This changelog lists all commits done in OpenWrt since the v18.06.2 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 18.06.3 release.
4058406
build: Accept BIN_DIR parameter for legacy-images (+2,-2)
400601f
tools/libelf: Add mirrors as main site is dead (+3,-2)
aaa3452
tools/pkg-config: pass arguments at the end (+1,-1)
24aefae
tools/pkg-config: Handle variable substitution of 'bindir' to redirect to STA... (+1,-1)
1f1f421
kernel: bump 4.9 to 4.9.153 (+20,-20)
026f08a
kernel: bump 4.14 to 4.14.96 (+20,-19)
21762fe
kernel: bump 4.9 to 4.9.154 (+14,-14)
ef17eda
kernel: bump 4.14 to 4.14.97 (+14,-14)
72870cc
kernel: bump 4.9 to 4.9.155 (+14,-88)
fbb2186
kernel: bump 4.14 to 4.14.98 (+13,-87)
9fb3710
kernel: bump 4.9 to 4.9.156 (+62,-62)
62feabe
kernel: bump 4.14 to 4.14.99 (+28,-28)
d669be4
kernel: bump 4.9 to 4.9.158 (+2,-2)
20f1b7d
kernel: bump 4.14 4.14.101 (+2,-2)
e9cb40c
kernel: bump 4.9 to 4.9.159 (+9,-532)
1be6ff6
kernel: bump 4.14 to 4.14.102 (+3,-90)
e2ba7a4
kernel: bump 4.9 to 4.9.160 (+14,-14)
9ee8c8d
kernel: bump 4.14 to 4.14.103 (+3,-3)
eea5382
kernel: fix refcnt leak in LED netdev trigger on interface rename (+13,-17)
5183df0
kernel: bump 4.9 to 4.9.161 (+36,-36)
810ee3b
kernel: bump 4.14 to 4.14.104 (+273,-273)
2b9d2f6
kernel: bump 4.9 to 4.9.162 (+5,-5)
4918fe0
kernel: bump 4.14 to 4.14.105 (+12,-12)
24f3207
kernel: bump 4.9 to 4.9.163 (+6,-6)
0a637c7
kernel: bump 4.14 to 4.14.106 (+19,-19)
dcdf509
kernel: bump 4.9 to 4.9.164 (+11,-11)
6c3ca1d
kernel: bump 4.14 to 4.14.107 (+2,-2)
dac25a5
kernel: bump 4.9 to 4.9.165 (+82,-82)
22a3e65
kernel: bump 4.14 to 4.14.108 (+8,-8)
1ff4cd1
kernel: bump 4.9 to 4.9.166 (+5,-5)
ca8b4d6
kernel: bump 4.14 to 4.14.109 (+2,-2)
07bd5b7
kernel: bump 4.9 to 4.9.167 (+6,-6)
dad220a
kernel: bump 4.14 to 4.14.110 (+3,-3)
aa0e6fc
kernel: bump 4.9 to 4.9.168 (+8,-8)
6c81f5f
kernel: bump 4.14 to 4.14.111 (+10,-10)
15a70d0
kernel: bump 4.9 to 4.9.169 (+7,-5)
ac3b5f0
kernel: bump 4.14 to 4.14.112 (+5,-4)
a5c62c9
kernel: bump 4.9 to 4.9.170 (+8,-8)
3103bd5
kernel: bump 4.14 to 4.14.113 (+4,-4)
2faceb1
kernel: bump 4.9 to 4.9.171 (+179,-177)
4685bf1
kernel: bump 4.14 to 4.14.114 (+148,-217)
f105a9c
kernel: bump 4.9 to 4.9.172 (+9,-9)
412d80c
kernel: bump 4.14 to 4.14.115 (+2,-2)
f053a8c
kernel: bump 4.9 to 4.9.175 (+15,-15)
d3053b1
kernel: bump 4.14 to 4.14.118 (+11,-11)
e6928e6
kernel: Fix arc kernel build (+10,-10)
82e4b42
kernel: bump 4.9 to 4.9.176 (+2,-2)
152755c
kernel: bump 4.14 to 4.14.119 (+2,-2)
85294fc
kernel: bump 4.9 to 4.9.177 (+6,-6)
68a5e66
kernel: bump 4.14 to 4.14.120 (+249,-249)
054aecd
kernel: bump 4.9 to 4.9.178 (+2,-2)
7e07320
kernel: bump 4.14 to 4.14.121 (+2,-2)
9591155
kernel: Fix arc kernel 4.14 build (+10,-10)
e3408d0
kernel: bump 4.9 to 4.9.179 (+8,-8)
6563e49
kernel: bump 4.14 to 4.14.122 (+11,-11)
7fe1b4a
kernel: bump 4.9 to 4.9.180 (+2,-2)
1867f10
kernel: bump 4.14 to 4.14.123 (+4,-4)
5dbac47
kernel: re-add bridge allow reception on disabled port (+10,-6)
40b1e89
kernel: bump 4.9 to 4.9.181 (+16,-16)
f63a1ca
kernel: bump 4.14 to 4.14.125 (+34,-33)
85eda6f
kernel: mt29f_spinand: fix memory leak during page program (+90)
6fa6f74
kernel: backport 4.18 patch adding DMI_PRODUCT_SKU (+57)
e493230
kernel: bump 4.14 to 4.14.126 (+3,-3)
9de2f4d
kernel: bump 4.9 to 4.9.182 (+14,-14)
2999c34
kernel: bump 4.14 to 4.14.127 (+5,-5)
bd0c398
kernel: bump 4.14 to 4.14.128 (+11,-11)
dcfca83
ipq40xx: copy Fritz4040 UBoot to STAGING_DIR_IMAGE (+9,-3)
3239f56
uboot-fritz4040: Add host flags for host compiler (+2,-2)
a0543d8
uboot-fritz4040: update PKG_MIRROR_HASH (+1,-1)
87fb8ae
dnsmasq: allow using dnsmasq as the sole resolver (+16,-16)
ce3a53c
dnsmasq: prefer localuse over resolvfile guesswork (+5,-5)
9f2cbca
busybox: add missing install dir (+2,-1)
4b4de23
openssl: update to 1.0.2r (+6,-6)
ecfe0f1
ca-certificates: update to version 20190110 (+3,-4)
40ed838
mbedtls: update to version 2.16.1 (+37,-37)
dc1b578
curl: Fix multiple security problems (+222,-1)
6761961
openssl: update to 1.0.2s (+2,-2)
b463a13
hostapd: fix multiple security problems (+2.4K,-1)
9656f49
base-files: fix uci led oneshot/timer trigger (+1)
9b14c7d
netifd: handle hotplug event socket errors (+4,-4)
⇒ d0fa124
iprule: fix segfault (FS#1875) (+2,-6)
⇒ a2aba5c
system-linux: handle hotplug event socket ENOBUFS errors (+47,-6)
e0505cc
Revert "uhttpd: disable concurrent requests by default" (+2,-2)
e9a7344
uci: fix heap use after free (FS#2288) (+3,-3)
⇒ f199b96
uci: fix options list of section after type change (+31)
5d27e87
rpcd: fix init script reload action (+3,-6)
fc39d5f
fstools: media change detection (eg:sdcard) using kernel polling (+10,-1)
25fc20d
fstools: update to the latest master branch (+3,-3)
⇒ bc2c876
libfstools: Print error in case of loop blkdev failure (+3,-1)
⇒ ff1ded6
libfstools: Fix overflow of F2FS_MINSIZE constant (+1,-1)
97ae9e0
fstools: block-mount: fix restart of fstab service (+5,-1)
6c81f5f
kernel: bump 4.14 to 4.14.111 (+10,-10)
4685bf1
kernel: bump 4.14 to 4.14.114 (+148,-217)
b2b1265
apm821xx: backport accepted linux-crypto patches (+1.1K)
f63a1ca
kernel: bump 4.14 to 4.14.125 (+34,-33)
1f1f421
kernel: bump 4.9 to 4.9.153 (+20,-20)
1f1f421
kernel: bump 4.9 to 4.9.153 (+20,-20)
bc3eb97
ar71xx: Fix 5 GHz MAC address for Archer C60 v2 (+6,-1)
dcdf509
kernel: bump 4.9 to 4.9.164 (+11,-11)
aa0e6fc
kernel: bump 4.9 to 4.9.168 (+8,-8)
9c4fa1b
ar71xx: Remove ath10k packages from archer-c7-v1 (fixes FS#1743) (+1,-1)
c7eb679
ar71xx: Add "info" partition for TP-Link Archer C7 v5 (+1,-1)
7268ebb
ar71xx: Correct MAC address for WAN interface of Archer C7 v5 (+4)
6ac061f
ar71xx: Fix IMAGE_SIZE for TP-Link Archer C7 v5 (+1,-1)
e6e5435
ar71xx: GL.iNet AR300M family: correct LED definitions (+2,-8)
f105a9c
kernel: bump 4.9 to 4.9.172 (+9,-9)
f053a8c
kernel: bump 4.9 to 4.9.175 (+15,-15)
cf2aa87
ar71xx: Fix network setup for TP-Link Archer C25 v1 (+9,-9)
85294fc
kernel: bump 4.9 to 4.9.177 (+6,-6)
40b1e89
kernel: bump 4.9 to 4.9.181 (+16,-16)
9de2f4d
kernel: bump 4.9 to 4.9.182 (+14,-14)
f63a1ca
kernel: bump 4.14 to 4.14.125 (+34,-33)
9fb3710
kernel: bump 4.9 to 4.9.156 (+62,-62)
e9cb40c
kernel: bump 4.9 to 4.9.159 (+9,-532)
aa0e6fc
kernel: bump 4.9 to 4.9.168 (+8,-8)
f105a9c
kernel: bump 4.9 to 4.9.172 (+9,-9)
f053a8c
kernel: bump 4.9 to 4.9.175 (+15,-15)
40b1e89
kernel: bump 4.9 to 4.9.181 (+16,-16)
fc1dae5
brcm2708: Revert "staging: vc04_services: prevent integer overflow in create_... (+48,-3)
e336124
brcm63xx: HG655b: fix the imagetag at dts (+1,-1)
dcdf509
kernel: bump 4.9 to 4.9.164 (+11,-11)
cfb72ee
brcm63xx: drop own implementation of DT partitions in favour of upstream (-320)
4b633af
brcm63xx: drop linux,part-probe usage where possible (+5,-180)
62feabe
kernel: bump 4.14 to 4.14.99 (+28,-28)
84aba57
gemini: 4.14: Fix up DNS-313 compatible string (+1,-1)
1be6ff6
kernel: bump 4.14 to 4.14.102 (+3,-90)
dcfca83
ipq40xx: copy Fritz4040 UBoot to STAGING_DIR_IMAGE (+9,-3)
62feabe
kernel: bump 4.14 to 4.14.99 (+28,-28)
1be6ff6
kernel: bump 4.14 to 4.14.102 (+3,-90)
22a3e65
kernel: bump 4.14 to 4.14.108 (+8,-8)
d3053b1
kernel: bump 4.14 to 4.14.118 (+11,-11)
68a5e66
kernel: bump 4.14 to 4.14.120 (+249,-249)
5fe809d
Revert "ipq806x: fix EA8500 switch control" (+4,-18)
1f1f421
kernel: bump 4.9 to 4.9.153 (+20,-20)
21762fe
kernel: bump 4.9 to 4.9.154 (+14,-14)
9fb3710
kernel: bump 4.9 to 4.9.156 (+62,-62)
e2ba7a4
kernel: bump 4.9 to 4.9.160 (+14,-14)
40b1e89
kernel: bump 4.9 to 4.9.181 (+16,-16)
1f1f421
kernel: bump 4.9 to 4.9.153 (+20,-20)
026f08a
kernel: bump 4.14 to 4.14.96 (+20,-19)
1a6d7a6
lantiq: tdw89x0: Fix WLAN LED on TP-Link W8970 v1.2 (FS#2232) (+1)
f053a8c
kernel: bump 4.9 to 4.9.175 (+15,-15)
d3053b1
kernel: bump 4.14 to 4.14.118 (+11,-11)
e3408d0
kernel: bump 4.9 to 4.9.179 (+8,-8)
6563e49
kernel: bump 4.14 to 4.14.122 (+11,-11)
21762fe
kernel: bump 4.9 to 4.9.154 (+14,-14)
72870cc
kernel: bump 4.9 to 4.9.155 (+14,-88)
9fb3710
kernel: bump 4.9 to 4.9.156 (+62,-62)
e9cb40c
kernel: bump 4.9 to 4.9.159 (+9,-532)
e2ba7a4
kernel: bump 4.9 to 4.9.160 (+14,-14)
2b9d2f6
kernel: bump 4.9 to 4.9.162 (+5,-5)
24f3207
kernel: bump 4.9 to 4.9.163 (+6,-6)
dac25a5
kernel: bump 4.9 to 4.9.165 (+82,-82)
1ff4cd1
kernel: bump 4.9 to 4.9.166 (+5,-5)
07bd5b7
kernel: bump 4.9 to 4.9.167 (+6,-6)
15a70d0
kernel: bump 4.9 to 4.9.169 (+7,-5)
a5c62c9
kernel: bump 4.9 to 4.9.170 (+8,-8)
2faceb1
kernel: bump 4.9 to 4.9.171 (+179,-177)
f105a9c
kernel: bump 4.9 to 4.9.172 (+9,-9)
f053a8c
kernel: bump 4.9 to 4.9.175 (+15,-15)
e3408d0
kernel: bump 4.9 to 4.9.179 (+8,-8)
40b1e89
kernel: bump 4.9 to 4.9.181 (+16,-16)
ef17eda
kernel: bump 4.14 to 4.14.97 (+14,-14)
fbb2186
kernel: bump 4.14 to 4.14.98 (+13,-87)
62feabe
kernel: bump 4.14 to 4.14.99 (+28,-28)
68a5e66
kernel: bump 4.14 to 4.14.120 (+249,-249)
f63a1ca
kernel: bump 4.14 to 4.14.125 (+34,-33)
15a70d0
kernel: bump 4.9 to 4.9.169 (+7,-5)
fbb2186
kernel: bump 4.14 to 4.14.98 (+13,-87)
810ee3b
kernel: bump 4.14 to 4.14.104 (+273,-273)
0a637c7
kernel: bump 4.14 to 4.14.106 (+19,-19)
22a3e65
kernel: bump 4.14 to 4.14.108 (+8,-8)
ac3b5f0
kernel: bump 4.14 to 4.14.112 (+5,-4)
68a5e66
kernel: bump 4.14 to 4.14.120 (+249,-249)
f63a1ca
kernel: bump 4.14 to 4.14.125 (+34,-33)
c449130
mvebu: fixes commit f63a1caf22cb (+1,-1)
1bfe1ce
oxnas: cheery-pick DTS improvements from master (+97,-11)
f1803e3
oxnas: add SoC restart driver for reboot (+298,-23)
4918fe0
kernel: bump 4.14 to 4.14.105 (+12,-12)
22a3e65
kernel: bump 4.14 to 4.14.108 (+8,-8)
68a5e66
kernel: bump 4.14 to 4.14.120 (+249,-249)
bd0c398
kernel: bump 4.14 to 4.14.128 (+11,-11)
026f08a
kernel: bump 4.14 to 4.14.96 (+20,-19)
ef17eda
kernel: bump 4.14 to 4.14.97 (+14,-14)
62feabe
kernel: bump 4.14 to 4.14.99 (+28,-28)
0a637c7
kernel: bump 4.14 to 4.14.106 (+19,-19)
4336cfd
ramips: allow packets with ttl=0 (+2,-2)
22a3e65
kernel: bump 4.14 to 4.14.108 (+8,-8)
d3053b1
kernel: bump 4.14 to 4.14.118 (+11,-11)
b5ce521
ramips: rt305x: Reduce size of a5-v11 image (-1)
f63a1ca
kernel: bump 4.14 to 4.14.125 (+34,-33)
bd0c398
kernel: bump 4.14 to 4.14.128 (+11,-11)
d997712
ath9k: register GPIO chip for OF targets (+19,-10)
19a6c4b
mac80211: brcmfmac: fix a possible NULL pointer dereference (+7,-3)
d32bbd7
mac80211: brcmfmac: backport 5.0 & 5.1 important changes/fixes (+6.9K,-8)
08db939
mac80211: backport tx queue start/stop fix (+273,-1)
85cb473
mac80211: add a fix to prevent unsafe queue wake calls during restart (+33)
02aed76
mac80211: brcmfmac: early work on FullMAC firmware crash recovery (+335)
2d2e615
mac80211: brcmfmac: really add early fw crash recovery (+605)
2cd234d
mac80211: brcmfmac: backport important fixes from kernel 5.2 (+544,-12)
13eeee7
mt76: update to the latest version (+3,-3)
⇒ c3da1aa
mt7603: trigger beacon stuck detection faster (+2,-1)
⇒ 7a53138
mt7603: trigger watchdog reset if flushing CAB queue fails (+5,-3)
⇒ 6eef33b
mt7603: remove mt7603_txq_init (+4,-25)
⇒ ae30c30
mt76: add driver callback for when a sta is associated (+8)
⇒ 0db925f
mt7603: update HT/VHT capabilities after assoc (+12,-1)
⇒ b5ac8e4
mt7603: initialize LED callbacks only if CONFIG_MT76_LEDS is set (+4,-2)
⇒ c989bac
mt76x0: eeprom: fix chan_vs_power map in mt76x0_get_power_info (+25,-27)
⇒ 24bd2c0
mt76x0: phy: report target_power in debugfs (+1)
⇒ bc7ce2a
mt76x0: init: introduce mt76x0_init_txpower routine (+39,-11)
ab41836
mt76: update to the latest version (+3,-3)
⇒ a4ec45c
mt7603: fix LED support (copy CFLAGS from main Makefile) (+2)
⇒ edda5c5
mt76x02: use mask for vifs (+13)
⇒ dd52191
mt76x02: use commmon add interface for mt76x2u (+5,-19)
⇒ a80acaf
mt76x02: initialize mutli bss mode when set up address (+18,-16)
⇒ 38e832d
mt76x02: minor beaconing init changes (+12,-6)
⇒ 171adaf
mt76x02: init beacon config for mt76x2u (+1,-5)
⇒ dcab682
mt76: beaconing fixes for USB (+30,-11)
⇒ ff81de1
mt76x02: enable support for IBSS and MESH (+10,-11)
⇒ 8027b5d
mt7603: remove copyright headers (-240)
⇒ e747e80
mt76: fix software encryption issues (+8,-8)
⇒ 2afa0d7
mt7603: remove WCID override for software encrypted frames (+1,-8)
e5ace80
mt76: update to the latest version (+3,-3)
⇒ a9d4c0e
mt76: mt76x2: avoid running DPD calibration if tx is blocked (+1,-1)
⇒ 4d7e13f
mt76: explicitly disable energy detect cca during scan (+12,-8)
⇒ e3c1aad
mt76: run MAC work every 100ms (+7,-6)
⇒ 4e8766a
mt76: clear CCA timer stats in mt76x02_edcca_init (+3)
⇒ e301f23
mt76: measure the time between mt76x02_edcca_check runs (+10,-2)
⇒ 74075ef
mt76: increase ED/CCA tx block threshold (+1,-1)
8de93ce
mt76: update to the latest version (+3,-3)
⇒ 28d81ff
mt76x0: eeprom: fix VHT mcs{8,9} rate power offset (+3,-3)
⇒ 6e33ce6
mt76: move mt76_mcu_msg_alloc in mt76-core (+49,-29)
⇒ 4637f95
mt76: move mt76_mcu_get_response in mt76-core (+20,-16)
⇒ 1763cb0
mt76: move mt76_mcu_rx_event in mt76-core (+9,-2)
⇒ 4db9d75
mt76x0: mcu: remove useless commented configuration (-6)
⇒ 91d0455
mt76: move mt76_dma_tx_queue_skb_raw in mt76-core module (+37,-32)
⇒ 0e8e53f
mt76: remove add_buf pointer in mt76_queue_ops (-2)
⇒ db47920
mt7603: rely on mt76_mcu_msg_alloc routine (+7,-16)
⇒ 471c447
mt7603: rely on mt76_mcu_get_response routine (+1,-17)
⇒ cacc986
mt7603: rely on mt76_mcu_rx_event routine (+2,-9)
⇒ 11ab620
mt7603: rely on mt76_tx_queue_skb_raw common routine (+3,-27)
⇒ 82fa312
mt7603: move alloc_dev common code in mt76_alloc_device (+33,-42)
⇒ 47d5922
mt76: move alloc_device common code in mt76_alloc_device (+14,-13)
⇒ c50c993
mt76x2u: remove mt76x2u_alloc_device routine (+18,-30)
⇒ 6ed5b7a
mt76x0: remove mt76x0u_alloc_device routine (+24,-38)
⇒ e32e249
mt76x2: remove mt76x2_alloc_device routine (+20,-33)
⇒ + 55 more...
f87a187
mt76: update to latest openwrt-18.06 branch (+3,-3)
⇒ 00ac79d
mt7603: fix initialization of max rx length (+6,-1)
⇒ 320af65
mt76: mt7603: use the correct hweight8() function (+3,-4)
⇒ bdee924
mt76: fix schedule while atomic in mt76x02_reset_state (+23,-16)
⇒ abcb544
mt76x02: do not enable RTS/CTS by default (+2,-3)
13eb73b
mt76: update to latest openwrt-18.06 branch (+3,-3)
⇒ 9e3ef1f
mt7603: fix sequence number assignment (+18,-43)
⇒ a5f5605
mt7603: send BAR after powersave wakeup (+1,-1)
Description: Archer C7 v1.1 is soft bricked with the 18.06 release
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1743
Commits:
9c4fa1b
ar71xx: Remove ath10k packages from archer-c7-v1 (fixes FS#1743) (+1,-1)
Description: Unable to detect wifi LED
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2098
Commits:
d997712
ath9k: register GPIO chip for OF targets (+19,-10)
Description: Switch no longer work after restart on Linksys EA8500
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2168
Commits:
5fe809d
Revert "ipq806x: fix EA8500 switch control" (+4,-18)
Description: Wifi LED on W8970 Not Working (v18.06.2)
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2232
Commits:
1a6d7a6
lantiq: tdw89x0: Fix WLAN LED on TP-Link W8970 v1.2 (FS#2232) (+1)
Description: uci memory corruption when setting section name
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2288
Commits:
e9a7344
uci: fix heap use after free (FS#2288) (+3,-3)
⇒ f199b96
uci: fix options list of section after type change (+31)
Description: curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14618
Commits:
dc1b578
curl: Fix multiple security problems (+222,-1)
Description: Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16839
Commits:
dc1b578
curl: Fix multiple security problems (+222,-1)
Description: A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16840
Commits:
dc1b578
curl: Fix multiple security problems (+222,-1)
Description: Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842
Commits:
dc1b578
curl: Fix multiple security problems (+222,-1)
Description: libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890
Commits:
dc1b578
curl: Fix multiple security problems (+222,-1)
Description: Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000026
Commits:
e9cb40c
kernel: bump 4.9 to 4.9.159 (+9,-532)
1be6ff6
kernel: bump 4.14 to 4.14.102 (+3,-90)
Description: A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3819
Commits:
d669be4
kernel: bump 4.9 to 4.9.158 (+2,-2)
20f1b7d
kernel: bump 4.14 4.14.101 (+2,-2)
Description: libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822
Commits:
dc1b578
curl: Fix multiple security problems (+222,-1)
Description: libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823
Commits:
dc1b578
curl: Fix multiple security problems (+222,-1)
Description: The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9494
Commits:
b463a13
hostapd: fix multiple security problems (+2.4K,-1)
Description: The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpa_supplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful attack. Memory access patterns are visible in a shared cache. Weak passwords may be cracked. Versions of hostapd/wpa_supplicant 2.7 and newer, are not vulnerable to the timing attack described in CVE-2019-9494. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9495
Commits:
b463a13
hostapd: fix multiple security problems (+2.4K,-1)
Description: An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9496
Commits:
b463a13
hostapd: fix multiple security problems (+2.4K,-1)
Description: The implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. This vulnerability may allow an attacker to complete EAP-PWD authentication without knowing the password. However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9497
Commits:
b463a13
hostapd: fix multiple security problems (+2.4K,-1)
Description: The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498
Commits:
6761961
openssl: update to 1.0.2s (+2,-2)
b463a13
hostapd: fix multiple security problems (+2.4K,-1)
Description: The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499
Commits:
6761961
openssl: update to 1.0.2s (+2,-2)
b463a13
hostapd: fix multiple security problems (+2.4K,-1)
Description: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477
Commits:
9de2f4d
kernel: bump 4.9 to 4.9.182 (+14,-14)
2999c34
kernel: bump 4.14 to 4.14.127 (+5,-5)
Description: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478
Commits:
9de2f4d
kernel: bump 4.9 to 4.9.182 (+14,-14)
2999c34
kernel: bump 4.14 to 4.14.127 (+5,-5)
Description: Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479
Commits:
9de2f4d
kernel: bump 4.9 to 4.9.182 (+14,-14)
2999c34
kernel: bump 4.14 to 4.14.127 (+5,-5)
Description: The EAP-pwd implementation in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c.
Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11555
Commits:
b463a13
hostapd: fix multiple security problems (+2.4K,-1)