mtk-20170518/package/utils, branch v17.01.6 MTK 20170518 : Mediatek SDK based on OpenWRT Barrier Breaker bzip2: Fix CVE-2016-3189 2018-08-30T11:15:06+00:00 Rosen Penev rosenp@gmail.com 2018-08-23T02:07:56+00:00 d3e325dfeffd0b407972e6716d5fd5c8acb6c962 Issue causes a crash with specially crafted bzip2 files. More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189 Taken from Fedora. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit f9469efbfa7ce892651f9a6da713eacbef66f177) 
Issue causes a crash with specially crafted bzip2 files.

More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189

Taken from Fedora.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f9469efbfa7ce892651f9a6da713eacbef66f177)
mbedtls: change libmbedcrypto.so soversion back to 0 2018-04-14T12:44:43+00:00 Hauke Mehrtens hauke@hauke-m.de 2018-04-14T12:33:46+00:00 09d95e44fc3d1a9f900b7305b10dc241a12d6f37 mbedtls changed in version 2.7.0 and 2.7.2 the soversion of the libmbedcrypto.so library, use the old version again to be able to use the new library with binaries compiled against the old mbedtls library. Some binaries got rebuild to for the 2.7.0 release and are now using libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0. Go back to libmbedcrypto.so.0 and make the system rebuild the binaries which were rebuild for 2.7.0 again. This should make the libmbedcrypto.so library be compatible with the old version shipped with 17.01. Fixes: 3ca1438ae0 ("mbedtls: update to version 2.7.2") Fixes: f609913b5c ("mbedtls: update to version 2.7.0") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> 
mbedtls changed in version 2.7.0 and 2.7.2 the soversion of the
libmbedcrypto.so library, use the old version again to be able to use
the new library with binaries compiled against the old mbedtls library.

Some binaries got rebuild to for the 2.7.0 release and are now using
libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0.
Go back to libmbedcrypto.so.0 and make the system rebuild the binaries
which were rebuild for 2.7.0 again.

This should make the libmbedcrypto.so library be compatible with the old
version shipped with 17.01.

Fixes: 3ca1438ae0 ("mbedtls: update to version 2.7.2")
Fixes: f609913b5c ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
mbedtls: update to version 2.7.0 2018-03-10T17:37:04+00:00 Hauke Mehrtens hauke@hauke-m.de 2018-03-04T19:38:00+00:00 f609913b5c60f7c65c462730993cd1c752083fd6 This fixes the following security problems: * CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled * CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures This release is also ABI incompatible with the previous one, but it is API compatible. Some functions used by a lot of other software was renamed and the old function names are provided as a static inline now, but they are only active when deprecated functions are allowed, deactivate the removal of deprecated functions for now. Also increase the PKG_RELEASE version to force a rebuild and update of packages depending on mbedtls to handle the changed ABI. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> 
This fixes the following security problems:
* CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled
* CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures

This release is also ABI incompatible with the previous one, but it is
API compatible.

Some functions used by a lot of other software was renamed and the old
function names are provided as a static inline now, but they are only
active when deprecated functions are allowed, deactivate the removal of
deprecated functions for now.

Also increase the PKG_RELEASE version to force a rebuild and update of
packages depending on mbedtls to handle the changed ABI.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
usbutils: Update usb.ids file to latest 2017-12-13T15:54:29+00:00 Rosen Penev rosenp@gmail.com 2017-11-22T05:57:52+00:00 e719a08cc1990d033b56b850616313d3764810ba Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit fc4e7bdca75f4d283374d3dfe0d0ac1cd4885612) 
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit fc4e7bdca75f4d283374d3dfe0d0ac1cd4885612)
packages: nvram: fix memory leak in _nvram_free 2017-12-13T15:51:59+00:00 Zhai Zhaoxuan zhaizhaoxuan@xiaomi.com 2017-07-11T10:12:00+00:00 06258144266a5adb44d2ef072c2a7c051584a24d The value of nvram_tuple_t is allocated in _nvram_realloc, but it is not freed in _nvram_free. Signed-off-by: Zhai Zhaoxuan <zhaizhaoxuan@xiaomi.com> (cherry picked from commit c382237ac33a787043b22abc42f0c5a80278baae) 
The value of nvram_tuple_t is allocated in _nvram_realloc,
but it is not freed in _nvram_free.

Signed-off-by: Zhai Zhaoxuan <zhaizhaoxuan@xiaomi.com>
(cherry picked from commit c382237ac33a787043b22abc42f0c5a80278baae)
usbutils: avoid duplicating the git revision 2017-12-13T15:34:10+00:00 Philip Prindeville philipp@redfish-solutions.com 2017-09-19T20:47:54+00:00 eff1f7e7efdebdbb4b102a51e8e78bde1666533c Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> (cherry picked from commit 3008fc9a7bbdcbb2563c99178ce8085396dd41e6) 
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 3008fc9a7bbdcbb2563c99178ce8085396dd41e6)
nvram: add help message for nvram magic not found 2017-12-13T15:23:40+00:00 BangLang Huang banglang.huang@foxmail.com 2017-02-24T02:58:09+00:00 2b8830933512e6c9e0c866c5f8977f74acfecf89 The program would failed if nvram magic not found in specific partition. Signed-off-by: BangLang Huang <banglang.huang@foxmail.com> (cherry picked from commit 69da83d9f12e4e48b546fc3fc3ff555034959211) 
The program would failed if nvram magic not found
in specific partition.

Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit 69da83d9f12e4e48b546fc3fc3ff555034959211)
nvram: improve argument check when program start 2017-12-13T15:23:39+00:00 BangLang Huang banglang.huang@foxmail.com 2017-02-24T02:52:52+00:00 118a2ea0bcdfb3895dfdec9fe4b98be5325d6386 print help message when argument count is less than 2. Signed-off-by: BangLang Huang <banglang.huang@foxmail.com> (cherry picked from commit c7e2a6fe923dc86bab14d94ead322a045efca4c9) 
print help message when argument count is less
than 2.

Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit c7e2a6fe923dc86bab14d94ead322a045efca4c9)
nvram: add usage() function 2017-12-13T15:23:39+00:00 BangLang Huang banglang.huang@foxmail.com 2017-02-24T02:45:16+00:00 c446ee4ad42731ef99cbefee7dcc2bcab1c26566 Merge the help message into a single function, so that we can use it somewhere else. Signed-off-by: BangLang Huang <banglang.huang@foxmail.com> (cherry picked from commit 2a253e7cdbacd1bd19da80ea6f35a93b42655c3b) 
Merge the help message into a single function,
so that we can use it somewhere else.

Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit 2a253e7cdbacd1bd19da80ea6f35a93b42655c3b)
nvram: fix memory leak 2017-12-13T15:23:39+00:00 BangLang Huang banglang.huang@foxmail.com 2017-02-24T02:16:17+00:00 9e84d333b19abdfe5effd276421217a64dd98078 Fix memory leak on nvram_open() and nvram_open_rdonly(). For nvram_open(), the 'fd' should be closed on error, and mmap_area should be unmap when nvram magic can not be found. For nvram_open_rdonly(), the 'file' variable should free before return. Once nvram_find_mtd() return successfully, it will allocate memory to save mtd device string. Signed-off-by: BangLang Huang <banglang.huang@foxmail.com> (cherry picked from commit 1948d8e08c72106a01b359a30217cf92657cc79d) 
Fix memory leak on nvram_open() and nvram_open_rdonly().

For nvram_open(), the 'fd' should be closed on error, and
mmap_area should be unmap when nvram magic can not be found.

For nvram_open_rdonly(), the 'file' variable should free before
return. Once nvram_find_mtd() return successfully, it will allocate
memory to save mtd device string.

Signed-off-by: BangLang Huang <banglang.huang@foxmail.com>
(cherry picked from commit 1948d8e08c72106a01b359a30217cf92657cc79d)