unauthenticated EAPOL-Key decryption in wpa_supplicant
    
    Published: August 8, 2018
    Identifiers:
    - CVE-2018-14526
    Latest version available from: https://w1.fi/security/2018-1/
    
    Vulnerability
    
    A vulnerability was found in how wpa_supplicant processes EAPOL-Key
    frames. It is possible for an attacker to modify the frame in a way that
    makes wpa_supplicant decrypt the Key Data field without requiring a
    valid MIC value in the frame, i.e., without the frame being
    authenticated. This has a potential issue in the case where WPA2/RSN
    style of EAPOL-Key construction is used with TKIP negotiated as the
    pairwise cipher. It should be noted that WPA2 is not supposed to be used
    with TKIP as the pairwise cipher. Instead, CCMP is expected to be used
    and with that pairwise cipher, this vulnerability is not applicable in
    practice.
    
    When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data
    field is encrypted using RC4. This vulnerability allows unauthenticated
    EAPOL-Key frames to be processed and due to the RC4 design, this makes
    it possible for an attacker to modify the plaintext version of the Key
    Data field with bitwise XOR operations without knowing the contents.
    This can be used to cause a denial of service attack by modifying
    GTK/IGTK on the station (without the attacker learning any of the keys)
    which would prevent the station from accepting received group-addressed
    frames. Furthermore, this might be abused by making wpa_supplicant act
    as a decryption oracle to try to recover some of the Key Data payload
    (GTK/IGTK) to get knowledge of the group encryption keys.
    
    Full recovery of the group encryption keys requires multiple attempts
    (128 connection attempts per octet) and each attempt results in
    disconnection due to a failure to complete the 4-way handshake. These
    failures can result in the AP/network getting disabled temporarily or
    even permanently (requiring user action to re-enable) which may make it
    impractical to perform the attack to recover the keys before the AP has
    already changes the group keys. By default, wpa_supplicant is enforcing
    at minimum a ten second wait time between each failed connection
    attempt, i.e., over 20 minutes waiting to recover each octet while
    hostapd AP implementation uses 10 minute default for GTK rekeying when
    using TKIP. With such timing behavior, practical attack would need large
    number of impacted stations to be trying to connect to the same AP to be
    able to recover sufficient information from the GTK to be able to
    determine the key before it gets changed.
    
    Vulnerable versions/configurations
    
    All wpa_supplicant versions.
    
    Acknowledgments
    
    Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU
    Leuven for discovering and reporting this issue.
    
    Possible mitigation steps
    
    - Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This
    can be done also on the AP side.
    
    - Merge the following commits to wpa_supplicant and rebuild:
    
    WPA: Ignore unauthenticated encrypted EAPOL-Key data
    
    This patch is available from https://w1.fi/security/2018-1/
    
    - Update to wpa_supplicant v2.7 or newer, once available
    
    Signed-off-by: John Crispin <john@phrozen.org>
  4. tools: findutils: fix compilation with glibc 2.28

    luaraneda authored and hauke committed Aug 9, 2018
    Add a temporary workaround to compile with glibc 2.28
    as some constants were removed and others made private
    
    Signed-off-by: Luis Araneda <luaraneda@gmail.com>
  5. tools: m4: fix compilation with glibc 2.28

    luaraneda authored and hauke committed Aug 9, 2018
    Add a temporary workaround to compile with glibc 2.28
    as some constants were removed and others made private
    
    Signed-off-by: Luis Araneda <luaraneda@gmail.com>
  6. brcm47xx: revert upstream commit breaking BCM4718A1

    Rafał Miłecki
    Rafał Miłecki committed Jul 27, 2018
    This fixes kernel hang when booting on BCM4718A1 (& probably BCM4717A1).
    
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
    (cherry picked from commit 4c1aa64)
    Fixes: aaecfec ("kernel: bump kernel 4.4 to version 4.4.139")
Commits on Aug 9, 2018
  1. kernel: ext4: fix check to prevent initializing reserved inodes

    NeoRaider committed Aug 9, 2018
    The broken check would detect a newly generated root filesystem as corrupt
    under certain circumstances, in some cases actually currupting the it while
    trying to handle the error condition.
    
    This is a regression introduced in kernel 4.4.140. The 4.14.y stable series
    has already received this fix, while it is still pending for 4.4.y and
    4.9.y.
    
    Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
  2. kernel: bump kernel 4.4 to version 4.4.147

    NeoRaider committed Aug 9, 2018
    target/linux/ar71xx/patches-4.4/103-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch
    has been applied upstream; the two deleted brcm2708 patches have been
    useless even before (as the second one only reverted the first one).
    
    Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Commits on Aug 8, 2018
  1. firmware: amd64-microcode: update to 20180524

    wigyori committed Jul 7, 2018
      * New microcode update packages from AMD upstream:
        + New Microcodes:
          sig 0x00800f12, patch id 0x08001227, 2018-02-09
        + Updated Microcodes:
          sig 0x00600f12, patch id 0x0600063e, 2018-02-07
          sig 0x00600f20, patch id 0x06000852, 2018-02-06
      * Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support,
        plus other unspecified fixes/updates.
    
    Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
  2. firmware: intel-microcode: bump to 20180703

    wigyori committed Jul 30, 2018
      * New upstream microcode data file 20180703
        + Updated Microcodes:
          sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
          sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
          sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
          sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
          sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
          sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
          sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
          sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
          sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
          sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
        + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640
        + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
        + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
          Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
          Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
          server dies.
    
    Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Commits on Aug 4, 2018
  1. uclient: update to latest git HEAD

    jow- committed Aug 3, 2018
    f2573da uclient-fetch: use package name pattern in message for missing SSL library
    9fd8070 uclient-fetch: Check for nullpointer returned by uclient_get_url_filename
    f41ff60 uclient-http: basic auth: Handle memory allocation failure
    a73b23b uclient-http: auth digest: Handle multiple possible memory allocation failures
    66fb58d uclient-http: Handle memory allocation failure
    2ac991b uclient: Handle memory allocation failure for url
    63beea4 uclient-http: Implement error handling for header-sending
    eb850df uclient-utils: Handle memory allocation failure for url file name
    ae1c656 uclient-http: Close ustream file handle only if allocated
    
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
    (backported from commit e44162f)
  2. downloads.mk: introduce name-agnostic PROJECT_GIT variable

    jow- committed Jan 5, 2018
    Introduce a name-agnostic PROJECT_GIT variable poiting to
    https://git.openwrt.org/ and declare LEDE_GIT and OPENWRT_GIT
    as aliases to it.
    
    After some transition time we can drop this alias variables.
    
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
    (cherry picked from commit 4700544)
  3. sdk: include arch/arm/ Linux includes along with arch/arm64/ ones

    jow- committed Aug 3, 2018
    The Linux headers on arm64 architectures contain references to common
    arch/arm/ headers which were not bundled by the SDK so far.
    
    Check if we're packing the SDK for an arm64 target and if we do, also
    include arch/arm headers as well.
    
    Fixes FS#1725.
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
    (cherry picked from commit 4bb8a67)
  4. sdk: bundle usbip userspace sources

    jow- committed Aug 1, 2018
    Bundle the usbip utility sources shipped with the Linux kernel tree in
    order to allow the usbip packages from the package feed to build within
    the OpenWrt SDK.
    
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
    (cherry picked from commit d0e0b70)
Commits on Jul 25, 2018
  1. kmod-sched-cake: bump to 20180716

    Kevin Darbyshire-Bryant
    Kevin Darbyshire-Bryant committed Jul 15, 2018
    Bump to the latest cake recipe.
    
    This backports tc class support to kernel 4.9 and other than conditional
    kernel compilation pre-processor macros represents the cake that has
    gone upstream into kernel 4.19.  Loud cheer!
    
    Fun may be had by changing cake tin classification for packets on
    ingress. e.g.
    
    tc filter add dev ifb4eth0 parent 800b: protocol ip u32 match \
    ip dport 6981 0xffff action skbedit priority 800b:1
    
    Where 800b: represents the filter handle for the ifb obtained by 'tc
    qdisc' and the 1 from 800b:1 represents the cake tin number.  So the
    above example puts all incoming packets destined for port 6981 into the
    BULK (lowest priority) tin.
    
    f39ab9a Obey tin_order for tc filter classifiers
    1e2473f Clean up after latest backport.
    82531d0 Reorder includes to fix out of tree compilation
    52cbc00 Code style cleanup
    6cdb496 Fix argument order for NL_SET_ERR_MSG_ATTR()
    cab17b6 Remove duplicate call to qdisc_watchdog_init()
    71c7991 Merge branch 'backport-classful'
    32aa7fb Fix compilation on Linux 4.9
    9f8fe7a Fix compilation on Linux 4.14
    ceab7a3 Rework filter classification
    aad5436 Fixed version of class stats
    be1c549 Add cake-specific class stats
    483399d Use tin_order for class dumps
    80dc129 Add class dumping
    0c8e6c1 Fix dropping when using filters
    c220493 Add the minimum class ops
    5ed54d2 Start implementing tc filter/class support
    
    Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
    (cherry picked from commit c729c43)
  2. iproute2: merge upstream CAKE support

    jow- committed Jul 21, 2018
    Add upstream support for CAKE into iproute2 and conditionally enable it
    depending on the build environment we're running under.
    
    When running with SDK=1 and CONFIG_BUILDBOT=y we assume that we're
    invoked by the release package builder at
    http://release-builds.lede-project.org/17.01/packages/ and produce shared
    iproute2 executables with legacy CAKE support for older released kernels.
    
    When not running under the release package builder environment, produce
    nonshared packages using the new, upstream CAKE support suitable for
    the latest kernel.
    
    Depending on the environment, suffix the PKG_RELEASE field with either
    "-cake-legacy" or "-cake-upstream" to ensure that the nonshared packages
    are preferred by opkg for newer builds.
    
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Commits on Jul 22, 2018
  1. WDR4900v1 remove dt node for absent hw crypto.

    tim-seoss authored and yousong committed Jul 4, 2018
    The WDR4900v1 uses the P1040 SoC, so the device tree pulls in the
    definition for the related P1010 SoC.  However, the P1040 lacks the
    CAAM/SEC4 hardware crypto accelerator which the P1010 device tree
    defines.  If left defined, this causes the CAAM drivers (if present) to
    attempt to use the non-existent device, making various crypto-related
    operations (e.g. macsec and ipsec) fail.
    
    This commit overrides the incorrect dt node definition in the included
    file.
    
    See also:
     - https://bugs.openwrt.org/index.php?do=details&task_id=1262
     - https://community.nxp.com/thread/338432#comment-474107
    
    Signed-off-by: Tim Small <tim@seoss.co.uk>
    Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
    (cherry picked from commit e97aaf4)
Commits on Jul 20, 2018
  1. build: fix compile error when a package includes itself in PROVIDES

    nbd168 authored and jow- committed Jul 20, 2018
    Signed-off-by: Felix Fietkau <nbd@nbd.name>
    (cherry picked from commit 7c306ae)
Commits on Jul 19, 2018
  1. apm821xx: fix sata access freezes

    chunkeey authored and mkresin committed Jul 16, 2018
    The original vendor's driver programmed the dma controller's
    AHB HPROT values to enable bufferable, privileged mode. This
    along with the "same priorty for both channels" fixes the
    freezes according to @takimata, @And.short, that have been
    reported on the forum by @TiceRex.
    
    Furtheremore, @takimata reported that the patch also improved
    the performance of the HDDs considerably:
    |<https://forum.lede-project.org/t/wd-mybook-live-duo-two-disks/16195/55>
    |It seems your patch unleashed the full power of the SATA port.
    |Where I was previously hitting a really hard limit at around
    |82 MB/s for reading and 27 MB/s for writing, I am now getting this:
    |
    |root@OpenWrt:/mnt# time dd if=/dev/zero of=tempfile bs=1M count=1024
    |1024+0 records in
    |1024+0 records out
    |real    0m 13.65s
    |user    0m 0.01s
    |sys     0m 11.89s
    |
    |root@OpenWrt:/mnt# time dd if=tempfile of=/dev/null bs=1M count=1024
    |1024+0 records in
    |1024+0 records out
    |real    0m 8.41s
    |user    0m 0.01s
    |sys     0m 4.70s
    |
    |This means: 121 MB/s reading and 75 MB/s writing!
    |
    |[...]
    |
    |The drive is a WD Green WD10EARX taken from an older MBL Single.
    |I repeated the test a few times with even larger files to rule out
    |any caching, I'm still seeing the same great performance. OpenWrt is
    |now completely on par with the original MBL firmware's performance.
    
    Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
  2. Revert "iproute2: tc: bump to support kmod-sched-cake"

    Kevin Darbyshire-Bryant
    Kevin Darbyshire-Bryant committed Jul 19, 2018
    This reverts commit 8d4da3c.
    
    17.01.5 encountered mismatch between kmod version ABI & iproute2/tc
    version ABI.  Revert for now, revisit for 17.01.6
    
    Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
  3. Revert "kmod-sched-cake: bump to 20180716"

    Kevin Darbyshire-Bryant
    Kevin Darbyshire-Bryant committed Jul 19, 2018
    This reverts commit 0e1606b.
    
    17.01.5 encountered mismatch between kmod version ABI & iproute2/tc
    version ABI.  Revert for now, revisit for 17.01.6
    
    Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
  4. scripts: bundle-libraries: fix build on OS X (FS#1493)

    jow- committed Apr 26, 2018
    This allegedly fixes compilation of the library bundler preload library on
    Apple OS X. The resulting executables have not been runtime tested due to a
    lack of suitable test hardware.
    
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
    (cherry picked from commit 746c590)
  5. build: bundle-libraries.sh: patch bundled ld.so

    jow- committed Jan 25, 2018
    Remove references to /etc/, /lib/ and /usr/ from the bundled ld.so
    interpreter using simple binary patching.
    
    This is needed to prevent loading host system libraries such as
    libnss_compat.so.2 on foreign systems, which may result in ld.so
    inconsistency assertions.
    
    Signed-off-by: Jo-Philipp Wich <jo@mein.io>
    (cherry picked from commit a9a43f3)
Commits on Jul 17, 2018
  1. mtd: improve check for TRX header being already fixed

    Rafał Miłecki
    Rafał Miłecki committed Jul 15, 2018
    First of all lengths should be compared after checking all blocks for
    being good/bad. It's because requested length may differ from a final
    one if there were some bad blocks.
    
    Secondly it makes sense to also compare crc32 since we already have a
    new one calculated.
    
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
    (cherry picked from commit 82498a7)
  2. mtd: support bad blocks within the mtd_fixtrx()

    Rafał Miłecki
    Rafał Miłecki committed Jul 15, 2018
    Reading MTD data with (p)read doesn't return any error when accessing
    bad block. As the result, with current code, CRC32 covers "data" stored
    in bad blocks.
    
    That behavior doesn't match CFE's one (bootloader simply skips bad
    blocks) and may result in:
    1) Invalid CRC32
    2) CFE refusing to boot firmware with a following error:
    Boot program checksum is invalid
    
    Fix that problem by checking every block before reading its content.
    
    Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
    (cherry picked from commit 0f54489)
Commits on Jul 16, 2018
  1. iproute2: tc: bump to support kmod-sched-cake

    George Amanakis Kevin Darbyshire-Bryant
    George Amanakis authored and Kevin Darbyshire-Bryant committed Jul 15, 2018
    Signed-off-by: George Amanakis <gamanakis@gmail.com>
  2. kmod-sched-cake: bump to 20180716

    Kevin Darbyshire-Bryant
    Kevin Darbyshire-Bryant committed Jul 15, 2018
    Bump to the latest cake recipe.
    
    This backports tc class support to kernel 4.9 and other than conditional
    kernel compilation pre-processor macros represents the cake that has
    gone upstream into kernel 4.19.  Loud cheer!
    
    Fun may be had by changing cake tin classification for packets on
    ingress. e.g.
    
    tc filter add dev ifb4eth0 parent 800b: protocol ip u32 match \
    ip dport 6981 0xffff action skbedit priority 800b:1
    
    Where 800b: represents the filter handle for the ifb obtained by 'tc
    qdisc' and the 1 from 800b:1 represents the cake tin number.  So the
    above example puts all incoming packets destined for port 6981 into the
    BULK (lowest priority) tin.
    
    f39ab9a Obey tin_order for tc filter classifiers
    1e2473f Clean up after latest backport.
    82531d0 Reorder includes to fix out of tree compilation
    52cbc00 Code style cleanup
    6cdb496 Fix argument order for NL_SET_ERR_MSG_ATTR()
    cab17b6 Remove duplicate call to qdisc_watchdog_init()
    71c7991 Merge branch 'backport-classful'
    32aa7fb Fix compilation on Linux 4.9
    9f8fe7a Fix compilation on Linux 4.14
    ceab7a3 Rework filter classification
    aad5436 Fixed version of class stats
    be1c549 Add cake-specific class stats
    483399d Use tin_order for class dumps
    80dc129 Add class dumping
    0c8e6c1 Fix dropping when using filters
    c220493 Add the minimum class ops
    5ed54d2 Start implementing tc filter/class support
    
    Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
    (cherry picked from commit c729c43)
Commits on Jul 15, 2018
  1. LEDE v17.01.5: revert to branch defaults

    hauke committed Jul 15, 2018
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
  2. LEDE v17.01.5: adjust config defaults

    hauke committed Jul 15, 2018
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Commits on Jul 13, 2018
  1. kernel: bump kernel 4.4 to version 4.4.140

    hauke committed Jul 13, 2018
    These two patches:
            target/linux/ar71xx/patches-4.4/403-mtd_fix_cfi_cmdset_0002_status_check.patch
            target/linux/ramips/patches-4.4/0036-mtd-fix-cfi-cmdset-0002-erase-status-check.patch
    are replaced by upstream commit 242dbd2b3df ("mtd: cfi_cmdset_0002:
    Change erase functions to check chip good only")
    
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Commits on Jul 3, 2018
  1. kernel: bump kernel 4.4 to version 4.4.139

    hauke committed Jul 3, 2018
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Commits on Jun 24, 2018
  1. base-files: fix links in banner.failsafe

    SvenRoederer authored and dedeckeh committed Jun 12, 2018
    Update the link to the current section in the documentaion wiki.
    This fixes openwrt/packages#6282
    
    Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
Commits on Jun 22, 2018
  1. ar71xx: fix 5 GHz Wi-Fi on NBG6716

    malaakso authored and hauke committed Jan 14, 2018
    Some NBG6716 do not have ath10k calibration data in flash, only in chip
    OTP. To determine if flash has a valid calibration data, the first two
    bytes telling the length of the calibration data are checked against the
    requested length. If the lengths match, calibration data is valid and
    read from flash.
    
    Signed-off-by: Matti Laakso <matti.laakso@outlook.com>
Commits on Jun 21, 2018
  1. Revert "base-files: fix UCI config parsing and callback handling"

    dedeckeh committed Jun 21, 2018
    This reverts commit b6a1f43 as users
    report Qos scripts are broken (FS1602)
    
    Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Commits on Jun 16, 2018
  1. kernel: bump kernel 4.4 to version 4.4.138

    hauke committed Jun 16, 2018
    Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>