Re: Developer Meeting November 2022

2022-12-04 Thread Seo Suchan 
there are boatloads of TLS 1.3 related bug fixes on mbedtls repository. 
are we sure they they still doesn't support TLS 1.3?


2022-12-02 오전 5:12에 Paul Spooren 이(가) 쓴 글:

Hi all, please find our notes from yesterdays meeting below:

https://openwrt.org/meetings/20221130

Feel free to comment in this thread.

Sunshine,
Paul

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

what stop 21.02.2 and 19.07.9 from offically released?

2022-02-24 Thread Seo Suchan 
both are taged 7 days ago and it look target is built feb 18 and package 
builder passed taged commit, so can I ask what's stoping it being 
released as offical?



___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: OpenWrt 21.02 and 19.07 minor release

2022-02-14 Thread Seo Suchan 
I just noticed 19.07 still looks at dnsmasq 2.80: which was effeced by 
series of vulnerablity CVE-2020-25681 
 ~25685 and need to 
bumped at least to 2.85 like 21.02 as CVE-2021-3448 
 is fixed by 2.85rc1 - 
would just copying 21.02's dnsmasq makefiles (and patches) be enough to 
fix this?


2022-02-13 오전 9:26에 Hauke Mehrtens 이(가) 쓴 글:


Thanks for that information. Do you know about some official statement 
about this?


I fixed some other problems in OpenWrt 21.02:
* Linux: update to latests minor version
* hostapd: backport the patches
* wolfssl: update to recent version
* tcpdump: backport a patch
* mbedtls: update to new LTS version
* glibc: Update to latest minor version

Hauke

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: OpenWrt 21.02 and 19.07 minor release

2022-02-10 Thread Seo Suchan 

looks like those dnsmasq exploits aren't real

bugs never looked by human (no commit related by it), but bots confirmed 
that thoses look fixed by commit 011f8cf1d011ade2f9e7231fca3cabfb1e8eaf06


https://oss-fuzz.com/revisions?job=afl_asan_dnsmasq&range=202112300601:202201020605 



when I read that commit it looks like 2.86 had bug that faild to build 
on gcc 4.8 and it caused fuzzer to get immediately crash, producing 
bunch of 'exploits'



2022-02-10 오전 7:58에 Hauke Mehrtens 이(가) 쓴 글:> On 1/25/22 00:07, 
Hauke Mehrtens wrote:

>> On 1/24/22 22:53, Hauke Mehrtens wrote:
>>> Hi,
>>>
>>> I would like to tag a new 21.02 and 19.07 minor release in about one
>>> week. I am not aware of a severe security problem, it was just some
>>> time since the last release.
>>>
>>> Are there any known regressions in the current stable branches
>>> compared to the last release and should we fix them?
>>>
>>> If we should backport some changes from master please just answer to
>>> this mail with the commit and a reason why you need it.
>>>
>>> There are already some pull requests on github:
>>> 
https://github.com/openwrt/openwrt/pulls?q=is%3Apr+is%3Aopen+label%3Arelease%2F21.02 


>>>
>>>
>>> 
https://github.com/openwrt/openwrt/pulls?q=is%3Apr+is%3Aopen+label%3Arelease%2F19.07 


>>>
>>>
>>> Hauke
>>
>> There are some security patches available for hostapd. Is someone
>> working on backporting them to OpenWrt 21.02 or 19.07?
>> https://w1.fi/security/2022-1/
>>
>> Dnsmasq also has some new CVEs assigned.
>> Is someone working on backporting these fixes?
>> https://nvd.nist.gov/vuln/detail/CVE-2021-45951
>> https://nvd.nist.gov/vuln/detail/CVE-2021-45952
>> https://nvd.nist.gov/vuln/detail/CVE-2021-45953
>> https://nvd.nist.gov/vuln/detail/CVE-2021-45954
>> https://nvd.nist.gov/vuln/detail/CVE-2021-45955
>> https://nvd.nist.gov/vuln/detail/CVE-2021-45956
>> https://nvd.nist.gov/vuln/detail/CVE-2021-45957
>>
>> Hauke
>
> Hi,
>
> Sorry for the delay, I haven't found the time to take care of these
> CVEs yet and I would like to get them fixed before the release.
>
> There are also some CVEs fixed in wolfssl:
> https://github.com/openwrt/openwrt/pull/4910
> This will probably break the ABI again.
>
> It would be nice if someone could tak over one component to get this
> fixed faster.
>
> Hauke
>
> ___
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Re: [iwinfo PATCH 1/2] iwinfo: add support for indoor only chan restriction

2022-01-23 Thread Seo Suchan 
Which will get priority in DFS or indoor channels? will it have setting 
to enable DFS for such channel? well we can't really enforce 
'indoorness' of out target, isn't it? Or will we have per device target 
config for 'this will be outdoor' ?


21. 11. 19. 01:40에 Ansuel Smith 이(가) 쓴 글:

Some country permit a specific channel to be used only indoor.
Introduce a new restriction_flags entry to declare different restrition
of a specific channel.

Signed-off-by: Ansuel Smith 
---
  include/iwinfo.h |  4 
  iwinfo_nl80211.c | 14 ++
  2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/include/iwinfo.h b/include/iwinfo.h
index 8469ee7..3543b91 100644
--- a/include/iwinfo.h
+++ b/include/iwinfo.h
@@ -61,6 +61,9 @@
  #define IWINFO_FREQ_NO_160MHZ (1 << 5)
  #define IWINFO_FREQ_NO_2160MHZ(1 << 6)
  
+#define IWINFO_FREQ_NO_IR		(1 << 0)

+#define IWINFO_FREQ_NO_OUTDOOR (2 << 0)
+
  extern const char *IWINFO_CIPHER_NAMES[IWINFO_CIPHER_COUNT];
  extern const char *IWINFO_KMGMT_NAMES[IWINFO_KMGMT_COUNT];
  extern const char *IWINFO_AUTH_NAMES[IWINFO_AUTH_COUNT];
@@ -168,6 +171,7 @@ struct iwinfo_freqlist_entry {
uint8_t channel;
uint32_t mhz;
uint8_t restricted;
+   uint32_t restricted_flags;
uint32_t flags;
  };
  
diff --git a/iwinfo_nl80211.c b/iwinfo_nl80211.c

index c4b0ee2..57f820a 100644
--- a/iwinfo_nl80211.c
+++ b/iwinfo_nl80211.c
@@ -2911,10 +2911,16 @@ static int nl80211_get_freqlist_cb(struct nl_msg *msg, 
void *arg)
e->mhz = 
nla_get_u32(freqs[NL80211_FREQUENCY_ATTR_FREQ]);
e->channel = 
nl80211_freq2channel(e->mhz);
  
-	e->restricted = (

-   freqs[NL80211_FREQUENCY_ATTR_NO_IR] 
&&
-   
!freqs[NL80211_FREQUENCY_ATTR_RADAR]
-   ) ? 1 : 0;
+   e->restricted = 
(freqs[NL80211_FREQUENCY_ATTR_NO_IR] &&
+
!freqs[NL80211_FREQUENCY_ATTR_RADAR]) ||
+
freqs[NL80211_FREQUENCY_ATTR_INDOOR_ONLY];
+
+   if (freqs[NL80211_FREQUENCY_ATTR_NO_IR] 
&&
+   
!freqs[NL80211_FREQUENCY_ATTR_RADAR])
+   e->restricted_flags |= 
IWINFO_FREQ_NO_IR;
+
+   if 
(freqs[NL80211_FREQUENCY_ATTR_INDOOR_ONLY])
+   e->restricted_flags |= 
IWINFO_FREQ_NO_OUTDOOR;
  
  	if (freqs[NL80211_FREQUENCY_ATTR_NO_HT40_MINUS])

e->flags |= 
IWINFO_FREQ_NO_HT40MINUS;


___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Can we have another service release?

2022-01-21 Thread Seo Suchan 
It's been 3 months from 21.02.1 and there are 150 commits waiting on 
21.02 snapshot unreleased


19.07-snapshot has about 30 commits from 19.07.8 but not sure it's still 
running (it should be as that branch still merges commit to it)



___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel