- Sep 17, 2018
-
-
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
-
- Aug 16, 2018
-
-
Jo-Philipp Wich authored
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
-
Jo-Philipp Wich authored
41333ab uci: tighten uci reorder operation error handling f91751b uci: tighten uci delete operation error handling c2c612b uci: tighten uci set operation error handling 948bb51 uci: tighten uci add operation error handling 51980c6 uci: reject invalid section and option names Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 8c918072)
-
- Aug 15, 2018
-
-
Hauke Mehrtens authored
This fixes the following security problems: * CVE-2018-0732: Client DoS due to large DH parameter * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
-
Hauke Mehrtens authored
The following patch was integrated upstream: * target/linux/generic/backport-4.9/500-ext4-fix-check-to-prevent-initializing-reserved-inod.patch This fixes tries to work around the following security problems: * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
-
Hauke Mehrtens authored
The following patches were integrated upstream: * target/linux/ipq40xx/patches-4.14/050-0006-mtd-nand-qcom-Add-a-NULL-check-for-devm_kasprintf.patch * target/linux/mediatek/patches-4.14/0177-phy-phy-mtk-tphy-use-auto-instead-of-force-to-bypass.patch This fixes tries to work around the following security problems: * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
-
- Aug 13, 2018
-
-
Zoltan HERPAI authored
Mirror the package list from the 8M device profile to the 16M device profile. Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
-
Paul Wassi authored
In "brcm47xx: rework model detection" the file 01_detect was moved to 01_network, therefore also update the warning message in case everything fails. Signed-off-by: Paul Wassi <p.wassi@gmx.at>
-
- Aug 12, 2018
-
-
Hauke Mehrtens authored
The flash size of the ubnt2 and ubnt5 is limited and the images with LuCI are getting too big for these boards. Do not build images for these boards to make the complete build of this target not fail anymore. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
-
Hauke Mehrtens authored
The kernel image of the at91-q5xr5 is getting too bing now and this is breaking the build. Remove the image for the at91-q5xr5 from the build to at least build images for the other devices. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
-
- Aug 11, 2018
-
-
Yousong Zhou authored
Fixes segfault when parsing malformed delta lines Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (cherry picked from commit 3493c1cf)
-
Kabuli Chana authored
fix mcs rate for HT support 88W8997 protect rxringdone Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
-
- Aug 10, 2018
-
-
Luis Araneda authored
Add a temporary workaround to compile with glibc 2.28 as some constants were removed and others made private Signed-off-by: Luis Araneda <luaraneda@gmail.com>
-
Luis Araneda authored
Add a temporary workaround to compile with glibc 2.28 as some constants were removed and others made private Signed-off-by: Luis Araneda <luaraneda@gmail.com>
-
Koen Vandeputte authored
Refreshed all patches. Compile-tested on: cns3xxx, imx6, x86_64 Runtime-tested on: cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
-
Koen Vandeputte authored
Refreshed all patches. Delete upstreamed patch: - 100-tcp-add-tcp_ooo_try_coalesce-helper.patch Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
-
John Crispin authored
Unauthenticated EAPOL-Key decryption in wpa_supplicant Published: August 8, 2018 Identifiers: - CVE-2018-14526 Latest version available from: https://w1.fi/security/2018-1/ Vulnerability A vulnerability was found in how wpa_supplicant processes EAPOL-Key frames. It is possible for an attacker to modify the frame in a way that makes wpa_supplicant decrypt the Key Data field without requiring a valid MIC value in the frame, i.e., without the frame being authenticated. This has a potential issue in the case where WPA2/RSN style of EAPOL-Key construction is used with TKIP negotiated as the pairwise cipher. It should be noted that WPA2 is not supposed to be used with TKIP as the pairwise cipher. Instead, CCMP is expected to be used and with that pairwise cipher, this vulnerability is not applicable in practice. When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data field is encrypted using RC4. This vulnerability allows unauthenticated EAPOL-Key frames to be processed and due to the RC4 design, this makes it possible for an attacker to modify the plaintext version of the Key Data field with bitwise XOR operations without knowing the contents. This can be used to cause a denial of service attack by modifying GTK/IGTK on the station (without the attacker learning any of the keys) which would prevent the station from accepting received group-addressed frames. Furthermore, this might be abused by making wpa_supplicant act as a decryption oracle to try to recover some of the Key Data payload (GTK/IGTK) to get knowledge of the group encryption keys. Full recovery of the group encryption keys requires multiple attempts (128 connection attempts per octet) and each attempt results in disconnection due to a failure to complete the 4-way handshake. These failures can result in the AP/network getting disabled temporarily or even permanently (requiring user action to re-enable) which may make it impractical to perform the attack to recover the keys before the AP has already changes the group keys. By default, wpa_supplicant is enforcing at minimum a ten second wait time between each failed connection attempt, i.e., over 20 minutes waiting to recover each octet while hostapd AP implementation uses 10 minute default for GTK rekeying when using TKIP. With such timing behavior, practical attack would need large number of impacted stations to be trying to connect to the same AP to be able to recover sufficient information from the GTK to be able to determine the key before it gets changed. Vulnerable versions/configurations All wpa_supplicant versions. Acknowledgments Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU Leuven for discovering and reporting this issue. Possible mitigation steps - Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This can be done also on the AP side. - Merge the following commits to wpa_supplicant and rebuild: WPA: Ignore unauthenticated encrypted EAPOL-Key data This patch is available from https://w1.fi/security/2018-1/ - Update to wpa_supplicant v2.7 or newer, once available Signed-off-by: John Crispin <john@phrozen.org> (cherry picked from commit 19619485)
-
- Aug 09, 2018
-
-
Jo-Philipp Wich authored
This reverts commit fe90d148. The cherry pick does not apply cleanly to 18.06. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
-
Stijn Tintel authored
They're already in linux.git, so they shouldn't be in pending. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 14b6c725)
-
Stijn Tintel authored
The previous round of fixes for the 82574 chip cause an issue with emulated e1000e devices in VMware ESXi 6.5. It also contains changes that are not strictly necessary. These patches fix the issues introduced in the previous series, revert the unnecessary changes to avoid unforeseen fallout, and avoid a case where interrupts can be missed. The final two patches of this series are already in the kernel, so no need to include them here. Patchwork: https://patchwork.ozlabs.org/cover/881776/ Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit ef025e64)
-
- Aug 08, 2018
-
-
Zoltan HERPAI authored
* New upstream microcode data file 20180703 + Updated Microcodes: sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432 sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456 sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360 sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408 sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792 sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408 sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672 sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744 sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432 sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728 + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640 + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for: Sandybridge server, Ivy Bridge server, Haswell server, Skylake server, Broadwell server, a few HEDT Core i7/i9 models that are actually gimped server dies. Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
-
Hauke Mehrtens authored
This backports a fix for: * CVE-2018-0500 SMTP send heap buffer overflow See here for details: https://curl.haxx.se/docs/adv_2018-70a2.html Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
-
Hauke Mehrtens authored
5322f9d mbedtls: Fix setting allowed cipher suites e8a1469 mbedtls: Add support for a session cache Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
-
Hauke Mehrtens authored
Multiple security fixes * CVE-2018-0497 Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel * CVE-2018-0498 Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel Disable OFB block mode and XTS block cipher mode, added in 2.11.0. Disable Chacha20 and Poly1305 cryptographic primitives, added in 2.12.0 Patch the so version back to the original one, the API changes are looking no so invasive. The size of mbedtls increased a little bit: ipkg for mips_24kc before: 163.967 Bytes ipkg for mips_24kc after: 164.753 Bytes Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
-
Hauke Mehrtens authored
This make sit possible to store informations about a session and reuse it later. When used by a server it increases the time to create a new TLS session from about 1 second to less than 0.1 seconds. The size of the ipkg file increased by about 800 Bytes. ipkg for mips_24kc before: 163.140 Bytes ipkg for mips_24kc after: 163.967 Bytes Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
-
Daniel Engberg authored
Clean up patch, use "//" consistently. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
-
Hauke Mehrtens authored
This makes mbedtls use the POSIX API directly and not use the own abstraction layer. The size of the ipkg decreased by about 100 bytes. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
-
Jo-Philipp Wich authored
The 4.4 version hash was accidentally reintroduced while rebasing the master commit, remove it again. Fixes ca3174e4 ("kernel: bump 4.9 to 4.9.118") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
-
Jo-Philipp Wich authored
Backport an upstream fix for a remotely exploitable TCP denial of service flaw in Linux 4.9+. The fixes are included in Linux 4.14.59 and later but did not yet end up in version 4.9.118. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit fefe1da4)
-
Koen Vandeputte authored
Refreshed all patches. Compile-tested on: cns3xxx, imx6, x86_64 Runtime-tested on: cns3xxx, imx6, x86_64 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (backported from commit 7a254aee)
-
Koen Vandeputte authored
Refreshed all patches. Compile-tested on: ar71xx Runtime-tested on: ar71xx Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (backported from commit f7036a34)
-
John Crispin authored
This reverts commit 1e5bd42d. this has already treacled down with the latest kernel bump Signed-off-by: John Crispin <john@phrozen.org>
-
John Crispin authored
this is now part of generic Signed-off-by: John Crispin <john@phrozen.org> (cherry picked from commit 5f5d8128)
-
John Crispin authored
this feature has never worked, the fw image name was not passed and the -t parameter was missing in the tool invocation. drop the feature. Signed-off-by: John Crispin <john@phrozen.org> (cherry picked from commit 5e1b4c57)
-
Eneas U de Queiroz authored
The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. This reduces build time significantly. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> (cherry picked from commit 26dbf79f)
-
Pawel Dembicki authored
In boards with fdt is impossible to use kmod-w1-gpio-custom. w1-gpio-custom create platform structure for w1-gpio module, but if board use fdt, data is ignored in w1-gpio probe. This workaround fix the problem. Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com> (cherry picked from commit aa5838ad)
-
Masashi Honma authored
The sierra_net driver is using proto_directip_setup for setup. So use proto_directip_teardown for teardown. Signed-off-by: Masashi Honma <masashi.honma@gmail.com> (cherry picked from commit d05967ba)
-
Lukas Mrtvy authored
'In different versions of coreboot are different names of apu boardname. No need to check boardname to load module.' Signed-off-by: Lukas Mrtvy <lukas.mrtvy@gmail.com> (cherry picked from commit f21bcb4d)
-
Christian Schoenebeck authored
Override the default shutdown action (stop) and close all processes of dropbear Since commit 498fe852, the stop action only closes the process that's listening for new connections, maintaining the ones with existing clients. This poses a problem when restarting or shutting-down a device, because the connections with existing SSH clients, like OpenSSH, are not properly closed, causing them to hang. This situation can be avoided by closing all dropbear processes when shutting-down the system, which closes properly the connections with current clients. Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> [Luis: Rework commit message] Signed-off-by: Luis Araneda <luaraneda@gmail.com> (cherry picked from commit 1e177844)
-
Lukáš Mrtvý authored
'In different versions of coreboot are different names of apu boardname. No need to check boardname to load module.' Signed-off-by: Lukáš Mrtvý <lukas.mrtvy@gmail.com> (cherry picked from commit d3b8e6b2)
-