Re: [OpenWrt-Devel] Right 02_network script for DSA switched boards (v4.19)

2018-10-14 Thread John Crispin 


On 14/10/2018 23:25, Linus Walleij wrote:

On Sun, Oct 14, 2018 at 10:47 PM Hauke Mehrtens  wrote:


There is a typo in your script, it should be
ucidef_set_interfaces_lan_wan, with an s and not
ucidef_set_interface_lan_wan.

Yeah I noticed too, thanks. I'm still experimenting with it.
Is there another DSA switched device I can look at for
inspiration?

Yours,
Linus Walleij



Hi Linus

target/linux/mediatek uses DSA

    John




___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH][master and 18.06] apm821xx: wndr4700: restore sd-card media detection

2018-10-14 Thread Christian Lamparter 
This was not converted to the new, dt-based board name.

Fixes: e90dc8d2722 ("apm821xx: convert to device-tree board detection")
Signed-off-by: Christian Lamparter 
---
 target/linux/apm821xx/base-files/etc/rc.button/BTN_1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/target/linux/apm821xx/base-files/etc/rc.button/BTN_1 
b/target/linux/apm821xx/base-files/etc/rc.button/BTN_1
index c011c85753..5ecf346b53 100755
--- a/target/linux/apm821xx/base-files/etc/rc.button/BTN_1
+++ b/target/linux/apm821xx/base-files/etc/rc.button/BTN_1
@@ -4,7 +4,7 @@
 
 BOARD=$(board_name)
 
-if [ $BOARD == "wndr4700" ]; then
+if [ $BOARD == "netgear,wndr4700" ]; then
case "$ACTION" in
released)
rmmod dwc2
-- 
2.19.1


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [RFC PATCH 0/2] wpad basic variant

2018-10-14 Thread Hauke Mehrtens 
On 10/12/2018 05:26 PM, Kevin Darbyshire-Bryant wrote:
> Peoples!
> 
> I've had these two commits lurking in my tree for ages, never having
> quite got the courage up to commit the darn things as I feel well out of
> my depth & comfort zone.
> 
> They're as a result of https://patchwork.ozlabs.org/patch/916121/ which
> I've had assigned to me for an equally long time.
> 
> There were concerns about the size increase by support 11r & 11w which
> prompted the idea of generating a 'wpad-basic' variant for the tiny
> targets with limited flash space and adding a whizbang special effects
> to the normal variant.
> 
> I'd like to keep that very nice Mr Woodhouse happy, and was/am going to
> discuss this at the conference to get some help/advice etc, but it's
> probably best to send this in now so people can formulate a response in
> advance.
> 
> Help, guidance appreciated shouting less so but if need be :-)
> 
> Kevin

I already though about something similar.
But when I look at all the different build variants we have I think this
is too much, it confuses me.
I think we have 3 classes of devices 4MB flash, 8MB flash and 16MB+ flash.
I would use two variants with openssl and wolfssl which supports
everything, so the full variant which then also includes MESH and P2P.
There we probably only need wpad and not wpa_supplicant and hostapd.

Then the bigger question is what do we need on the constrained devices?

Hauke



signature.asc
Description: OpenPGP digital signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] Right 02_network script for DSA switched boards (v4.19)

2018-10-14 Thread Hauke Mehrtens 
On 10/14/2018 11:25 PM, Linus Walleij wrote:
> On Sun, Oct 14, 2018 at 10:47 PM Hauke Mehrtens  wrote:
> 
>> There is a typo in your script, it should be
>> ucidef_set_interfaces_lan_wan, with an s and not
>> ucidef_set_interface_lan_wan.
> 
> Yeah I noticed too, thanks. I'm still experimenting with it.
> Is there another DSA switched device I can look at for
> inspiration?
> 
> Yours,
> Linus Walleij
> 

That was more or less the only change I did when I tried DSA on the
lantiq target.

The Turris Omnia uses DSA:
https://git.openwrt.org/9f3f61a0d968fbe7b93899f948f3c34612683ba6
And some other targets, I just greped for CONFIG_NET_DSA to find the
other target.

We are still missing a script to convert a swconfig configuration to a
bridge configuration for DSA.

Hauke



signature.asc
Description: OpenPGP digital signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] Right 02_network script for DSA switched boards (v4.19)

2018-10-14 Thread Linus Walleij 
On Sun, Oct 14, 2018 at 10:47 PM Hauke Mehrtens  wrote:

> There is a typo in your script, it should be
> ucidef_set_interfaces_lan_wan, with an s and not
> ucidef_set_interface_lan_wan.

Yeah I noticed too, thanks. I'm still experimenting with it.
Is there another DSA switched device I can look at for
inspiration?

Yours,
Linus Walleij

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] Right 02_network script for DSA switched boards (v4.19)

2018-10-14 Thread Hauke Mehrtens 
On 10/13/2018 08:31 PM, Linus Walleij wrote:
> Hi,
> 
> I'm having trouble figuring out how to get a proper DSA switch
> up with a 02_network script. NB: this is on a newer kernel
> v4.19+patches just using DSA for the switches, no switchdev!
> 
> These platforms (gemini) have eth0 and eth1, sometimes LAN
> is on eth1 and WAN on eth0 to complicate things.
> I used to ifconfig everything in place.
> 
> The below mostly get things right at bootstrap, so eth1 comes
> up as LAN (192.168.1.1) and eth0 as WAN.
> 
> But it does not bring the DSA child interfaces online ("lan1"
> thru "lan4" and "wan"). I can do it manually of course. But that
> is not very good for a default install :(
> 
> Any hints for how to make the DSA children go online
> automatically after eth0/eth1 (the CPU ports) come online?
> 
> #!/bin/sh
> 
> . /lib/functions/uci-defaults.sh
> 
> board_config_update
> 
> board=$(board_name)
> 
> case "$board" in
> storlink,gemini324)
>   # These are all connected to eth1 thru VSC7385
> ucidef_set_interface_lan_wan "lan1 lan2 lan3 lan4" "eth0"
> ;;
> itian,sq201)
> # These are all connected to eth1 thru VSC7395x
> ucidef_set_interface_lan_wan "lan1 lan2 lan3 lan4" "eth0"
> ;;
> dlink,dir-685)
> # These are all connected to eth0 thru RTL8366RB
> ucidef_set_interface_lan_wan "lan0 lan1 lan2 lan3" "wan"
> ;;
> esac
> 
> exit 0
> 
> Yours,
> Linus Walleij

There is a typo in your script, it should be
ucidef_set_interfaces_lan_wan, with an s and not
ucidef_set_interface_lan_wan.

Hauke



signature.asc
Description: OpenPGP digital signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] patch: apply upstream cve fixes

2018-10-14 Thread Hauke Mehrtens 
On 10/14/2018 03:55 PM, Magnus Kroken wrote:
> Hi Russell, Kevin
> 
> On 14.10.2018 11:34, Russell Senior wrote:
>>
>> Apply two upstream patches to address two CVEs:
>>
>>   * CVE-2018-1000156
>>   * CVE-2018-6952
>>
>> Add PKG_CPE_ID to Makefile.
>>
>> Build tested on apm821xx and ar71xx.
>>
>> Signed-off-by: Russell Senior 
>> ---
>>   tools/patch/Makefile  |   2 +
>>   .../patch/patches/010-CVE-2018-1000156.patch  | 209 ++
>>   tools/patch/patches/020-CVE-2018-6952.patch   |  30 +++
>>   3 files changed, 240 insertions(+)
>>   create mode 100644 tools/patch/patches/010-CVE-2018-1000156.patch
>>   create mode 100644 tools/patch/patches/020-CVE-2018-6952.patch
> 
> This change causes tools/patch/compile to fail, with:
> 
> make[5]: Leaving directory
> '/var/lib/buildbot/slaves/slashdirt-02/MAIN/build/build_dir/host/patch-2.7.6/src'
> 
> Making all in tests
> make[5]: Entering directory
> '/var/lib/buildbot/slaves/slashdirt-02/MAIN/build/build_dir/host/patch-2.7.6/tests'
> 
>  cd .. && /usr/bin/env bash
> /var/lib/buildbot/slaves/slashdirt-02/MAIN/build/build_dir/host/patch-2.7.6/build-aux/missing
> automake-1.15 --gnu tests/Makefile
> /var/lib/buildbot/slaves/slashdirt-02/MAIN/build/build_dir/host/patch-2.7.6/build-aux/missing:
> line 81: automake-1.15: command not found
> WARNING: 'automake-1.15' is missing on your system.
>  You should only need it if you modified 'Makefile.am' or
>  'configure.ac' or m4 files included by 'configure.ac'.
>  The 'automake' program is part of the GNU Automake package:
>  
>  It also requires GNU Autoconf, GNU m4 and Perl in order to run:
>  
>  
>  
> Makefile:1361: recipe for target 'Makefile.in' failed
> 
> Making patch depend on automake allows patch to build successfully, but
> I'm not sure that's the correct fix. Looking casually at the changes in
> the tests/ directory that these CVE patches do, I don't immediately see
> why this pulls in automake.
> 
> I worked around this by:
> diff --git a/tools/Makefile b/tools/Makefile
> index 9a354f6c70..7a9abddad7 100644
> --- a/tools/Makefile
> +++ b/tools/Makefile
> @@ -76,7 +76,7 @@ $(curdir)/zlib/compile := $(curdir)/cmake/compile
>  $(curdir)/wrt350nv2-builder/compile := $(curdir)/zlib/compile
>  $(curdir)/lzma-old/compile := $(curdir)/zlib/compile
>  $(curdir)/make-ext4fs/compile := $(curdir)/zlib/compile
> -
> +$(curdir)/patch/compile := $(curdir)/automake/compile
>  ifneq ($(HOST_OS),Linux)
>    tools-y += coreutils
>  endif
> 
> 
> Regards
> /Magnus

This is fixed now in master.

It looks like make detects that test/Makefile.am was modified after
test/Makefile.in and then wants to run automake again, but that fails
because automake is not installed.

tools/Makefile adds a dependency to tools/patch/compile for every
package which has a patches directory, when you add
$(curdir)/patch/compile := $(curdir)/automake/compile
It ends up in circular dependencies and we get some other build errors.

I removed the changes to the test/ directory form the patch and then it
works.

Hauke



signature.asc
Description: OpenPGP digital signature
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [OpenWrt-Devel] [PATCH] patch: apply upstream cve fixes

2018-10-14 Thread Magnus Kroken 

Hi Russell, Kevin

On 14.10.2018 11:34, Russell Senior wrote:


Apply two upstream patches to address two CVEs:

  * CVE-2018-1000156
  * CVE-2018-6952

Add PKG_CPE_ID to Makefile.

Build tested on apm821xx and ar71xx.

Signed-off-by: Russell Senior 
---
  tools/patch/Makefile  |   2 +
  .../patch/patches/010-CVE-2018-1000156.patch  | 209 ++
  tools/patch/patches/020-CVE-2018-6952.patch   |  30 +++
  3 files changed, 240 insertions(+)
  create mode 100644 tools/patch/patches/010-CVE-2018-1000156.patch
  create mode 100644 tools/patch/patches/020-CVE-2018-6952.patch


This change causes tools/patch/compile to fail, with:

make[5]: Leaving directory 
'/var/lib/buildbot/slaves/slashdirt-02/MAIN/build/build_dir/host/patch-2.7.6/src'

Making all in tests
make[5]: Entering directory 
'/var/lib/buildbot/slaves/slashdirt-02/MAIN/build/build_dir/host/patch-2.7.6/tests'
 cd .. && /usr/bin/env bash 
/var/lib/buildbot/slaves/slashdirt-02/MAIN/build/build_dir/host/patch-2.7.6/build-aux/missing 
automake-1.15 --gnu tests/Makefile
/var/lib/buildbot/slaves/slashdirt-02/MAIN/build/build_dir/host/patch-2.7.6/build-aux/missing: 
line 81: automake-1.15: command not found

WARNING: 'automake-1.15' is missing on your system.
 You should only need it if you modified 'Makefile.am' or
 'configure.ac' or m4 files included by 'configure.ac'.
 The 'automake' program is part of the GNU Automake package:
 
 It also requires GNU Autoconf, GNU m4 and Perl in order to run:
 
 
 
Makefile:1361: recipe for target 'Makefile.in' failed

Making patch depend on automake allows patch to build successfully, but 
I'm not sure that's the correct fix. Looking casually at the changes in 
the tests/ directory that these CVE patches do, I don't immediately see 
why this pulls in automake.


I worked around this by:
diff --git a/tools/Makefile b/tools/Makefile
index 9a354f6c70..7a9abddad7 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -76,7 +76,7 @@ $(curdir)/zlib/compile := $(curdir)/cmake/compile
 $(curdir)/wrt350nv2-builder/compile := $(curdir)/zlib/compile
 $(curdir)/lzma-old/compile := $(curdir)/zlib/compile
 $(curdir)/make-ext4fs/compile := $(curdir)/zlib/compile
-
+$(curdir)/patch/compile := $(curdir)/automake/compile
 ifneq ($(HOST_OS),Linux)
   tools-y += coreutils
 endif


Regards
/Magnus

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] Merged: patch: apply upstream cve fixes

2018-10-14 Thread Kevin Darbyshire-Bryant 
Merged into my staging tree.
Thank you!


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

[OpenWrt-Devel] [PATCH] patch: apply upstream cve fixes

2018-10-14 Thread Russell Senior 


Apply two upstream patches to address two CVEs:

 * CVE-2018-1000156
 * CVE-2018-6952

Add PKG_CPE_ID to Makefile.

Build tested on apm821xx and ar71xx.

Signed-off-by: Russell Senior 
---
 tools/patch/Makefile  |   2 +
 .../patch/patches/010-CVE-2018-1000156.patch  | 209 ++
 tools/patch/patches/020-CVE-2018-6952.patch   |  30 +++
 3 files changed, 240 insertions(+)
 create mode 100644 tools/patch/patches/010-CVE-2018-1000156.patch
 create mode 100644 tools/patch/patches/020-CVE-2018-6952.patch

diff --git a/tools/patch/Makefile b/tools/patch/Makefile
index 4c4c09bc08..26f1e3eee6 100644
--- a/tools/patch/Makefile
+++ b/tools/patch/Makefile
@@ -8,6 +8,8 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=patch
 PKG_VERSION:=2.7.6
+PKG_RELEASE:=2
+PKG_CPE_ID:=cpe:/a:gnu:patch
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=@GNU/patch
diff --git a/tools/patch/patches/010-CVE-2018-1000156.patch 
b/tools/patch/patches/010-CVE-2018-1000156.patch
new file mode 100644
index 00..c83e240fb6
--- /dev/null
+++ b/tools/patch/patches/010-CVE-2018-1000156.patch
@@ -0,0 +1,209 @@
+From ee2904728eb4364a36d62d66f723d0b68749e5df Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher 
+Date: Fri, 6 Apr 2018 12:14:49 +0200
+Subject: [PATCH] Fix arbitrary command execution in ed-style patches
+ (CVE-2018-1000156)
+
+* src/pch.c (do_ed_script): Write ed script to a temporary file instead
+of piping it to ed: this will cause ed to abort on invalid commands
+instead of rejecting them and carrying on.
+* tests/ed-style: New test case.
+* tests/Makefile.am (TESTS): Add test case.
+---
+ src/pch.c | 89 +++
+ tests/Makefile.am |  1 +
+ tests/ed-style| 41 ++
+ 3 files changed, 108 insertions(+), 23 deletions(-)
+ create mode 100644 tests/ed-style
+
+diff --git a/src/pch.c b/src/pch.c
+index ff9ed2c..8150493 100644
+--- a/src/pch.c
 b/src/pch.c
+@@ -33,6 +33,7 @@
+ # include 
+ #endif
+ #include 
++#include 
+ 
+ #define INITHUNKMAX 125   /* initial dynamic allocation 
size */
+ 
+@@ -2388,22 +2389,28 @@ do_ed_script (char const *inname, char const *outname,
+ static char const editor_program[] = EDITOR_PROGRAM;
+ 
+ file_offset beginning_of_this_line;
+-FILE *pipefp = 0;
+ size_t chars_read;
++FILE *tmpfp = 0;
++char const *tmpname;
++int tmpfd;
++pid_t pid;
++
++if (! dry_run && ! skip_rest_of_patch)
++  {
++  /* Write ed script to a temporary file.  This causes ed to abort on
++ invalid commands such as when line numbers or ranges exceed the
++ number of available lines.  When ed reads from a pipe, it rejects
++ invalid commands and treats the next line as a new command, which
++ can lead to arbitrary command execution.  */
++
++  tmpfd = make_tempfile (, 'e', NULL, O_RDWR | O_BINARY, 0);
++  if (tmpfd == -1)
++pfatal ("Can't create temporary file %s", quotearg (tmpname));
++  tmpfp = fdopen (tmpfd, "w+b");
++  if (! tmpfp)
++pfatal ("Can't open stream for file %s", quotearg (tmpname));
++  }
+ 
+-if (! dry_run && ! skip_rest_of_patch) {
+-  int exclusive = *outname_needs_removal ? 0 : O_EXCL;
+-  assert (! inerrno);
+-  *outname_needs_removal = true;
+-  copy_file (inname, outname, 0, exclusive, instat.st_mode, true);
+-  sprintf (buf, "%s %s%s", editor_program,
+-   verbosity == VERBOSE ? "" : "- ",
+-   outname);
+-  fflush (stdout);
+-  pipefp = popen(buf, binary_transput ? "wb" : "w");
+-  if (!pipefp)
+-pfatal ("Can't open pipe to %s", quotearg (buf));
+-}
+ for (;;) {
+   char ed_command_letter;
+   beginning_of_this_line = file_tell (pfp);
+@@ -2414,14 +2421,14 @@ do_ed_script (char const *inname, char const *outname,
+   }
+   ed_command_letter = get_ed_command_letter (buf);
+   if (ed_command_letter) {
+-  if (pipefp)
+-  if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++  if (tmpfp)
++  if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+   write_fatal ();
+   if (ed_command_letter != 'd' && ed_command_letter != 's') {
+   p_pass_comments_through = true;
+   while ((chars_read = get_line ()) != 0) {
+-  if (pipefp)
+-  if (! fwrite (buf, sizeof *buf, chars_read, pipefp))
++  if (tmpfp)
++  if (! fwrite (buf, sizeof *buf, chars_read, tmpfp))
+   write_fatal ();
+   if (chars_read == 2  &&  strEQ (buf, ".\n"))
+   break;
+@@ -2434,13 +2441,49 @@ do_ed_script (char const *inname, char const *outname,
+   break;
+   }
+ }
+-if (!pipefp)
++if (!tmpfp)
+   return;
+-if (fwrite ("w\nq\n", sizeof (char), (size_t) 4,