From 1b0dd0b2d1d4738c15a7e4329f687cf88279134a Mon Sep 17 00:00:00 2001 From: bunnam988 Date: Thu, 4 Dec 2025 06:32:57 +0000 Subject: [PATCH 1/4] Add changelog for release 1.4.0 --- CHANGELOG.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8bc45ea5..6258ac71 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,16 +4,30 @@ All notable changes to this project will be documented in this file. Dates are d Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog). +#### [1.4.0](https://github.com/rdkcentral/utopia/compare/1.3.1...1.4.0) + +- RDKB-61489: {Ignite} Router advertisement packet has been dropped via firewall at runtime. [`#139`](https://github.com/rdkcentral/utopia/pull/139) +- RDKB-62206 - Rename NTP Telemetry Marker [`#133`](https://github.com/rdkcentral/utopia/pull/133) +- IPV6 hotspot support for ETHWAN mode and Other Platform [`#124`](https://github.com/rdkcentral/utopia/pull/124) +- RDKB-61914: XB,XLE and Client online in NOC and connected to each oth… [`#123`](https://github.com/rdkcentral/utopia/pull/123) +- RDKCOM-5465: RDKBDEV-3294 Fix open port 21515 by default on unexpected interfaces. [`#98`](https://github.com/rdkcentral/utopia/pull/98) +- RDKB-61944 : [Coverity] Various issues in utopia component [`#132`](https://github.com/rdkcentral/utopia/pull/132) +- RDKB-6079800: IPv6 Support for WiFi Hotspot [`8ea42bb`](https://github.com/rdkcentral/utopia/commit/8ea42bb4ab7b4f5a5abbcdedf50102411689db09) +- RDKB-6079800: IPv6 Support for WiFi Hotspot [`53f7e13`](https://github.com/rdkcentral/utopia/commit/53f7e13cf295b1d6af7c711fc8a13f0297e4d30c) +- RDKB-61914: XB,XLE and Client online in NOC and connected to each other without internet [`5c19b83`](https://github.com/rdkcentral/utopia/commit/5c19b839ff2fbad226e51792e68edc984e0e88d3) + #### [1.3.1](https://github.com/rdkcentral/utopia/compare/1.3.0...1.3.1) +> 20 November 2025 + - CBR2-2216:Observing SYS_SH_Zebra_restart marker during stability testing [`#129`](https://github.com/rdkcentral/utopia/pull/129) - RDKCOM-5457: RDKBDEV-3301 Bringup of Utopia on QCOM Platform [`#94`](https://github.com/rdkcentral/utopia/pull/94) - XB9-668 : Upstream xb9 specific changes to github repo [`#118`](https://github.com/rdkcentral/utopia/pull/118) - TCXB8-3707: Parental Controls blocks false positives [`#107`](https://github.com/rdkcentral/utopia/pull/107) - TCXB8-3706 : SYS_SH_Syseventd_restart marker [`#116`](https://github.com/rdkcentral/utopia/pull/116) -- RDKB-777777: Debugging the lan-status is not set to started issue [`11c8f66`](https://github.com/rdkcentral/utopia/commit/11c8f66d7acc6364737efddb85fc62394c40e2fb) -- Merge tag '1.3.0' into develop [`c866914`](https://github.com/rdkcentral/utopia/commit/c86691486474e6156fd8243cd55299fa778021e9) - Adding rule for handling https keyword filtering [`8627882`](https://github.com/rdkcentral/utopia/commit/86278821c1fc53f7276a726294e1cfa72a548686) +- Description : Bringup of IPQ Platforms [`99e8eaf`](https://github.com/rdkcentral/utopia/commit/99e8eafe797929860af24ee64a2f8570943a3bad) +- RDKB-777777: Debugging the lan-status is not set to started issue [`11c8f66`](https://github.com/rdkcentral/utopia/commit/11c8f66d7acc6364737efddb85fc62394c40e2fb) #### [1.3.0](https://github.com/rdkcentral/utopia/compare/1.2.2...1.3.0) From e330fcb5653863dc81fc7811cfc917ceac087e61 Mon Sep 17 00:00:00 2001 From: abhishek-kumaracee2 Date: Thu, 4 Dec 2025 04:04:06 -0500 Subject: [PATCH 2/4] RDKB-61944 : [Coverity] Various issues in utopia - part2 (#137) Reason for change: Fix coverity issues Test Procedure: Run coverity and check for errors in utopia Risks: Low Priority:P1 Signed-off-by: abhishek_kumaracee2@comcast.com --------- Signed-off-by: abhishek_kumaracee2@comcast.com Co-authored-by: apattu200 --- source/firewall/firewall.c | 6 ++++-- .../src/apply_system_defaults/apply_system_defaults.c | 7 +++++-- source/utapi/lib/utapi.c | 8 ++++++++ 3 files changed, 17 insertions(+), 4 deletions(-) diff --git a/source/firewall/firewall.c b/source/firewall/firewall.c index d66db8f2..8f6d3658 100644 --- a/source/firewall/firewall.c +++ b/source/firewall/firewall.c @@ -8958,6 +8958,7 @@ static int do_parcon_mgmt_device(FILE *fp, int iptype, FILE *cron_fp) return(0); } +#define MAX_DEV_8K 8192 devMacSt * getPcmdList(int *devCount) { int count = 0; @@ -8984,9 +8985,10 @@ memset(buf, 0, sizeof(buf)); FIREWALL_DEBUG("invalid data\n"); break; } - if (numDev < INT_MIN || numDev > INT_MAX) + + if(numDev < 0 || numDev > MAX_DEV_8K) { - FIREWALL_DEBUG("invalid integer\n"); + FIREWALL_DEBUG("value out of range\n"); break; } diff --git a/source/scripts/init/src/apply_system_defaults/apply_system_defaults.c b/source/scripts/init/src/apply_system_defaults/apply_system_defaults.c index 1430afbc..0a589550 100644 --- a/source/scripts/init/src/apply_system_defaults/apply_system_defaults.c +++ b/source/scripts/init/src/apply_system_defaults/apply_system_defaults.c @@ -133,11 +133,14 @@ static inline void create_file_644(const char *path) int fd = open(path, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); - if (fd == -1) + if (fd >= 0) + { + close(fd); + } + else { perror("open failed"); } - close(fd); } static char *trim (char *in) diff --git a/source/utapi/lib/utapi.c b/source/utapi/lib/utapi.c index 8581419a..599f5286 100644 --- a/source/utapi/lib/utapi.c +++ b/source/utapi/lib/utapi.c @@ -1878,11 +1878,19 @@ int Utopia_GetStaticRouteTable (int *count, routeStatic_t **out_sroute) return UT_SUCCESS; } + size_t ucount = (size_t)*count; + if (ucount > SIZE_MAX / sizeof(routeStatic_t)) + { + fclose(fp); + return -EOVERFLOW; + } + sroute = (routeStatic_t *) calloc((size_t)(*count), sizeof(routeStatic_t)); if (NULL == sroute) { fclose(fp);/*RDKB-7128, CID-33470, free unused resources before exit*/ return ERR_INSUFFICIENT_MEM; } + memset(sroute, 0, (size_t)(*count) * sizeof(routeStatic_t)); // Seek to beginning of file fseek(fp, 0, SEEK_SET); From 2f7edabcb5577f40b69dffa93f871681982884cb Mon Sep 17 00:00:00 2001 From: kpandu987 <37654815+kpandu987@users.noreply.github.com> Date: Thu, 11 Dec 2025 00:00:30 +0530 Subject: [PATCH 3/4] RDKCOM-5473: RDKBACCL-1248 rdkb-cli connection was not established from bpi device via 8888 port (#140) Reason for change: To allow 8888 port for bpi target to access the rdkb-cli GUI from remote pc to bpi ctrl target. This is needed for EasyMesh integration in RDKB BPI . Test procedure: Able to make successful connection Risks: None Signed-off-by: keerthana.p --- source/firewall/firewall.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source/firewall/firewall.c b/source/firewall/firewall.c index 8f6d3658..497ecc70 100644 --- a/source/firewall/firewall.c +++ b/source/firewall/firewall.c @@ -13243,7 +13243,8 @@ int do_block_ports(FILE *filter_fp) fprintf(filter_fp, "-A INPUT ! -i brlan0 -p tcp -m tcp --dport 49152:49153 -j DROP\n"); /* For EasyMesh Controller Communication */ #if defined(_PLATFORM_BANANAPI_R4_) - fprintf(filter_fp, "-I INPUT -i %s -p tcp --dport 49153 -j ACCEPT\n",get_current_wan_ifname()); + fprintf(filter_fp, "-I INPUT -i %s -p tcp --dport 49153 -j ACCEPT\n", get_current_wan_ifname()); + fprintf(filter_fp, "-I INPUT -i %s -p tcp --dport 8888 -j ACCEPT\n", get_current_wan_ifname()); #endif fprintf(filter_fp, "-A INPUT ! -i brlan0 -p udp -m udp --dport 1900 -j DROP\n"); fprintf(filter_fp, "-I INPUT ! -i brlan0 -p tcp -m tcp --dport 21515 -j DROP\n"); From 24d79048246b998ff00c32f17527b103edb87028 Mon Sep 17 00:00:00 2001 From: nvenka781 Date: Wed, 10 Dec 2025 15:20:10 -0800 Subject: [PATCH 4/4] [RDKB-62642] Parental control is not working as expected - iptables broken with chain create error (#141) **Root Cause:** - As part of TCXB8-3707, new iptable rules were introduced. - The fix added new chains for different range of size filters when a keyword is added in parental control - This caused adding same chain name when multiple keywords are configured causing iptables restore error **Fix:** - A flag is maintained to indicate first keyword filter. Create of private chain is done only for first keyword - Create of new chain is skipped for other keywords **UnitTest:** [RDKB-62642-UnitTest-logs.rtf](https://github.com/user-attachments/files/23964300/RDKB-62642-UnitTest-logs.rtf) [RDKB-62642_unit_test_logs.rtf](https://github.com/user-attachments/files/24089540/RDKB-62642_unit_test_logs.rtf) --------- Co-authored-by: Harnish Patel <163233851+hpatel006c@users.noreply.github.com> --- source/firewall/firewall.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/source/firewall/firewall.c b/source/firewall/firewall.c index 497ecc70..3cfb7f9e 100644 --- a/source/firewall/firewall.c +++ b/source/firewall/firewall.c @@ -9194,6 +9194,7 @@ static int do_parcon_mgmt_site_keywd(FILE *fp, FILE *nat_fp, int iptype, FILE *c ruleIndex += do_parcon_mgmt_lan2wan_pc_site_appendrule(fp); #endif + bool keywd_chains_exists = false; for (idx = 1; idx <= count; idx++) { char namespace[MAX_QUERY]; @@ -9399,6 +9400,7 @@ static int do_parcon_mgmt_site_keywd(FILE *fp, FILE *nat_fp, int iptype, FILE *c int range_max = 1024; //max payload bytes to filter int range_multiplier = 2; + FIREWALL_DEBUG("adding rules for KEYWD\n"); // Extract keyword if user input is a full URL if (strstr(query, "://") != NULL) { keyword = strstr(query, "://") + 3; @@ -9415,25 +9417,33 @@ static int do_parcon_mgmt_site_keywd(FILE *fp, FILE *nat_fp, int iptype, FILE *c int from,to; for (from = 0, to = 64; from < range_max; from = to, to = (to * range_multiplier > range_max) ? range_max : to * range_multiplier) { - char chainName[64] = {'\0'}; + char chain_name[64] = {'\0'}; - // Create new chain + // Create new chain only for first keyword // linux iptables chainname length is max 29 chars - snprintf(chainName, sizeof(chainName), "LOG_SiteBlk_KW_%d_%d", from, to); - fprintf(fp, ":%s - [0:0]\n", chainName); + snprintf(chain_name, sizeof(chain_name), "LOG_SiteBlk_KW_%d_%d", from, to); + + // Private chain per range is created only once + if (keywd_chains_exists == false) { + // create new chain + fprintf(fp, ":%s - [0:0]\n", chain_name); + } // Add rule to jump to private chain if "Host:" is found in this offset range fprintf(fp, "-A lan2wan_pc_site -p tcp --dport 80 -m string --string \"Host:\" --algo kmp --from %d --to %d --icase -j %s\n", - from, to, chainName); + from, to, chain_name); // Add rule to match keyword in private chain within same offset range fprintf(fp, "-A %s -m string --string \"%s\" --algo kmp --from %d --to %d --icase -j %s\n", - chainName, keyword, from, to, drop_log); + chain_name, keyword, from, to, drop_log); // Default rule to return if not matched - fprintf(fp, "-A %s -j RETURN\n", chainName); + fprintf(fp, "-A %s -j RETURN\n", chain_name); } + // set keywd chains created + keywd_chains_exists = true; + // Add rule for https filter fprintf(fp, "-A lan2wan_pc_site -p tcp --dport 443 -m string --string \"%s\" --algo kmp --icase -j %s\n", keyword, drop_log);