OpenWrt v22.03.7 Changelog
- Security fixes

OpenWrt v22.03.7 Changelog

This changelog lists all commits done in OpenWrt since the v22.03.6 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 22.03.7 release.

See also the release notes that provide a more accessible overview of the main changes in 22.03.7.

Build System / Buildroot (15 changes)

6121581 kernel: bump 5.10 to 5.10.203 (+32,-135)
debf4b5 kernel: bump 5.10 to 5.10.206 (+82,-77)
c4df947 kernel: bump 5.10 to 5.10.208 (+23,-23)
948730e build: add explicit --no-show-signature for git (+2,-2)
f2e8d59 kernel: bump 5.10 to 5.10.210 (+106,-106)
a352312 kernel: bump 5.10 to 5.10.211 (+14,-73)
61c6bc2 kernel: bump 5.10 to 5.10.213 (+41,-92)
ce37d2c kernel: bump 5.10 to 5.10.214 (+39,-77)
bc7585b kernel: bump 5.10 to 5.10.215 (+47,-46)
0621d89 kernel: bump 5.10 to 5.10.216 (+47,-139)
7c2c655 kernel: bump 5.10 to 5.10.217 (+17,-87)
13b9be3 kernel: bump 5.10 to 5.10.218 (+7,-7)
c54d411 kernel: bump 5.10 to 5.10.219 (+100,-147)
e72b58a kernel: bump 5.10 to 5.10.220 (+8,-7)
eb9eaeb kernel: bump 5.10 to 5.10.221 (+40,-40)

Build System / Host Utilities (4 changes)

4a6911f tools/sed: fix compilation on macOS 14 (+21)
8d65f02 tools/cpio: fix compilation on macOS 14 (+21)
eede9b1 tools/coreutils: fix compilation on macOS 14 (+21)
5f07510 tools: b43-tools: fix compilation with GCC14 (+1,-1)

Build System / Toolchain (1 change)

caac7a6 toolchain: Update glibc 2.34 to recent HEAD (+2,-2)

Kernel (16 changes)

6121581 kernel: bump 5.10 to 5.10.203 (+32,-135)
debf4b5 kernel: bump 5.10 to 5.10.206 (+82,-77)
c4df947 kernel: bump 5.10 to 5.10.208 (+23,-23)
f2e8d59 kernel: bump 5.10 to 5.10.210 (+106,-106)
d7e5cab kernel: Remove dsmark support (+1,-2)
a352312 kernel: bump 5.10 to 5.10.211 (+14,-73)
f60a5f2 kernel: Remove unused schedulers (-3)
61c6bc2 kernel: bump 5.10 to 5.10.213 (+41,-92)
ce37d2c kernel: bump 5.10 to 5.10.214 (+39,-77)
bc7585b kernel: bump 5.10 to 5.10.215 (+47,-46)
0621d89 kernel: bump 5.10 to 5.10.216 (+47,-139)
7c2c655 kernel: bump 5.10 to 5.10.217 (+17,-87)
c54d411 kernel: bump 5.10 to 5.10.219 (+100,-147)
b418863 kernel: 5.15: add missing Kconfig symbols for NFS (+9,-2)
e72b58a kernel: bump 5.10 to 5.10.220 (+8,-7)
eb9eaeb kernel: bump 5.10 to 5.10.221 (+40,-40)

Packages / Common (16 changes)

05f7435 lua5.3: fix typo calling lua53 instead of lua5.3 for Package Default (+3,-3)
7f64f5b mbedtls: security bump to version 2.28.7 (+2,-2)
987275f hostapd: backport fix for CVE-2023-52160 (+197)
1f69203 cryptodev-linux: Support kernel 5.10.220 (+14)
b9aeaf7 ksmbd: Support kernel 5.10.220 (+25)
ea430dd wolfssl: update to 5.6.6 (+3,-3)
86e290e wolfssl: Update to 5.7.0 (+3,-3)
6ea1e21 mbedtls: Update to 2.28.8 (+2,-2)
bf3ea23 lua: fix CVE-2014-5461 (+48,-26)
38cea0b dropbear: cherry-pick upstream patches (+337)
6681c02 hostapd: fix 11r defaults when using SAE (+1,-1)
7e31d2a hostapd: fix 11r defaults when using WPA (+14,-14)
47c9173 ucode: add libjson-c/host dependency (+1)
466198c ksmbd: update to latest 3.4.8 release (+3,-3)
d5ba3ca ksmbd: Update to version 3.5.0 (+9,-3)
591b7e9 wolfssl: Update to version 5.7.2 (+5,-3)

Packages / Firmware (6 changes)

fef1a52 wireless-regdb: update to 2024.01.23 (+3,-3)
c0280da wireless-regdb: update to 2024.05.08 (+2,-2)
a086650 firmware: intel-microcode: update to 20231114 (+2,-2)
b550f7b firmware: intel-microcode: update to 20240312 (+2,-2)
bd91384 firmware: intel-microcode: update to 20240531 (+2,-2)
456fd63 wireless-regdb: Update to version 2024.07.04 (+2,-2)

Packages / OpenWrt system userland (2 changes)

78d9e4c jsonfilter: update to Git HEAD (2024-01-23) (+3,-3)
⇒ 013b75a jsonfilter: drop legacy json-c support (+2,-3)
⇒ 594cfa8 main: fix spurious premature parse aborts in array mode (+2,-4)
ebb3faf procd: make mDNS TXT record parsing more solid (+9,-6)

Target / apm821xx (2 changes)

61c6bc2 kernel: bump 5.10 to 5.10.213 (+41,-92)
eb9eaeb kernel: bump 5.10 to 5.10.221 (+40,-40)

Target / at91 (6 changes)

debf4b5 kernel: bump 5.10 to 5.10.206 (+82,-77)
f2e8d59 kernel: bump 5.10 to 5.10.210 (+106,-106)
ce37d2c kernel: bump 5.10 to 5.10.214 (+39,-77)
0621d89 kernel: bump 5.10 to 5.10.216 (+47,-139)
7c2c655 kernel: bump 5.10 to 5.10.217 (+17,-87)
eb9eaeb kernel: bump 5.10 to 5.10.221 (+40,-40)

Target / ath79 (7 changes)

debf4b5 kernel: bump 5.10 to 5.10.206 (+82,-77)
a08553b ath79: read back reset register (+33)
294301c ath79: ubnt,bullet-m-xw: set PHY max-speed to 100Mbps (+1)
c1a3174 ath79: ubnt-bullet-m-xw: fix Ethernet PHY traffic (+1,-2)
228cf39 ath79: add Ubiquiti Rocket M XW as alternate name to Bullet M XW (+3)
f2e8d59 kernel: bump 5.10 to 5.10.210 (+106,-106)
eb9eaeb kernel: bump 5.10 to 5.10.221 (+40,-40)

Target / bcm27xx (13 changes)

6121581 kernel: bump 5.10 to 5.10.203 (+32,-135)
debf4b5 kernel: bump 5.10 to 5.10.206 (+82,-77)
c4df947 kernel: bump 5.10 to 5.10.208 (+23,-23)
f2e8d59 kernel: bump 5.10 to 5.10.210 (+106,-106)
a352312 kernel: bump 5.10 to 5.10.211 (+14,-73)
61c6bc2 kernel: bump 5.10 to 5.10.213 (+41,-92)
ce37d2c kernel: bump 5.10 to 5.10.214 (+39,-77)
bc7585b kernel: bump 5.10 to 5.10.215 (+47,-46)
0621d89 kernel: bump 5.10 to 5.10.216 (+47,-139)
7c2c655 kernel: bump 5.10 to 5.10.217 (+17,-87)
13b9be3 kernel: bump 5.10 to 5.10.218 (+7,-7)
c54d411 kernel: bump 5.10 to 5.10.219 (+100,-147)
eb9eaeb kernel: bump 5.10 to 5.10.221 (+40,-40)

Target / bcm47xx (2 changes)

3547565 bcm47xx: fix switch setup for Linksys WRT320N v1 (+1)
0621d89 kernel: bump 5.10 to 5.10.216 (+47,-139)

Target / bcm4908 (1 change)

61c6bc2 kernel: bump 5.10 to 5.10.213 (+41,-92)

Target / bcm53xx (5 changes)

8b32252 kernel: use upstream firmware patch for Broadcom's NVRAM (+100,-92)
41e961c bcm53xx: backport brcm_nvram changes needed for fix patch (+89)
9b7311d bcm53xx: add the latest fix version of brcm_nvram (+246)
a352312 kernel: bump 5.10 to 5.10.211 (+14,-73)
61c6bc2 kernel: bump 5.10 to 5.10.213 (+41,-92)

Target / bcm63xx (1 change)

f2e8d59 kernel: bump 5.10 to 5.10.210 (+106,-106)

Target / bmips (1 change)

eb9eaeb kernel: bump 5.10 to 5.10.221 (+40,-40)

Target / gemini (1 change)

debf4b5 kernel: bump 5.10 to 5.10.206 (+82,-77)

Target / ipq40xx (1 change)

7b8ccbd ipq40xx: eap1300: add eap1300ext as alt model (+2)

Target / ipq806x (3 changes)

6121581 kernel: bump 5.10 to 5.10.203 (+32,-135)
debf4b5 kernel: bump 5.10 to 5.10.206 (+82,-77)
0621d89 kernel: bump 5.10 to 5.10.216 (+47,-139)

Target / lantiq (2 changes)

bc7585b kernel: bump 5.10 to 5.10.215 (+47,-46)
eb9eaeb kernel: bump 5.10 to 5.10.221 (+40,-40)

Target / mediatek (6 changes)

debf4b5 kernel: bump 5.10 to 5.10.206 (+82,-77)
f2e8d59 kernel: bump 5.10 to 5.10.210 (+106,-106)
ce37d2c kernel: bump 5.10 to 5.10.214 (+39,-77)
bc7585b kernel: bump 5.10 to 5.10.215 (+47,-46)
0621d89 kernel: bump 5.10 to 5.10.216 (+47,-139)
3f1b60a mediatek: fix broken PCIe caused by update to 5.15.158 (+9)

Target / mpc85xx (1 change)

debf4b5 kernel: bump 5.10 to 5.10.206 (+82,-77)

Target / mvebu (2 changes)

f2e8d59 kernel: bump 5.10 to 5.10.210 (+106,-106)
0621d89 kernel: bump 5.10 to 5.10.216 (+47,-139)

Target / octeontx (4 changes)

c4df947 kernel: bump 5.10 to 5.10.208 (+23,-23)
f2e8d59 kernel: bump 5.10 to 5.10.210 (+106,-106)
ce37d2c kernel: bump 5.10 to 5.10.214 (+39,-77)
bc7585b kernel: bump 5.10 to 5.10.215 (+47,-46)

Target / oxnas (1 change)

0621d89 kernel: bump 5.10 to 5.10.216 (+47,-139)

Target / ramips (9 changes)

ca942a5 ramips: mtk_eth_soc: allow multiple resets (+9,-8)
8b4b924 ramips: mtk_eth_soc: wait longer after FE core reset to settle (+1,-1)
37ed4c0 ramips: dts: rt3352: reset FE and ESW cores together (+4,-4)
0c84a15 ramips: dts: rt3050: reset FE and ESW cores together (+4,-4)
b80c17b ramips: dts: rt5350: reset FE and ESW cores together (+4,-4)
5ef0111 ramips: dts: mt7628an: reset FE and ESW cores together (+4,-4)
17ee3e0 raimps: mtk_eth_soc: drop rst_esw from ESW driver (+4,-20)
6121581 kernel: bump 5.10 to 5.10.203 (+32,-135)
f2e8d59 kernel: bump 5.10 to 5.10.210 (+106,-106)

Target / realtek (2 changes)

6121581 kernel: bump 5.10 to 5.10.203 (+32,-135)
eb9eaeb kernel: bump 5.10 to 5.10.221 (+40,-40)

Target / rockchip (1 change)

bc7585b kernel: bump 5.10 to 5.10.215 (+47,-46)

Target / sunxi (1 change)

abc1245 sunxi: fix network bringup on Olinuxino Micro boards (+1,-1)

Target / x86 (4 changes)

4895ab2 x86: Fix compile problem with kernel 5.10.211 (+40)
ce37d2c kernel: bump 5.10 to 5.10.214 (+39,-77)
bc7585b kernel: bump 5.10 to 5.10.215 (+47,-46)
0621d89 kernel: bump 5.10 to 5.10.216 (+47,-139)

Wireless / Common (6 changes)

2c67fff mac80211: Update to version 5.15.148-1 (+142,-167)
721f026 mac80211: Add DRIVER_11AX_SUPPORT dependency to mac80211-hwsim and iwlwifi (+2,-2)
4432454 wifi-scripts: Support HE Iftypes with multiple entries (+2,-2)
06ea586 mac80211: Update to 5.15.153-1 (+80,-80)
3122bb6 mac80211: add missing config for third 160MHz width for 5GHz radio (+1)
94a605d mac80211: Update to version 5.15.162-1 (+58,-60)

Miscellaneous (2 changes)

f5e20dd CI: tools: macOS: sync with shared-actions for macOS 14 (+8,-25)
f457cd6 .gitignore: ignore link if target is included from feed (+1)

Security fixes

CVE-2014-5461

Description: Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5461
Commits:
bf3ea23 lua: fix CVE-2014-5461 (+48,-26)

CVE-2023-6935

Description: wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent. The vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6935
Commits:
ea430dd wolfssl: update to 5.6.6 (+3,-3)

CVE-2023-6936

Description: In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6936
Commits:
ea430dd wolfssl: update to 5.6.6 (+3,-3)

CVE-2023-6937

Description: wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6937
Commits:
ea430dd wolfssl: update to 5.6.6 (+3,-3)

CVE-2023-22655

Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22655
Commits:
b550f7b firmware: intel-microcode: update to 20240312 (+2,-2)

CVE-2023-23583

Description: Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23583
Commits:
a086650 firmware: intel-microcode: update to 20231114 (+2,-2)

CVE-2023-28746

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28746
Commits:
b550f7b firmware: intel-microcode: update to 20240312 (+2,-2)

CVE-2023-36328

Description: Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36328
Commits:
38cea0b dropbear: cherry-pick upstream patches (+337)

CVE-2023-38575

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38575
Commits:
b550f7b firmware: intel-microcode: update to 20240312 (+2,-2)

CVE-2023-39368

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39368
Commits:
b550f7b firmware: intel-microcode: update to 20240312 (+2,-2)

CVE-2023-43490

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43490
Commits:
b550f7b firmware: intel-microcode: update to 20240312 (+2,-2)

CVE-2023-45733

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45733
Commits:
bd91384 firmware: intel-microcode: update to 20240531 (+2,-2)

CVE-2023-45745

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45745
Commits:
bd91384 firmware: intel-microcode: update to 20240531 (+2,-2)

CVE-2023-46103

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46103
Commits:
bd91384 firmware: intel-microcode: update to 20240531 (+2,-2)

CVE-2023-47855

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47855
Commits:
bd91384 firmware: intel-microcode: update to 20240531 (+2,-2)

CVE-2023-48795

Description: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
Commits:
38cea0b dropbear: cherry-pick upstream patches (+337)

CVE-2023-52160

Description: The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52160
Commits:
987275f hostapd: backport fix for CVE-2023-52160 (+197)

CVE-2024-0901

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0901
Commits:
86e290e wolfssl: Update to 5.7.0 (+3,-3)

CVE-2024-1544

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1544
Commits:
591b7e9 wolfssl: Update to version 5.7.2 (+5,-3)

CVE-2024-1545

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1545
Commits:
86e290e wolfssl: Update to 5.7.0 (+3,-3)

CVE-2024-5288

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5288
Commits:
591b7e9 wolfssl: Update to version 5.7.2 (+5,-3)

CVE-2024-5814

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5814
Commits:
591b7e9 wolfssl: Update to version 5.7.2 (+5,-3)

CVE-2024-5991

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5991
Commits:
591b7e9 wolfssl: Update to version 5.7.2 (+5,-3)

CVE-2024-23170

Description: An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23170
Commits:
7f64f5b mbedtls: security bump to version 2.28.7 (+2,-2)

CVE-2024-23775

Description: Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23775
Commits:
7f64f5b mbedtls: security bump to version 2.28.7 (+2,-2)

CVE-2024-28960

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28960
Commits:
6ea1e21 mbedtls: Update to 2.28.8 (+2,-2)

Table of Contents