mtk-20170518/package/network/utils, branch v17.01.5 MTK 20170518 : Mediatek SDK based on OpenWRT Barrier Breaker mbedtls: change libmbedcrypto.so soversion back to 0 2018-04-14T12:44:43+00:00 Hauke Mehrtens hauke@hauke-m.de 2018-04-14T12:33:46+00:00 09d95e44fc3d1a9f900b7305b10dc241a12d6f37 mbedtls changed in version 2.7.0 and 2.7.2 the soversion of the libmbedcrypto.so library, use the old version again to be able to use the new library with binaries compiled against the old mbedtls library. Some binaries got rebuild to for the 2.7.0 release and are now using libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0. Go back to libmbedcrypto.so.0 and make the system rebuild the binaries which were rebuild for 2.7.0 again. This should make the libmbedcrypto.so library be compatible with the old version shipped with 17.01. Fixes: 3ca1438ae0 ("mbedtls: update to version 2.7.2") Fixes: f609913b5c ("mbedtls: update to version 2.7.0") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> 
mbedtls changed in version 2.7.0 and 2.7.2 the soversion of the
libmbedcrypto.so library, use the old version again to be able to use
the new library with binaries compiled against the old mbedtls library.

Some binaries got rebuild to for the 2.7.0 release and are now using
libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0.
Go back to libmbedcrypto.so.0 and make the system rebuild the binaries
which were rebuild for 2.7.0 again.

This should make the libmbedcrypto.so library be compatible with the old
version shipped with 17.01.

Fixes: 3ca1438ae0 ("mbedtls: update to version 2.7.2")
Fixes: f609913b5c ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
mbedtls: update to version 2.7.0 2018-03-10T17:37:04+00:00 Hauke Mehrtens hauke@hauke-m.de 2018-03-04T19:38:00+00:00 f609913b5c60f7c65c462730993cd1c752083fd6 This fixes the following security problems: * CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled * CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures This release is also ABI incompatible with the previous one, but it is API compatible. Some functions used by a lot of other software was renamed and the old function names are provided as a static inline now, but they are only active when deprecated functions are allowed, deactivate the removal of deprecated functions for now. Also increase the PKG_RELEASE version to force a rebuild and update of packages depending on mbedtls to handle the changed ABI. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> 
This fixes the following security problems:
* CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled
* CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures

This release is also ABI incompatible with the previous one, but it is
API compatible.

Some functions used by a lot of other software was renamed and the old
function names are provided as a static inline now, but they are only
active when deprecated functions are allowed, deactivate the removal of
deprecated functions for now.

Also increase the PKG_RELEASE version to force a rebuild and update of
packages depending on mbedtls to handle the changed ABI.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
uqmi: ensure CID is a numeric value before proceeding 2018-02-20T09:50:37+00:00 Koen Vandeputte koen.vandeputte@ncentric.com 2018-02-19T10:02:45+00:00 788312ca59c57f1cfc4737378526ff1c2a1c8374 The current implementation only checked if uqmi itself executed correctly which is also the case when the returned value is actually an error. Rework this, checking that CID is a numeric value, which can only be true if uqmi itself also executed correctly. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> 
The current implementation only checked if uqmi itself executed
correctly which is also the case when the returned value is actually
an error.

Rework this, checking that CID is a numeric value, which can only
be true if uqmi itself also executed correctly.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
uqmi: use built-in command for data-link verification 2018-02-18T08:35:01+00:00 Koen Vandeputte koen.vandeputte@ncentric.com 2018-02-15T14:16:03+00:00 b3b16c8ce5c616a0d1f84c4263b4067ff099aa1e uqmi contains a command for directly querying the modem if there is a valid data connection, so let's use it. This avoids the cases were all previous tests are succesful, but the actual data link is not up for some reasons, leading to states were we thought the link was up when it actually wasn't .. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> 
uqmi contains a command for directly querying the modem if there
is a valid data connection, so let's use it.

This avoids the cases were all previous tests are succesful, but the
actual data link is not up for some reasons, leading to states were we
thought the link was up when it actually wasn't ..

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
uqmi: use correct value for connection checking 2018-02-18T08:34:32+00:00 Koen Vandeputte koen.vandeputte@ncentric.com 2018-02-15T14:16:02+00:00 e9eb219e5a07f3e2284c1483da03d5accb130eac Originally, the implementation only checked if uqmi command execution succeeded properly without actually checking it's returned data. This lead to a pass, even when the returned data was indicating an error. Rework the verification to actually check the returned data, which can only be correct if the uqmi command itself also executed correctly. On command execution success, value "pdh_" is a pure numeric value. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> 
Originally, the implementation only checked if uqmi command
execution succeeded properly without actually checking it's returned data.

This lead to a pass, even when the returned data was indicating an error.

Rework the verification to actually check the returned data,
which can only be correct if the uqmi command itself also executed correctly.

On command execution success, value "pdh_" is a pure numeric value.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
uqmi: use general method for state cleaning 2018-02-18T08:34:32+00:00 Koen Vandeputte koen.vandeputte@ncentric.com 2018-02-15T14:16:01+00:00 5661ac1de4d81c51cdc6f6f333bec3608ec43438 Debugging shows that using the general method properly cleans on each run, while the method specifying the client-ID shows "No effect" even while in connected state. Fixes several connectivity issues seen on specific modems. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> 
Debugging shows that using the general method properly cleans on each
run, while the method specifying the client-ID shows "No effect"
even while in connected state.

Fixes several connectivity issues seen on specific modems.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
uqmi: silence error on pin verification 2018-02-18T08:34:32+00:00 Koen Vandeputte koen.vandeputte@ncentric.com 2018-02-15T14:16:00+00:00 7c259fb98018e4ab097df0d14ac6b3e4ae1c2650 If a device only supports the 2nd verification method (uim), the first method will fail as expected reporting an error: "Command not supported" Silence both separate methods and only report an error regarding pin verification if both fail. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> 
If a device only supports the 2nd verification method (uim),
the first method will fail as expected reporting an error:

"Command not supported"

Silence both separate methods and only report an error regarding
pin verification if both fail.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
uqmi: fix raw-ip mode for newer lte modems 2018-02-18T08:34:32+00:00 Koen Vandeputte koen.vandeputte@ncentric.com 2018-02-15T14:15:59+00:00 046222dfaf1272d7689f9bca17ecdd1fbdda38e5 Some newer LTE modems, like the MC7455 or EC25-E do not support "802.3" mode, and will stay in "raw-ip" regardless of the mode being set. In this case, the driver must be informed that it should handle all packets in raw mode. [1] This commit fixes connectivity issues for these devices. Before: [ Node 5 ] udhcpc -i wwan0 udhcpc: started, v1.27.2 udhcpc: sending discover udhcpc: sending discover udhcpc: sending discover After: [ Node 5 ] udhcpc -i wwan0 udhcpc: started, v1.27.2 udhcpc: sending discover udhcpc: sending select for 100.66.245.226 udhcpc: lease of 100.66.245.226 obtained, lease time 7200 udhcpc: ifconfig wwan0 100.66.245.226 netmask 255.255.255.252 broadcast + udhcpc: setting default routers: 100.66.245.225 [1] https://lists.freedesktop.org/archives/libqmi- devel/2017-January/002064.html Tested on cns3xxx using a Sierra Wireless MC7455 LTE-A Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> [bumped PKG_RELEASE] Signed-off-by: Jo-Philipp Wich <jo@mein.io> 
Some newer LTE modems, like the MC7455 or EC25-E do not support
"802.3" mode, and will stay in "raw-ip" regardless of the mode being
set.

In this case, the driver must be informed that it should handle all
packets in raw mode. [1]

This commit fixes connectivity issues for these devices.

Before:

[ Node 5 ] udhcpc -i wwan0
udhcpc: started, v1.27.2
udhcpc: sending discover
udhcpc: sending discover
udhcpc: sending discover

After:

[ Node 5 ] udhcpc -i wwan0
udhcpc: started, v1.27.2
udhcpc: sending discover
udhcpc: sending select for 100.66.245.226
udhcpc: lease of 100.66.245.226 obtained, lease time 7200
udhcpc: ifconfig wwan0 100.66.245.226 netmask 255.255.255.252 broadcast
+
udhcpc: setting default routers: 100.66.245.225

[1] https://lists.freedesktop.org/archives/libqmi-
devel/2017-January/002064.html

Tested on cns3xxx using a Sierra Wireless MC7455 LTE-A

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[bumped PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
net: uqmi: fix blocking in endless loops when unplugging device 2018-02-18T08:34:32+00:00 Alexandru Ardelean ardeleanalex@gmail.com 2018-02-15T14:15:58+00:00 0393009ec84e0f22d854e8e11e630d393d44efe9 If you unplug a QMI device, the /dev/cdc-wdmX device disappears but uqmi will continue to poll it endlessly. Then, when you plug it back, you have 2 uqmi processes, and that's bad, because 2 processes talking QMI to the same device [and the same time] doesn't seem to work well. Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> 
If you unplug a QMI device, the /dev/cdc-wdmX device
disappears but uqmi will continue to poll it endlessly.

Then, when you plug it back, you have 2 uqmi processes,
and that's bad, because 2 processes talking QMI to the
same device [and the same time] doesn't seem to work well.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
iptables: make kmod-ipt-debug part of default ALL build 2018-01-26T07:37:28+00:00 Yousong Zhou yszhou4tech@gmail.com 2018-01-26T06:40:25+00:00 fbeae9d891e7661cfb9f9d5209f9656234466127 The iptables TRACE target is only available in raw table that's why the dependency was moved from iptables-mod-trace into kmod-ipt-debug Fixes FS#1219 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> 
The iptables TRACE target is only available in raw table that's why the
dependency was moved from iptables-mod-trace into kmod-ipt-debug

Fixes FS#1219

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>