5402ff8230
From the patch series description: Several security issues in the 802.11 implementations were found by Mathy Vanhoef (New York University Abu Dhabi), who has published all the details at https://papers.mathyvanhoef.com/usenix2021.pdf Specifically, the following CVEs were assigned: * CVE-2020-24586 - Fragmentation cache not cleared on reconnection * CVE-2020-24587 - Reassembling fragments encrypted under different keys * CVE-2020-24588 - Accepting non-SPP A-MSDU frames, which leads to payload being parsed as an L2 frame under an A-MSDU bit toggling attack * CVE-2020-26139 - Forwarding EAPOL from unauthenticated sender * CVE-2020-26140 - Accepting plaintext data frames in protected networks * CVE-2020-26141 - Not verifying TKIP MIC of fragmented frames * CVE-2020-26142 - Processing fragmented frames as full frames * CVE-2020-26143 - Accepting fragmented plaintext frames in protected networks * CVE-2020-26144 - Always accepting unencrypted A-MSDU frames that start with RFC1042 header with EAPOL ethertype * CVE-2020-26145 - Accepting plaintext broadcast fragments as full frames * CVE-2020-26146 - Reassembling encrypted fragments with non-consecutive packet numbers * CVE-2020-26147 - Reassembling mixed encrypted/plaintext fragments In general, the scope of these attacks is that they may allow an attacker to * inject L2 frames that they can more or less control (depending on the vulnerability and attack method) into an otherwise protected network; * exfiltrate (some) network data under certain conditions, this is specific to the fragmentation issues. A subset of these issues is known to apply to the Linux IEEE 802.11 implementation (mac80211). Where it is affected, the attached patches fix the issues, even if not all of them reference the exact CVE IDs. In addition, driver and/or firmware updates may be necessary, as well as potentially more fixes to mac80211, depending on how drivers are using it. Specifically, for Intel devices, firmware needs to be updated to the most recently released versions (which was done without any reference to the security issues) to address some of the vulnerabilities. To have a single set of patches, I'm also including patches for the ath10k and ath11k drivers here. We currently don't have information about how other drivers are, if at all, affected. Signed-off-by: Felix Fietkau <nbd@nbd.name> Co-authored-by: Felix Fietkau <nbd@nbd.name> |
||
|---|---|---|
| .github | ||
| config | ||
| doc | ||
| include | ||
| package | ||
| scripts | ||
| target | ||
| toolchain | ||
| tools | ||
| .gitattributes | ||
| .gitignore | ||
| BSDmakefile | ||
| Config.in | ||
| feeds.conf.default | ||
| LICENSE | ||
| Makefile | ||
| README | ||
| README_EN.md | ||
| README.md | ||
| rules.mk | ||
Welcome to Lean's git source of OpenWrt and packages
How to build your Openwrt firmware.
Note:
-
DO NOT USE root USER FOR COMPILING!!!
-
Users within China should prepare proxy before building.
-
Web admin panel default IP is 192.168.1.1 and default password is "password".
Let's start!
-
First, install Ubuntu 64bit (Ubuntu 18 LTS x86 is recommended).
-
Run
sudo apt-get updatein the terminal, and then runsudo apt-get -y install build-essential asciidoc binutils bzip2 gawk gettext git libncurses5-dev libz-dev patch python3 python2.7 unzip zlib1g-dev lib32gcc1 libc6-dev-i386 subversion flex uglifyjs git-core gcc-multilib p7zip p7zip-full msmtp libssl-dev texinfo libglib2.0-dev xmlto qemu-utils upx libelf-dev autoconf automake libtool autopoint device-tree-compiler g++-multilib antlr3 gperf wget curl swig rsync -
Run
git clone https://github.com/coolsnowwolf/ledeto clone the source code, and thencd ledeto enter the directory -
./scripts/feeds update -a ./scripts/feeds install -a make menuconfig -
Run
make -j8 download V=sto download libraries and dependencies (user in China should use global proxy when possible) -
Run
make -j1 V=s(integer following -j is the thread count, single-thread is recommended for the first build) to start building your firmware.
This source code is promised to be compiled successfully.
You can use this source code freely, but please link this GitHub repository when redistributing. Thank you for your cooperation!
Rebuild:
cd lede
git pull
./scripts/feeds update -a && ./scripts/feeds install -a
make defconfig
make -j8 download
make -j$(($(nproc) + 1)) V=s
If reconfiguration is need:
rm -rf ./tmp && rm -rf .config
make menuconfig
make -j$(($(nproc) + 1)) V=s
Build result will be produced to bin/targets directory.
Special tips:
-
This source code doesn't contain any backdoors or close source applications that can monitor/capture your HTTPS traffic, SSL is the final castle of cyber security. Safety is what a firmware should achieve.
-
If you have any technical problem, you may join the QQ discussion group: 297253733, link: click here
-
Want to learn OpenWrt development but don't know how? Can't motivate yourself for self-learning? Not enough fundamental knowledge? Learn OpenWrt development with Mr. Zuo through his Beginner OpenWrt Training Course. Click here to register.
Router Recommendation
Not Sponsored: If you are finding a low power consumption, small and performance promising x86/x64 router, I personally recommend the EZPROv1 Alumium Edition (N3710 4000M): Details
Donation
If this project does help you, please consider donating to support the development of this project.
Alipay
