This patch fixes a corner case when using passwords that are exactly 64
characters in length with mesh mode or passwords longer than 63 characters
with SAE because 'psk' is used instead of 'sae_password'.
SAE is obligatory for 802.11s (mesh point).
The 'psk' option for hostapd is suited for WPA2 and enforces length
restrictions on passwords. Values of 64 characters are treated as PMKs.
With SAE, PMKs are always generated during the handshake and there are no
length restrictions.
The 'sae_password' option is more suited for SAE and should be used
instead.
Before this patch, the 'sae_password' option is only used with mesh mode
passwords that are not 64 characters long.
As a consequence:
- mesh passwords can't be 64 characters in length
- SAE only works with passwords with lengths >8 and <=63 (due to psk
limitation).
Fix this by always using 'sae_password' with SAE/mesh and applying the PMK
differentiation only when PSK is used.
Fixes: #11324
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
[ improve commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit ae751535de0cb46978bfcbacab882dd1082e59e3)
It's generally advised to use quotes for variable assignments in bash.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
(cherry picked from commit 3c10c42ddd4741615b896e1d429ac7d6e91a980f)
This patch is a revert of the upstream patch to Debian's ca-certificate
commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.")
The reason is, that this change broke builds with the popular
Ubuntu 20.04 LTS (focal) releases which are shipping with an
older version of the python3-cryptography package that is not
compatible.
|Traceback (most recent call last):
| File "certdata2pem.py", line 125, in <module>
| cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
|TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend'
|make[5]: *** [Makefile:6: all] Error 1
...or if the python3-cryptography was missing all together:
|Traceback (most recent call last):
| File "/certdata2pem.py", line 31, in <module>
| from cryptography import x509
|ModuleNotFoundError: No module named 'cryptography'
More concerns were raised by Jo-Philipp Wich:
"We don't want the build to depend on the local system time anyway.
Right now it seems to be just a warning but I could imagine that
eventually certs are simply omitted of found to be expired at
build time which would break reproducibility."
Link: <https://github.com/openwrt/openwrt/commit/7c99085bd697>
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 25bc66eb40ea2c062940778fba601032b2579734)
This driver is backported from the v6.0 which deals with
"linux,default-trigger" in leds core. For kernel 5.4 we need
leds-bcm63138 to read trigger on its own.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The hardware of Nokia A-040W-Q and RAISECOM MSG1500 X.00 are
exactly the same, both of which are customized by operators.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit 4f9b360f0b9a85202422ef07ee573eeca06d11ab)
RAISECOM MSG1500 X.00 is a 2.4/5 GHz band 11ac (Wi-Fi 5) router.
Apart from the general model, there are two ISP customized models:
China Mobile and China Telecom.
Specifications:
- SoC: Mediatek MT7621AT
- RAM: 256MiB DDR3
- Flash: 128MiB NAND
- Ethernet: 5 * 10/100/1000Mbps: 4 * LAN + 1 * WAN
- Switch: MediaTek MT7530 (SoC)
- WLAN: 1 * MT7615DN Dual-Band 2.4GHz 2T2R (400Mbps) 5GHz 2T2R (867Mbps)
- USB: 1 * USB 2.0 port
- Button: 1 * RESET button, 1 * WPS button, 1 * WIFI button
- LED: blue color: POWER, WAN, WPS, 2.4G, 5G, LAN1, LAN2, LAN3, LAN4, USB
- UART: 1 * serial port header (4-pin)
- Power: DC 12V, 1A
- Switch: 1 * POWER switch
MAC addresses as verified by vendor firmware:
use address source
LAN C8:XX:XX:3A:XX:E7 Config "protest_lan_mac" ascii (label)
WAN C8:XX:XX:3A:XX:EA Config "protest_wan_mac" ascii
5G C8:XX:XX:3A:XX:E8 Factory "0x4" hex
2.4G CA:XX:XX:4A:XX:E8 [not on flash]
The increment of the 4th byte for the 2.4g address appears to vary.
Reported cases:
5g 2.4g increment
C8:XX:XX:90:XX:C3 CA:XX:XX:C0:XX:C3 0x30
C8:XX:XX:3A:XX:08 CA:XX:XX:4A:XX:08 0x10
C8:XX:XX:3A:XX:E8 CA:XX:XX:4A:XX:E8 0x10
Since increment is inconsistent and there is no obvious pattern
in swapping bytes, and the 2.4g address has local bit set anyway,
it seems safer to use the LAN address with flipped byte here in
order to prevent collisions between OpenWrt devices and OEM devices
for this interface. This way we at least use an address as base
that is definitely owned by the device at hand.
Notes:
1. The vendor firmware allows you to connect to the router by telnet.
(known version 1.0.0 can open telnet.)
There is no official binary firmware available.
Backup the important partitions data:
"Bootloader", "Config", "Factory", and "firmware".
Note that with the vendor firmware the memory is detected only 128MiB
and the last 512KiB in NAND flash is not used.
2. The POWER LED is default on after press POWER switch.
The WAN and LAN1 - 4 LEDs are wired to ethernet switch.
The WPS LED is controlled by MT7615DN's GPIO.
Currently there is no proper way to configure it.
3. At the time of adding support the wireless config needs to be set up
by editing the wireless config file:
* Setting the country code is mandatory, otherwise the router loses
connectivity at the next reboot. This is mandatory and can be done
from luci. After setting the country code the router boots correctly.
A reset with the reset button will fix the issue and the user has to
reconfigure.
* This is minor since the 5g interface does not come up online although
it is not set as disabled. 2 options here:
1- Either run the "wifi" command. Can be added from LuCI in system -
startup - local startup and just add wifi above "exit 0".
2- Or add the serialize option in the wireless config file as shown
below. This one would work and bring both interfaces automatically
at every boot:
config wifi-device 'radio0'
option serialize '1'
config wifi-device 'radio1'
option serialize '1'
Flash instructions using initramfs image:
1. Press POWER switch to power down if the router is running.
2. Connect PC to one of LAN ports, and set
static IP address to "10.10.10.2", netmask to "255.255.255.0",
and gateway to "10.10.10.1" manually on the PC.
3. Push and hold the WIFI button, and then power up the router.
After about 10s (or you can call the recovery page, see "4" below)
you can release the WIFI button.
There is no clear indication when the router
is entering or has entered into "RAISECOM Router Recovery Mode".
4. Call the recovery page for the router at "http://10.10.10.1".
Keep an eye on the "WARNING!! tip" of the recovery page.
Click "Choose File" to select initramfs image, then click "Upload".
5. If image is uploaded successfully, you will see the page display
"Device is upgrading the firmware... %".
Keep an eye on the "WARNING!! tip" of the recovery page.
When the page display "Upgrade Successfully",
you can set IP address as "automatically obtain".
6. After the rebooting (PC should automatically obtain an IP address),
open the SSH connection, then download the sysupgrade image
to the router and perform sysupgrade with it.
Flash back to vendor firmware:
See "Flash instructions 1 - 5" above.
The only difference is that in step 4
you should select the vendor firmware which you backup.
Signed-off-by: Liangkuan Yang <ylk951207@gmail.com>
(cherry picked from commit bc7d36ba3a43bc3bc4eeab6ea127032aba3e1f4e)
The kmod-mt7615-common package does not contain any code that
related to mt7915e Wi-Fi6 driver, so remove it.
Tested on ramips/mt7621: SIM SIMAX1800T
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit 3410f010a20a60e9fc47a280fdfdc2dc8fa0e447)
It's not just required for the PCI version, but for USB and presumably
SDIO as well.
Tested with 0e8d:7961 Comfast CF-953AX (MT7921AU).
Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit 6f729163b18fb5860f1aa5a5a0c8861a8e3f53ad)
There is a mr25h256 spi flash on this machine. From the mtd backup
of the stock firmware, this spi flash is empty.
[ 3.652745] spi_qup 1a280000.spi: IN:block:16, fifo:64, OUT:block:16,
fifo:64
[ 3.653925] spi-nor spi0.0: mr25h256 (32 Kbytes)
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit eee41e33eca2f860724bceda3f36ea2e30149ef0)
The problem has been fixed in f47cb405cafd ("ipq806x: fix pci broken
on bootm command"), now the pcie part can be written in the usual way.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
Reviewed-by: Ansuel Smith <ansuelsmth@gmail.com>
(cherry picked from commit 269758a5bcea1376d037dfea62f161ff8562e489)
This adds support for the Askey RT4230W REV6
(Branded by Spectrum/Charter as RAC2V1K)
At this time, there's no way to reinstall the stock firmware so don't install
this on a router that's being rented.
Specifications:
Qualcomm IPQ8065
1 GB of RAM (DDR3)
512 MB Flash (NAND)
2x Wave 2 WiFi cards (QCA9984)
5x 10/100/1000 Mbps Ethernet (Switch: QCA8337)
1x LED (Controlled by a microcontroller that switches it between red and
blue with different patterns)
1x USB 3.0 Type-A
12V DC Power Input
UART header on PCB - pinout from top to bottom is RX, TX, GND, 5V
Port settings are 115200n8
More information: https://forum.openwrt.org/t/askey-rac2v1k-support/15830https://deviwiki.com/wiki/Askey_RAC2V1K
To check what revision your router is, restore one of these config backups
through the stock firmware to get ssh access then run
"cat /proc/device-tree/model".
https://forum.openwrt.org/t/askey-rac2v1k-support/15830/17
The revision number on the board doesn't seem to be very consistent so that's
why this is needed. You can also run printenv in the uboot console and if
machid is set to 177d, that means your router is rev6.
Note: Don't install this if the router is being rented from an ISP. The defined
partition layout is different from the OEM one and even if you changed the
layout to match, backing up and restoring the OEM firmware breaks /overlay so
nothing will save and the router will likely enter a bootloop.
How to install:
Method 1: Install without opening the case using SSH and tftp
You'll need:
RAC2V1K-SSH.zip:
https://github.com/lmore377/openwrt-rt4230w/blob/master/RAC2V1K-SSH.zip
initramfs and sysupgrade images
Connect to one of the router's LAN ports
Download the RAC2V1K-SSH.zip file and restore the config file that
corresponds to your router's firmware (If you're firmware is newer than what's
in the zip file, just restore the 1.1.16 file)
After a reboot, you should be able to ssh into the router with username:
"4230w" and password: "linuxbox" or "admin". Run the following commannds
fw_setenv ipaddr 10.42.0.10 #IP of router, can be anything as long as
it's in the same subnet as the server
fw_setenv serverip 10.42.0.1# #IP of tftp server that's set up in next
steps
fw_setenv bootdelay 8
fw_setenv bootcmd "tftpboot initramfs.bin; bootm; bootipq"
Don't reboot the router yet.
Install and set up a tftp server on your computer
Set a static ip on the ethernet interface of your computer (use this for
serverip in the above commands)
Rename the initramfs image to initramfs.bin, and host it with the tftp
server
Reboot the router. If you set up everything right, the router led should
switch over to a slow blue glow which means openwrt is booted. If for some
reason the file doesn't get loaded into ram properly, it should still boot to
the OEM firmware.
After openwrt boots, ssh into it and run these commands:
fw_setenv bootcmd "setenv mtdids nand0=nand0 && setenv mtdparts
mtdparts=nand0:0x1A000000@0x2400000(firmware) && ubi part firmware && ubi
read 0x44000000 kernel 0x6e0000 && bootm"
fw_setenv bootdelay 2
After openwrt boots up, figure out a way to get the sysupgrade file onto it
(scp, custom build with usb kernel module included, wget, etc.) then flash it
with sysupgrade. After it finishes flashing, it should reboot, the light should
start flashing blue, then when the light starts "breathing" blue that means
openwrt is booted.
Method 2: Install with serial access (Do this if something fails and you can't
boot after using method 1)
You'll need:
initramfs and sysupgrade images
Serial access:
https://openwrt.org/inbox/toh/askey/askey_rt4230w_rev6#opening_the_case
Install and set up a tftp server
Set a static ip on the ethernet interface of your computer
Download the initramfs image, rename it to initramfs.bin, and host it with
the tftp server
Connect the wan port of the router to your computer
Interrupt U-Boot and run these commands:
setenv serverip 10.42.0.1 (You can use whatever ip you set for the computer)
setenv ipaddr 10.42.0.10 (Can be any ip as long as it's in the same subnet)
setenv bootcmd "setenv mtdids nand0=nand0 &&
set mtdparts mtdparts=nand0:0x1A000000@0x2400000(firmware) && ubi part firmware
&& ubi read 0x44000000 kernel 0x6e0000 && bootm"
saveenv
tftpboot initramfs.bin
bootm
After openwrt boots up, figure out a way to get the sysupgrade file onto it
(scp, custom build with usb kernel module included, wget, etc.) then flash it
with sysupgrade. After it finishes flashing, it should reboot, the light should
start flashing blue, then when the light starts "breathing" blue that means
openwrt is booted.
Signed-off-by: Lauro Moreno <lmore377@gmail.com>
[add entry in 5.10 patch, fix whitespace issues]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit da8428d277cd3373b05330cb3b4f93aef717c5ab)
Commit f4a79148f8cb ("ramips: add support for ipTIME AX2004M") was
reverted due to KERNEL_LOADADDR leakage, and it seems the problem can be
mitigated by moving the variable definition into Device/Default. By this,
KERNEL_LOADADDR redefined in a device recipe will not be leaked into the
subsequent device recipes anymore and thus will remain as a per-device
variable.
Ref: cd6a6e3030ff ("Revert "ramips: add support for ipTIME AX2004M"")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 09f383465e0780cf285a02704eb30f1c3d88aa4b)
1. Explicitly declare gpio pin groups to ensure that gpio works properly.
2. Override bootargs in device tree to avoid modifying u-boot envs during
initial installation.
Tested on H3C TX1801 Plus
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit a7d8b54f86f572409b40c7ab4ad3982a1eabfdfe)
Background radar detection is not supported on devices that
using MT7905, so disable this feature in the following devices:
asus,rt-ax53u
jcg,q20
tplink,eap615-wall-v1
xiaomi,mi-router-cr6606
xiaomi,mi-router-cr6608
xiaomi,mi-router-cr6609
yuncore,ax820
Devices with MT7915 lacking a DFS antenna also do not support
background DFS:
totolink,x5000r
cudy,x6
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit 6cbcc34f50a3280f5897a86d69225c081711ca24)
This update mac80211 to version 5.10.168-1. This includes multiple
bugfixes. Some of these bugfixes are fixing security relevant bugs.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
*) Fixed X.400 address type confusion in X.509 GeneralName.
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
vulnerability may allow an attacker who can provide a certificate chain and
CRL (neither of which need have a valid signature) to pass arbitrary
pointers to a memcmp call, creating a possible read primitive, subject to
some constraints. Refer to the advisory for more information. Thanks to
David Benjamin for discovering this issue. (CVE-2023-0286)
This issue has been fixed by changing the public header file definition of
GENERAL_NAME so that x400Address reflects the implementation. It was not
possible for any existing application to successfully use the existing
definition; however, if any application references the x400Address field
(e.g. in dead code), note that the type of this field has changed. There is
no ABI change.
[Hugo Landau]
*) Fixed Use-after-free following BIO_new_NDEF.
The public API function BIO_new_NDEF is a helper function used for
streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
be called directly by end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1
filter BIO onto the front of it to form a BIO chain, and then returns
the new head of the BIO chain to the caller. Under certain conditions,
for example if a CMS recipient public key is invalid, the new filter BIO
is freed and the function returns a NULL result indicating a failure.
However, in this case, the BIO chain is not properly cleaned up and the
BIO passed by the caller still retains internal pointers to the previously
freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
then a use-after-free will occur. This will most likely result in a crash.
(CVE-2023-0215)
[Viktor Dukhovni, Matt Caswell]
*) Fixed Double free after calling PEM_read_bio_ex.
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
data. If the function succeeds then the "name_out", "header" and "data"
arguments are populated with pointers to buffers containing the relevant
decoded data. The caller is responsible for freeing those buffers. It is
possible to construct a PEM file that results in 0 bytes of payload data.
In this case PEM_read_bio_ex() will return a failure code but will populate
the header argument with a pointer to a buffer that has already been freed.
If the caller also frees this buffer then a double free will occur. This
will most likely lead to a crash.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
internal uses of these functions are not vulnerable because the caller does
not free the header argument if PEM_read_bio_ex() returns a failure code.
(CVE-2022-4450)
[Kurt Roeckx, Matt Caswell]
*) Fixed Timing Oracle in RSA Decryption.
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA padding
modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
(CVE-2022-4304)
[Dmitry Belyavsky, Hubert Kario]
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 4ae86b3358a149a17411657b12103ccebfbdb11b)
The original commit removed the upstreamed patch 010-padlock.patch, but
it's not on OpenWrt 21.02, so it doesn't have to be removed.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
fixes the problem that the banana pi m2 berry cannot connect to wifi and cannot be used as an access point
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit ff2bb16730f629d54bde8ba85c75d8614741e3fd)
Signed-off-by: LizenzFass78851 <82592556+LizenzFass78851@users.noreply.github.com>
