In lantiq, ath9k caldata extraction is implemented to work in two
alternate "modes", the standard one and another one with conv=swab.
This rearranges the functions so "standard" use is based on the
caldata.sh library, while only a single local function is required
for the special case.
Note that
Fixes this security problem:
* SAE/EAP-pwd side-channel attack update
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt
Signed-off-by: Hauke Mehrtens
---
...-ECC-groups-with-a-prime-under-256-b.patch | 40
...itable-groups-based-on-REVmd-changes.patch | 54
This fixes:
CVE-2019-11555 "EAP-pwd message reassembly issue with unexpected fragment"
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt
This should not affect OpenWrt in the default settings as we do not use
EAP-pwd.
Signed-off-by: Hauke Mehrtens
---
there seem to exist at least a dozen of critical bugs that one would
not like to have as a part of final release, to name a few:
Mainline ath10k causes crahes in ipq806x / R7800 ->
https://bugs.openwrt.org/index.php?do=details_id=2480
TP-Link CPE210v3 wifi not working ->
On 06.09.19 12:44, Bjørn Mork wrote:
> Jo-Philipp Wich writes:
>
>>> Buildbot is already crunching the images and packages, and pretty much
>>> all targets are green. So there are no obvious build related issues
>>> preventing the release. I have also not noticed any franctic discussion
>>>
Signed-off-by: Hauke Mehrtens
---
package/network/services/hostapd/Makefile | 6 +-
.../hostapd/files/hostapd-basic.config| 16 +-
.../hostapd/files/hostapd-full.config | 16 +-
.../hostapd/files/hostapd-mini.config | 16 +-
Instead of patching the workaround away, just use the config option.
Signed-off-by: Hauke Mehrtens
---
.../hostapd/files/wpa_supplicant-basic.config| 2 +-
.../hostapd/files/wpa_supplicant-full.config | 2 +-
.../hostapd/files/wpa_supplicant-mini.config | 2 +-
This increases the size of the binary slightly:
old:
427722 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
431696 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
new:
442109 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
445997 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
All the content of this function is proceeded by IEEE8021X_EAPOL no code
accesses the ssid variable outside of this ifdef.
Signed-off-by: Hauke Mehrtens
---
.../hostapd/patches/110-no_eapol_fix.patch | 14 --
.../services/hostapd/patches/200-multicall.patch | 6 +++---
hostapd will not use the getrandom() syscall and as a fallback use
/dev/random, the syscall is supported since Linux 3.17 and in the musl,
glibc and uclibc version used by OpenWrt.
Signed-off-by: Hauke Mehrtens
---
package/network/services/hostapd/files/hostapd-basic.config | 2 +-
These two patches are fixing some problems which are fixed in hostapd
master, but not in version 2.8.
Signed-off-by: Hauke Mehrtens
---
...-in-storing-of-external_auth-SSID-BS.patch | 82 +++
...-Fix-ENGINE-support-with-OpenSSL-1.1.patch | 39 +
2 files changed, 121
This updates hostapd to version 2.9 release.
I tested AP mode and also mesh on 5GHz.
Hauke Mehrtens (7):
hostapd: Update to version 2.8
hostapd: backport some Fixes from upstream hostapd
hostapd: update to version 2.9
hostapd: use config option CONFIG_NO_LINUX_PACKET_SOCKET_WAR
hostapd:
This updates hostapd to version 2.9 release.
I tested AP mode and also mesh on 5GHz.
Hauke Mehrtens (7):
hostapd: Update to version 2.8
hostapd: backport some Fixes from upstream hostapd
hostapd: update to version 2.9
hostapd: use config option CONFIG_NO_LINUX_PACKET_SOCKET_WAR
hostapd:
This moves the almost identical calibration data extraction
functions present multiple times in several targets to a single
library file /lib/functions/caldata.sh.
Functions are renamed with more generic names to merge different
variants that only differ in their names.
Most of the targets used
This unifies MAC address patch functions and moves them to a
common script. While those were implemented differently for
different targets, they all seem to do the same. The number of
different variants is significantly reduced by this patch.
Signed-off-by: Adrian Schmutzler
---
If chksum_offset in converted by $(($...)) at the beginning, the
check [ -n "$chksum_offset" ] will always return true, as the
conversion yields "0" for an empty argument.
With this patch, the variable is not converted before the check,
but only when it's used in dd.
No conversion is done for
The xor() function is defined in each of the caldata extraction
scripts for several targets. Move it to functions.sh to reduce
duplicate code.
Signed-off-by: Adrian Schmutzler
---
package/base-files/files/lib/functions.sh | 16
.../etc/hotplug.d/firmware/10-ath9k-eeprom
This is another attempt to unify caldata extraction and MAC patching.
Compared to my first attempt half a year ago, this includes more targets
and does more code cleanup, particularly by merging several differently
implemented function spread across the code which effectively do the
same.
I also
18 matches
Mail list logo