GitLab

Fixes: FS#2833
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit 955634b4)

8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP
8d7970b8f3db pppd: Fix bounds check in EAP code
858976b1fc31 radius: Prevent buffer overflow in rc_mksid()
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 215598fd

)
Fixes: CVE-2020-8597
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

This reverts commit cc78f934

 since it
didn't contain a reference to the CVE it addresses. The next commit
will re-add the commit including a CVE reference in its commit message.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

2ee323c file: poke ustream after starting deferred program
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 04069fde)

Refreshed all patches.

Fixes:
- CVE-2013-1798

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>

Refreshed all patches.

Fixes:
- CVE-2013-1798

Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>

8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP
8d7970b8f3db pppd: Fix bounds check in EAP code
858976b1fc31 radius: Prevent buffer overflow in rc_mksid()
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 215598fd)

The $(space) definition in the hostapd Makefile ceased to work with
GNU Make 4.3 and later, leading to syntax errors in the generated
Kconfig files.

Drop the superfluous redefinition and reuse the working $(space)
declaration from rules.mk to fix this issue.

Fixes: GH#2713
Ref: https://github.com/openwrt/openwrt/pull/2713#issuecomment-583722469

Reported-by: Karel Kočí <cynerd@email.cz>
Suggested-by: Jonas Gorski <jonas.gorski@gmail.com>
Tested-by: Shaleen Jain <shaleen@jain.sh>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit 766e7782)

This chip is used on newer RB912UAG-5HPnD r2 boards:

Before:

[    0.642553] m25p80 spi0.0: unrecognized JEDEC id bytes: c8, 40, 10
[    0.649381] NAND flash driver for the RouterBOARD 91x series

After:

[    0.641714] m25p80 spi0.0: found gd25d05, expected m25p80
[    0.649916] m25p80 spi0.0: gd25d05 (64 Kbytes)
[    0.655122] Creating 4 MTD partitions on "spi0.0":
[    0.660164] 0x000000000000-0x00000000c000 : "routerboot"
[    0.667782] 0x00000000c000-0x00000000d000 : "hard_config"
[    0.675073] 0x00000000d000-0x00000000e000 : "bios"
[    0.682613] 0x00000000e000-0x00000000f000 : "soft_config"
[    0.690304] NAND flash driver for the RouterBOARD 91x series
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>

Refreshed all patches.

Fixes:
- CVE-2019-14896
- CVE-2019-14897

Remove upstreamed:
- 023-0007-crypto-crypto4xx-Fix-wrong-ppc4xx_trng_probe-ppc4xx_.patch

Altered patches:
- 102-MIPS-BCM63XX-move-code-touching-the-USB-private-regi.patch
- 105-MIPS-BCM63XX-add-support-for-the-on-chip-OHCI-contro.patch
- 106-MIPS-BCM63XX-register-OHCI-controller-if-board-enabl.patch
- 108-MIPS-BCM63XX-add-support-for-the-on-chip-EHCI-contro.patch
- 207-MIPS-BCM63XX-move-device-registration-code-into-its-.patch
- 350-MIPS-BCM63XX-support-settings-num-usbh-ports.patch
- 356-MIPS-BCM63XX-move-fallback-sprom-support-into-its-ow.patch
- 390-MIPS-BCM63XX-do-not-register-SPI-controllers.patch
- 391-MIPS-BCM63XX-do-not-register-uart.patch
- 392-MIPS-BCM63XX-remove-leds-and-buttons.patch
- 416-BCM63XX-add-a-fixup-for-ath9k-devices.patch
- 422-BCM63XX-add-a-fixup-for-rt2x00-devices.patch
-

Compile-tested on: brcm63xx, cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>

Refreshed all patches.

Fixes:
- CVE-2019-14896
- CVE-2019-14897

Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

80d161e opkg: Fix -Wformat-overflow warning
c09fe20 libopkg: fix skipping of leading whitespace when parsing checksums

Fixes: CVE-2020-7982
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c69c20c6)

This backports some security relevant patches from libubox master. These
patches should not change the existing API and ABI so that old
applications still work like before without any recompilation.
Application can now also use more secure APIs.

The new more secure interfaces are also available, but not used.

OpenWrt master and 19.07 already have these patches by using a more
recent libubox version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

Call skb_orphan(skb) to call the owner's destructor function and make
the skb unowned.

This is necessary to prevent sk_wmem_alloc of a socket from overflowing,
which leads to ENOBUFS errors on application level.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(cherry picked from commit 996f02e5)

Fixes two CVEs:
- CVE-2019-15903 (Fix heap overflow triggered by XML_GetCurrentLineNumber)
- CVE-2018-20843 (Fix extraction of namespace prefixes from XML names)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit b4af2c68)

Fixes side channel vulnerabilities in mbed TLS' implementation of ECDSA.

Release announcement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released

Security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12



Fixes:
 * CVE-2019-18222: Side channel attack on ECDSA
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit 6e96fd90)

Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>

Change the LED labels for hdd1/hdd2 in 01_leds to match their
counterpart in DTS.
Signed-off-by: Stephan Knauss <openwrt@stephans-server.de>
[improve commit title and message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit fbf297be)

The Netgear WN2500RP V1 switch0 already works for LAN
however the port order for the LAN ports is inverted. Correct
physical port order watched from the back of the device is:
4 / 3 / 2 / 1
WAN port is absent on this device and therefore removed
from switch config.
Signed-off-by: Walter Sonius <walterav1984@gmail.com>
[move block to maintain alphabetic sorting]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 098cbc68)

The Netgear WNR3500 V2 switch0 already works for WAN/LAN
however the port order for the LAN ports is inverted. Correct
physical port order watched from the back of the device is:
Internet / 4 / 3 / 2 / 1 this resembles the Linksys E3000 V1.

Verfied with imagebuilder edit FILES=/etc/board.d/01_network
Signed-off-by: Walter Sonius <walterav1984@gmail.com>
(cherry picked from commit cf2f1fc6)

HC5962 has only 3 LAN ports, switch port 0 is unused
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(backported from commit 68f49df3

)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>

Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>

Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>

Refreshed all patches.

Compile-tested on: cns3xxx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>

Add missing CONFIG_ prefix.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 41c19dd5)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

There are two identical wmac nodes in the dts file of MediaTek
LinkIt Smart 7688, so delete one of them.
Signed-off-by: Jack Chen <redchenjs@live.com>
(cherry picked from commit 4be271a4)

CONFIG_PINCTRL_SUN4I_A10 controls both the A10 and the A20 enablong of
the pinctrl driver, this is necessary since upstream commit
5d8d349618a9464714c07414c5888bfd9416638f ("pinctrl: sunxi: add A20
support to A10 driver") which has been included in v4.13 and onwards.

Fixes: ad2b3bf3

 ("sunxi: Add support for kernel 4.14")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
(cherry picked from commit 32e4eaef)

Refreshed all patches.

Compile-tested on: lantiq
Runtime-tested on: lantiq
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

Refreshed all patches.

Compile-tested on: ramips
Runtime-tested on: ramips
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

The button events "pressed" and "released" were switched. Tested with v18.06.4.
Signed-off-by: Moritz Warning <moritzwarning@web.de>
(cherry picked from commit 3e1325b2)

commit e09da016 ("ar71xx: fix Mikrotik board detection")
was generated based on testing a rb-912 board, on which detection failed.

Testing on more hardware shows something fun:

machine	: MikroTik RouterBOARD 922UAGS-5HPacD
machine	: Mikrotik RouterBOARD 912UAG-5HPnD

Both lowercase and uppercase are used.
So ensure we support both now ..

Fixes: e09da016

 ("ar71xx: fix Mikrotik board detection")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 845b2a1c)

Fix a typo in the machine type being extracted from /proc/cpuinfo
which causes all Mikrotik board to be undetected properly.

This lead to sysupgrade issues and probably some others too.

Fixes: acf2b6c8

 ("ar71xx: base-files: fix board detect on new MikroTik devices")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit e09da016)

Move all MikroTik devices to new function to increase script execution
speed.

Machine name in new version of MikroTik RouterBOARD devices add "RB"
before model name:

 Old machine name: MikroTik RouterBOARD 951Ui-2nD
 New:              MikroTik RouterBOARD RB951Ui-2nD

So this patch should fix it for all currently supported MikroTik boards.
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
[rebased,commit message facelift,script fixes]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[spotted missing 922UAGS-5HPacD]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit acf2b6c8

)
[backport: do not add boards not supported in 18.06]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>