[OpenWrt-Devel] [PATCH] kernel: add missing kmod-video-videobuf2's object file in 4.4
CONFIG_VIDEOBUF2_CORE produces two object files in Linux >= 4.4. Conditionally add the new file to FILES of kmod-video-videobuf2. Signed-off-by: Jan Čermák <jan.cer...@nic.cz> --- package/kernel/linux/modules/video.mk | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package/kernel/linux/modules/video.mk b/package/kernel/linux/modules/video.mk index 3b06a14..0fcacb2 100644 --- a/package/kernel/linux/modules/video.mk +++ b/package/kernel/linux/modules/video.mk @@ -127,9 +127,10 @@ define KernelPackage/video-videobuf2 CONFIG_VIDEOBUF2_VMALLOC FILES:= \ $(LINUX_DIR)/drivers/media/$(V4L2_DIR)/videobuf2-core.ko \ + $(LINUX_DIR)/drivers/media/$(V4L2_DIR)/videobuf2-v4l2.ko@ge4.4 \ $(LINUX_DIR)/drivers/media/$(V4L2_DIR)/videobuf2-memops.ko \ $(LINUX_DIR)/drivers/media/$(V4L2_DIR)/videobuf2-vmalloc.ko - AUTOLOAD:=$(call AutoLoad,65,videobuf2-core videobuf2-memops videobuf2-vmalloc) + AUTOLOAD:=$(call AutoLoad,65,videobuf2-core videobuf-v4l2@ge4.4 videobuf2-memops videobuf2-vmalloc) $(call AddDepends/video) endef -- 2.7.0 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] kernel: add missing kmod-video-videobuf2's object file in 4.4
CONFIG_VIDEOBUF2_CORE produces two object files in Linux >= 4.4. Conditionally add the new file to FILES of kmod-video-videobuf2. Signed-off-by: Jan Čermák <jan.cer...@nic.cz> --- package/kernel/linux/modules/video.mk | 3 +++ 1 file changed, 3 insertions(+) diff --git a/package/kernel/linux/modules/video.mk b/package/kernel/linux/modules/video.mk index 3b06a14..741aea1 100644 --- a/package/kernel/linux/modules/video.mk +++ b/package/kernel/linux/modules/video.mk @@ -129,6 +129,9 @@ define KernelPackage/video-videobuf2 $(LINUX_DIR)/drivers/media/$(V4L2_DIR)/videobuf2-core.ko \ $(LINUX_DIR)/drivers/media/$(V4L2_DIR)/videobuf2-memops.ko \ $(LINUX_DIR)/drivers/media/$(V4L2_DIR)/videobuf2-vmalloc.ko +ifeq ($(strip $(call CompareKernelPatchVer,$(KERNEL_PATCHVER),ge,4.4.0)),1) + FILES+=$(LINUX_DIR)/drivers/media/$(V4L2_DIR)/videobuf2-v4l2.ko +endif AUTOLOAD:=$(call AutoLoad,65,videobuf2-core videobuf2-memops videobuf2-vmalloc) $(call AddDepends/video) endef -- 2.7.0 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] samba36: add three CVE patches from 2015-12-16
This is a patch for CVE-2015-5252, CVE-2015-5296 and CVE-2015-5299. A patchset for these vulnerabilities was published on 16th December 2015. Signed-off-by: Jan Čermák <jan.cer...@nic.cz> --- package/network/services/samba36/Makefile | 2 +- .../samba36/patches/010-patch-cve-2015-5252.patch | 43 .../samba36/patches/011-patch-cve-2015-5296.patch | 112 + .../samba36/patches/012-patch-cve-2015-5299.patch | 97 ++ 4 files changed, 253 insertions(+), 1 deletion(-) create mode 100644 package/network/services/samba36/patches/010-patch-cve-2015-5252.patch create mode 100644 package/network/services/samba36/patches/011-patch-cve-2015-5296.patch create mode 100644 package/network/services/samba36/patches/012-patch-cve-2015-5299.patch diff --git a/package/network/services/samba36/Makefile b/package/network/services/samba36/Makefile index 9e282f0..7b571a4 100644 --- a/package/network/services/samba36/Makefile +++ b/package/network/services/samba36/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=samba PKG_VERSION:=3.6.25 -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_SOURCE_URL:=http://ftp.samba.org/pub/samba \ http://ftp.samba.org/pub/samba/stable diff --git a/package/network/services/samba36/patches/010-patch-cve-2015-5252.patch b/package/network/services/samba36/patches/010-patch-cve-2015-5252.patch new file mode 100644 index 000..8922a6e --- /dev/null +++ b/package/network/services/samba36/patches/010-patch-cve-2015-5252.patch @@ -0,0 +1,43 @@ +From 2e94b6ec10f1d15e24867bab3063bb85f173406a Mon Sep 17 00:00:00 2001 +From: Jeremy Allison <j...@samba.org> +Date: Thu, 9 Jul 2015 10:58:11 -0700 +Subject: [PATCH] CVE-2015-5252: s3: smbd: Fix symlink verification (file + access outside the share). + +Ensure matching component ends in '/' or '\0'. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395 + +Signed-off-by: Jeremy Allison <j...@samba.org> +Reviewed-by: Volker Lendecke <v...@samba.org> +--- + source3/smbd/vfs.c | 7 +-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c +index 6c56964..bd93b7f 100644 +--- a/source3/smbd/vfs.c b/source3/smbd/vfs.c +@@ -982,6 +982,7 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) + if (!allow_widelinks || !allow_symlinks) { + const char *conn_rootdir; + size_t rootdir_len; ++ bool matched; + + conn_rootdir = SMB_VFS_CONNECTPATH(conn, fname); + if (conn_rootdir == NULL) { +@@ -992,8 +993,10 @@ NTSTATUS check_reduced_name(connection_struct *conn, const char *fname) + } + + rootdir_len = strlen(conn_rootdir); +- if (strncmp(conn_rootdir, resolved_name, +- rootdir_len) != 0) { ++ matched = (strncmp(conn_rootdir, resolved_name, ++ rootdir_len) == 0); ++ if (!matched || (resolved_name[rootdir_len] != '/' && ++ resolved_name[rootdir_len] != '\0')) { + DEBUG(2, ("check_reduced_name: Bad access " + "attempt: %s is a symlink outside the " + "share path\n", fname)); +-- +2.5.0 diff --git a/package/network/services/samba36/patches/011-patch-cve-2015-5296.patch b/package/network/services/samba36/patches/011-patch-cve-2015-5296.patch new file mode 100644 index 000..eaafd1c --- /dev/null +++ b/package/network/services/samba36/patches/011-patch-cve-2015-5296.patch @@ -0,0 +1,112 @@ +From 25139116756cc285a3a5534834cc276ef1b7baaa Mon Sep 17 00:00:00 2001 +From: Stefan Metzmacher <me...@samba.org> +Date: Wed, 30 Sep 2015 21:17:02 +0200 +Subject: [PATCH 1/2] CVE-2015-5296: s3:libsmb: force signing when requiring + encryption in do_connect() + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 + +Signed-off-by: Stefan Metzmacher <me...@samba.org> +Reviewed-by: Jeremy Allison <j...@samba.org> +--- + source3/libsmb/clidfs.c | 7 ++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c +index 23e1471..f153b6b 100644 +--- a/source3/libsmb/clidfs.c b/source3/libsmb/clidfs.c +@@ -98,6 +98,11 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, + const char *username; + const char *password; + NTSTATUS status; ++ int signing_state = get_cmdline_auth_info_signing_state(auth_info); ++ ++ if (force_encrypt) { ++ signing_state = Required; ++ } + + /* make a copy so we don't modify the global string 'service' */ + servicename = talloc_strdup(ctx,share); +@@ -132,7 +137,7 @@ static struct cli_state *do_connect(TALLOC_CTX *ctx, + zero_sockaddr(); + + /* have to open a new connectio
Re: [OpenWrt-Devel] [PATCH] config/Config-images.in: Fix wrong handling of ROOTFS_INCLUDE default options
Hello, currently I think the best option for us is an ext4fs image with /boot in the same partition, no squashfs+jfss2 or separated /boot partition. I saw that a few targets are making ext4fs image, but is any of them following the current best practices? Cheers, Jan On 11.11.2015 17:31, Felix Fietkau wrote: > On 2015-11-11 16:04, Jan Čermák wrote: >> Hello Felix, >> >> On 11.11.2015 15:00, Felix Fietkau wrote: >>> This option is apparently supported for ext4 and ubifs only. Also, the >>> code enabled by these options is one big design flaw, and I'd like to >>> get rid of it as soon as possible by converting all devices that need it >>> over to the new image building code. >> >> because I was planning to use these options for a new target, can you give >> me a >> hint what's now the correct way to create an image of ext4 FS with kernel >> included within it? > Do you need to keep the kernel in the same filesystem as the rest of the > system, or can you make a small kernel partition and use the normal > squashfs+jffs2 overlay, or does it use something else? > > - Felix > ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] config/Config-images.in: Fix wrong handling of ROOTFS_INCLUDE default options
Hello Felix, On 11.11.2015 15:00, Felix Fietkau wrote: > This option is apparently supported for ext4 and ubifs only. Also, the > code enabled by these options is one big design flaw, and I'd like to > get rid of it as soon as possible by converting all devices that need it > over to the new image building code. because I was planning to use these options for a new target, can you give me a hint what's now the correct way to create an image of ext4 FS with kernel included within it? Thanks Jan ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] Git mirror with branches, tags and full history
Hello Steven, I'm happy to see that the things moved forward at least a bit after the lengthy discussions. Keep up the good work! Regards, Jan On 9.11.2015 10:06, Steven Barth wrote: > Hey everyone, > > I took the time last week to create a full-history git-mirror with > branches, author mapping and release tags. It is currently on github, > but it will probably end up on git.openwrt.org in the end. > > Note: Do NOT send us pull requests to this repository, they will be > ignored. Send patches to this mailing-list instead. > > Now finally the mirror is at: https://github.com/openwrt/openwrt > Since the authors are mapped, it is NOT compatible with the current > git-mirror. > > Let us know what you think. > > > > Cheers, > > Steven > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel > ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] SVN to GIT transition
Hello, thanks for pointing that out, Steven. Yes, this is basically the main reason why Bedrich opened this topic. If you need to maintain sustainable OpenWrt fork (no flame please, there are some situations - like running "heavyweight" OpenWrt fork on a device like our Turris - when it's reasonable to fork), pure Git is the way to go. When you have a fork based on some trunk version, it's not *that hard* to merge upstream changes from time to time, but if you want to base your system on some stable branch and then upgrade to a newer one, getting back the history of changes between versions gets pretty awkward. IMHO the main argument against Git over SVN here is that users would lose the information that'll help them to compare which version is newer. But as Atilla and Bruno said - git describe works maybe even better than just an incrementing revision number. Maybe it'd be needed to change a some of the workflow, but the pros of git (for us mainly: keeping the track of history and merging upstream changes) outweigh the cons. Last but not least - Git has become a de-facto standard for larger projects with more contributors and the it helps to open the project to community - sending a patch to the mailing list (a patch that sometimes just lies there without any positive nor negative response for weeks) might discourage smaller contributors. Just look at the situation of openwrt-packages - the people became much more active since moving the repo to GitHub. Regards, Jan On 10.10.2015 15:21, Steven Barth wrote: > One important point was IIRC, migrating from one stable branch to another is > awkward > since the history is different, so rebasing custom changes on top is painful. > > All in all there was relatively overwhelming feedback of most of the people > at the > summit that there lifes would be very much easier if the main repo was based > on git > and there was noone who really felt the opposite. > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel > ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
[OpenWrt-Devel] [PATCH] iptables: IPv6 addresses with some mask values cause memory corruption
This patch fixes a bug in iptables that is causing memory corruption when a rule contains IPv6 address with mask divisible by 8 or equal to /128. After some debugging, we found out that this bug was already reported and applied in commit a76a5c997a235f822d49799c25fce8e311d473c7 in iptables. The bug occured on PowerPC platform (mpc85xx), resulting in segfault. It's possible that it'd not surface on other platforms or with some compiler options, as the overflown byte wouldn't rewrite any vital address. This patch would probably be no longer necessasy after release of iptables 1.4.22, however it's not sure when a new version is going to be released and this bug can make using IPv6 rules in iptables impossible. Also, can you please backport this patch to BB? Signed-off-by: Jan Cermak jan.cer...@nic.cz Link to original commit in iptables repository: https://git.netfilter.org/iptables/commit/?id=a76a5c997a235f822d49799c25fce8e311d473c7 diff --git a/package/network/utils/iptables/patches/600-libxtables-fix-two-off-by-one-memory-corruption-bugs.patch b/package/network/utils/iptables/patches/600-libxtables-fix-two-off-by-one-memory-corruption-bugs.patch new file mode 100644 index 000..3f7364b --- /dev/null +++ b/package/network/utils/iptables/patches/600-libxtables-fix-two-off-by-one-memory-corruption-bugs.patch @@ -0,0 +1,14 @@ +--- a/libxtables/xtables.c b/libxtables/xtables.c +@@ -1704,8 +1704,9 @@ static struct in6_addr *parse_ip6mask(char *mask) + if (bits != 0) { + char *p = (void *)maskaddr; + memset(p, 0xff, bits / 8); +- memset(p + (bits / 8) + 1, 0, (128 - bits) / 8); +- p[bits/8] = 0xff (8 - (bits 7)); ++ memset(p + ((bits + 7) / 8), 0, (128 - bits) / 8); ++ if (bits 128) ++ p[bits/8] = 0xff (8 - (bits 7)); + return maskaddr; + } + ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel