staging/dedeckeh/package, branch masterStaging tree of dedeckehhttps://git.openwrt.org/openwrt/staging/dedeckeh/atom?h=master2023-04-29T10:33:44Zopenssl: fix low-severity CVE-2023-12552023-04-29T10:33:44ZEneas U de Queiroz2023-04-26T11:35:23Zurn:sha1:1c5cafa3ebcb6427e95f221eec3ffe27bc7a76c9
This applies commit 02ac9c94 to fix this OpenSSL Security Advisory
issued on 20th April 2023[1]:
Input buffer over-read in AES-XTS implementation on 64 bit ARM
(CVE-2023-1255)
==============================================================
Severity: Low
Issue summary: The AES-XTS cipher decryption implementation for 64 bit
ARM platform contains a bug that could cause it to read past the input
buffer, leading to a crash.
Impact summary: Applications that use the AES-XTS algorithm on the 64
bit ARM platform can crash in rare circumstances. The AES-XTS algorithm
is usually used for disk encryption.
The AES-XTS cipher decryption implementation for 64 bit ARM platform
will read past the end of the ciphertext buffer if the ciphertext size
is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the
memory after the ciphertext buffer is unmapped, this will trigger a
crash which results in a denial of service.
If an attacker can control the size and location of the ciphertext
buffer being decrypted by an application using AES-XTS on 64 bit ARM,
the application is affected. This is fairly unlikely making this issue a
Low severity one.
1. https://www.openssl.org/news/secadv/20230420.txt
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
kernel: crypto: crypto-rng: select SHA512 for >= 5.14.02023-04-29T10:30:30ZGlen Huang2023-04-26T14:38:24Zurn:sha1:e1c0bda3fc9a01c461591864bd0163b052b5783d
drbg swtiched to use HMAC(SHA-512) since 5.14.0
https://github.com/torvalds/linux/commit/5261cdf457ce3635bf18d393a3c1991dcfaf9d02
Signed-off-by: Glen Huang <me@glenhuang.com>
broadcom-sprom: update to latest version2023-04-27T15:46:12ZÁlvaro Fernández Rojas2023-04-27T15:46:12Zurn:sha1:1e8b318ebe72d2c865b140f8075583fcda22783d
Replaces SPROMs with the ones from bmips fixups to prevent errors such as:
https://github.com/openwrt/openwrt/pull/11474#issuecomment-1524235591
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
busybox: turn on BUSYBOX_DEFAULT_ASH_RANDOM_SUPPORT for having $RANDOM2023-04-25T20:01:20ZIlario Gelmetti2023-04-23T14:23:45Zurn:sha1:8f427f1a058dd5dcff21246a9a6d91318f55f80a
$RANDOM shell variable is a convenient way for getting a random number from 0 to 32767
Signed-off-by: Ilario Gelmetti <iochesonome@gmail.com>
busybox: Activate resize tool by default2023-04-25T20:00:03ZHauke Mehrtens2023-04-23T10:24:22Zurn:sha1:fca966aab2d5b353c7491a5a75df479506cd830f
The resize tool will resize the prompt to match the current terminal
size. This is helpful when connecting to the system using UART to make
the vi or top output match the current terminal size.
This increases the busybox binary size by 136 bytes and the ipkg size by
335 bytes on aarch64.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
ath79: add support for Alcatel HH40V2023-04-23T17:32:18ZAndreas Böhler2023-04-01T19:57:22Zurn:sha1:097f350aebc542963c7208af4973ff17e01ce76e
The Alcatel HH40V is a CAT4 LTE router used by various ISPs.
Specifications
==============
SoC: QCA9531 650MHz
RAM: 128MiB
Flash: 32MiB SPI NOR
LAN: 1x 10/100MBit
WAN: 1x 10/100MBit
LTE: MDM9607 USB 2.0 (rndis configuration)
WiFi: 802.11n (SoC integrated)
MAC address assignment
======================
There are three MAC addresses stored in the flash ROM, the assignment
follows stock. The MAC on the label is the WiFi MAC address.
Installation (TFTP)
===================
1. Connect serial console
2. Configure static IP to 192.168.1.112
3. Put OpenWrt factory.bin file as firmware-system.bin
4. Press Power + WPS and plug in power
5. Keep buttons pressed until TFTP requests are visible
6. Wait for the system to finish flashing and wait for reboot
7. Bootup will fail as the kernel offset is wrong
8. Run "setenv bootcmd bootm 0x9f150000"
9. Reset board and enjoy OpenWrt
Installation (without UART)
===========================
Installation without UART is a bit tricky and requires several steps too
long for the commit message. Basic steps:
1. Create configure backup
2. Patch backup file to enable SSH
3. Login via SSH and configure the new bootcmd
3. Flash OpenWrt factory.bin image manually (sysupgrade doesn't work)
More detailed instructions will be provided on the Wiki page.
Tested by: Christian Heuff <christian@heuff.at>
Signed-off-by: Andreas Böhler <dev@aboehler.at>
hostapd: update to 2023-03-292023-04-22T21:18:15ZNick Hainke2023-03-13T18:35:49Zurn:sha1:304423a4ff841129f1b6b7504c83dd11c1f71c84
Add patches:
- 170-wpa_supplicant-fix-compiling-without-IEEE8021X_EAPOL.patch
Remove upstreamed:
- 170-DPP-fix-memleak-of-intro.peer_key.patch
- 461-driver_nl80211-use-new-parameters-during-ibss-join.patch
- 800-acs-don-t-select-indoor-channel-on-outdoor-operation.patch
- 992-openssl-include-rsa.patch
Automatically refreshed:
- 011-mesh-use-deterministic-channel-on-channel-switch.patch
- 021-fix-sta-add-after-previous-connection.patch
- 022-hostapd-fix-use-of-uninitialized-stack-variables.patch
- 030-driver_nl80211-rewrite-neigh-code-to-not-depend-on-l.patch
- 040-mesh-allow-processing-authentication-frames-in-block.patch
- 050-build_fix.patch
- 110-mbedtls-TLS-crypto-option-initial-port.patch
- 120-mbedtls-fips186_2_prf.patch
- 140-tests-Makefile-make-run-tests-with-CONFIG_TLS.patch
- 150-add-NULL-checks-encountered-during-tests-hwsim.patch
- 160-dpp_pkex-EC-point-mul-w-value-prime.patch
- 200-multicall.patch
- 300-noscan.patch
- 310-rescan_immediately.patch
- 330-nl80211_fix_set_freq.patch
- 341-mesh-ctrl-iface-channel-switch.patch
- 360-ctrl_iface_reload.patch
- 381-hostapd_cli_UNKNOWN-COMMAND.patch
- 390-wpa_ie_cap_workaround.patch
- 410-limit_debug_messages.patch
- 420-indicate-features.patch
- 430-hostapd_cli_ifdef.patch
- 450-scan_wait.patch
- 460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
- 463-add-mcast_rate-to-11s.patch
- 465-hostapd-config-support-random-BSS-color.patch
- 500-lto-jobserver-support.patch
- 590-rrm-wnm-statistics.patch
- 710-vlan_no_bridge.patch
- 720-iface_max_num_sta.patch
- 730-ft_iface.patch
- 750-qos_map_set_without_interworking.patch
- 751-qos_map_ignore_when_unsupported.patch
- 760-dynamic_own_ip.patch
- 761-shared_das_port.patch
- 990-ctrl-make-WNM_AP-functions-dependant-on-CONFIG_AP.patch
Manually refresh:
- 010-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch
- 301-mesh-noscan.patch
- 340-reload_freq_change.patch
- 350-nl80211_del_beacon_bss.patch
- 370-ap_sta_support.patch
- 380-disable_ctrl_iface_mib.patch
- 464-fix-mesh-obss-check.patch
- 470-survey_data_fallback.patch
- 600-ubus_support.patch
- 700-wifi-reload.patch
- 711-wds_bridge_force.patch
- 740-snoop_iface.patch
Tested-by: Packet Please <pktpls@systemli.org> [Fritzbox 4040 (ipq40xx),
EAP225-Outdoor (ath79); 802.11s, WPA3 OWE, and WPA3 PSK]
Tested-by: Andrew Sim <andrewsimz@gmail.com> [mediatek/filogic]
Signed-off-by: Nick Hainke <vincent@systemli.org>
mac80211: b43: only enable bcma or ssb on bmips2023-04-23T10:18:36ZÁlvaro Fernández Rojas2023-04-20T08:28:04Zurn:sha1:77d85a1bd32454acd216ef2408fd99903b7b7d8f
By default both kmod-bcma and kmod-ssb are selected by kmod-b43.
However, only one of both modules is needed for bmips subtargets:
- bcma: bcm6318, bcm6328, bcm6362, bcm63268
- ssb: bcm6358, bcm6368
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
kernel: add bcma/ssb fallback SPROM support2023-04-23T10:18:35ZÁlvaro Fernández Rojas2023-04-20T07:58:03Zurn:sha1:e656bcbab0106aca52ec0b2db354c1336d39b3b3
This adds generic kernel support for Broadcom Fallback SPROMs so that it can be
used in any target, even non Broadcom ones.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
broadcom-sprom: add new package2023-04-23T10:18:35ZÁlvaro Fernández Rojas2023-04-20T07:54:55Zurn:sha1:876be833c7ba57aadd1ad8bbb81eba2fc6098098
This adds a new package with Broadcom SPROMs that can be used as fallback when
the devices lack physical SPROMs.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>