User Tools

Site Tools


ja:releases:17.01:changelog-17.01.5

Table of Contents

FIXME このページは、まだ完全には翻訳されていません。翻訳の完了のためにご協力ください。
(この段落は、一度翻訳が完了したら削除してください)

LEDE v17.01.5 変更履歴(作業中)

この変更履歴では、v17.01.4タグ以降のLEDEでのコミットをサブシステム毎にグループ化して列挙しています。変更は時系列順に上から下へ並べられ、17.01.5の最終リリースタグが付されるまでのGitリポジトリの履歴を網羅しています。

ビルドシステム / Buildroot(変更数: 30)

4af145e rules.mk: make PKG_CONFIG_DEPENDS properly track string values
157b892 kernel: remove out of tree direct-io disable hack
3387158 build: Suffix build directory with _$(LIBC) for external toolchains
94f079e build: Pass -iremap gcc option as a single argument
a7fc27e build: make Host/Install/Default use Host/Compile/Default with an extra argument
903a404 build: skip headers install and config on make target/linux/prepare
11cd607 build: unsilence move command
acd4814 build: get rid of FIND_L from host.mk
5f03ce1 scripts: only generate config from feature flag if fully match
0aafbf6 build: fix STAMP_PREPARED with quilt
f69d73f build: allow specifying flow-control to grub on serial console
977db9f scripts/download.pl: fix error message on hash mismatch
c8a0f3a target.mk: check that CPU_TYPE has known CPU_CFLAGS mapping
9ce30f7 kernel: move initramfs's init script out of base-files
3e7f191 include/packages-defaults.mk: Remove LARGEFILE option
9858827 kernel: allow selecting RTC drivers on targets without explicit RTC support
040ff6f build: remove absolute path to perl and replace with /usr/bin/env perl
4607007 build: allow val.% targets to bypass the prepare steps
bb9eb2c build: new fixes for symlinked .config handling
827f108 scripts: Probe external toolchains for libthread-db
ef43c04 scripts/download.pl: print the command used to download files
c864906 netfilter: add iptables-mod-rpfilter package
338968a build: fix invocation of bundled ld.so in SDK and Imagebuilder
89c4f47 scripts/download.pl: Adjust URLs
2e1a87a build: bundle-libraries.sh: do not override argv[0] in inner exec calls
b616aa6 scripts/package-metadata.pl: inhibit compile deps on missing build types
f006555 config: make CONFIG_ALL_* select other CONIFG_ALL_* options
b69ea02 scripts/dowload.pl: use glob to expand target dir
5beb0ab build: remove @ as it's causing an error
b41d154 rules.mk: export TMPDIR

ビルドシステム / ホスト ユーティリティ(変更数: 19)

d2fd641 tools/findutils: include sysmacros.h explicitly
96dbf59 tools/mtd-utils: include sysmacros.h explicitly
8406e50 tools/squashfs: include sysmacros.h explicitly
8a48a53 tools/squashfs4: include sysmacros.h explicitly
f19d47f tools: patch various gnu tools for macOS 10.13
2428b6d tools/sstrip: Fix compile under standard linux.
a91d8dd tools/m4: update 1.4.18
05f0b8d ccache: update to 3.3.4
ed4976d tools/sed: Update to 4.4
25fe034 tools/dosfstools: Update to 4.1
100553d tools/libressl: Update to 2.5.1
6ba0cc1 tools/coreutils: Update to 8.27
08be74f tools/isl: update to 0.18
6e09b20 tools/libressl: update to 2.5.4
59a1c16 tools/sparse: Update to snapshot 2017-03-31
95940a8 Add the __builtin functions needed for INFINITY and nan().
76a7371 Add a define for __builtin_ms_va_copy()
0f71312 Ignore pure attribute in assignement
efd34fa Add tests for the builtin INF and nan() functions.
6043210 sparse/parse.c: ignore hotpatch attribute
c04667e sparse, llvm: compile: skip function prototypes to avoid SIGSEGV
a53cea2 validation/prototype: regression for skipping prototypes
0d2809b ptrlist: reading deleted items in NEXT_PTR_LIST()
0dac478 .gitignore: add cscope and Qt project files
38c9e9f Add default case to switches on enum variables
8efbac1 Fix size calculation of unsized bool array
7647c77 Do not drop 'nocast' modifier when taking the address.
153fbd0 Fix warning compiling sparse-llvm
65f90e7 sparse: add 'alloc_align' to the ignored attributes
ffc860b sparse: ignore __assume_aligned__ attribute
6c283a0 sparse: add no_sanitize_address as an ignored attribute
⇒ + さらに147件…
e8bd0a6 tar: override symlink permissions
ca7c9db tools/pkg-config: Update to 0.29.2
1aedf2f tools/squashfs: use host cflags
dde29b2 tools/coreutils: install readlink

ビルドシステム / Image Builder(変更数: 4)

1d0f7e3 imagebuilder: make submake invocations less verbose
c7234e3 imagebuilder: add package_list function
74eeb07 imagebuilder: clean package_list
5900443 imagebuilder: don't rewrite package list output

ビルドシステム / Toolchain(変更数: 6)

90a43e5 toolchain/gcc: reduce source directory size by about 420 MB
bdb05f5 gcc: remove obsolete uclibc patch
a33b0ce toolchain/musl: parallelize make install
3056122 toolchain/gcc: parallelize make install
0807022 gcc: fix documentation entries added by 910-mbsd_multi.patch
7f3f2bc build: remove old kernel-headers build directories

カーネル(変更数: 11)

373fa54 kernel: bump 4.4 to 4.4.93 for 17.01
7f3dab2 kernel: bump 4.4 to 4.4.102
2b66449 kernel: bump 4.4 to 4.4.103 for 17.01
157b892 kernel: remove out of tree direct-io disable hack
7ccfa82 ar8327: Add workarounds for AR8337 switch.
9ce30f7 kernel: move initramfs's init script out of base-files
9858827 kernel: allow selecting RTC drivers on targets without explicit RTC support
816fb34 mvswitch: fix autonegotiation issue
13a5568 ip17xx: correct aneg_done return value
e01367e kernel: add CONFIG_SCHED_HRTICK=y to the generic config
c864906 netfilter: add iptables-mod-rpfilter package

パッケージ / ブートローダ(変更数: 4)

8be5b12 lantiq: remove lantiq_board_name, use the generic function instead
91821c8 kexec-tools: get kexec running on MUSL and x86 hardware
10182cb grub2: update to 2.02~rc2
6e1e2e7 package/grub2: update to 2.02

パッケージ / 共通(変更数: 94)

0780e12 opkg: bump to 2017-10-23 (lede-17.01)
3f13edd pkg_run_script: use pkg->dest in half installed case
7a96972 libbb: xreadlink: fix memory leak on failure case
5bb5fd5 opkg: add --no-check-certificate argument
c6caf07 pkg_parse: fix segfault when parsing descriptions with leading newlines
367b456 dnsmasq: restore ability to include/exclude raw device names
6b6578f wireguard: version bump to 0.0.20171101
cda8ec7 openssl: update to 1.0.2m
ed571c1 wireguard: bump to 0.0.20171111
8751bd7 wireguard: move to kernel build directory
d851d7f wireguard: fix portability issue
e626942 dnsmasq: load instance-specific conf-file if exists
d3f40aa wireguard: bump to 20171122
0946ec0 wireguard: bump to snapshot 20171127
e5a10bc samba36: backport an upstream fix for an information leak (CVE-2017-15275)
060b7f1 curl: apply CVE 2017-8816 and 2017-8817 security patches
3590316 dnsmasq: backport infinite dns retries fix
19ebc19 hostapd: Expose the tdls_prohibit option to UCI
f5f5f58 hostapd: backport fix for wnm_sleep_mode=0
b41a2e6 opkg: bump to version 2017-12-08
098e774 libopkg: fix SHA256 calculation for big endian system
a6bb5cb file_util: implement urlencode_path() helper
793fbac opkg: encode archive filenames while constructing download URLs
79908c2 file_util: consolidate hex/unhex routines
3c46c88 file_util: implement urldecode_path()
9f61f7a opkg_download: decode file:/ URLs
8bf67f6 mdadm: extend uci config support
adc9f93 utils/mdadm: Update to 4.0
157b892 kernel: remove out of tree direct-io disable hack
4fc0fb3 mdadm: Do not check RUN_DIR
6c1b6e8 mdadm: Fix config generation
3bb8818 mdadm: fix parameter quoting
207bcea cyassl: update to wolfssl 3.12.2 (1 CVE)
50b4789 openssl: update to 1.0.2n
c566a9e toolchain: Broaden the executable loader pattern
051a33e thc-ipv6: Allow overriding CFLAGS
1e3ff02 bsdiff: Also pass down TARGET_CPPFLAGS
12b811a omcproxy: Update to latest HEAD
1fe6f48 Cmake: Find libubox/list.h
c6dd059 px5g: Fix TARGET_LDFLAGS and add TARGET_CPPFLAGS
2d31ec4 adb: Also pass TARGET_CPPFLAGS
2dd9b62 rssileds: Fix build with external toolchains
28c9731 toolchain: Allow external toolchains to specify libthread-db
cfb5a55 iwcap: fix handling kill signal during dump
9504392 toolchain: add musl libc.so to external toolchain
37aae44 libnl: Fix building with uClibc
7263e3c lldpd: bump to 0.9.6
f7f6913 lzo: Update to 2.10
affff02 busybox: don't install NTP scripts if NTP isn't configured
9459722 busybox: fix installation of cron and ntpd scripts in the default config
9b24d99 iproute2: add libgenl.h and ll_map.h to InstallDev section
f30114c dropbear: fix procd interface trigger install
6b9eb0c hostapd: fix reload frequency change patch
67caf6b network/utils/ipset: Update to 6.32
070463f devel/strace: Update to 4.16
79def69 comgt-3g: enable modem before to setpin
9754a9c devel/trace-cmd: Update to 2.6.1
8ee15ed elfutils: bump to 0.169
8d4c047 lldpd: drop specific respawn params [use system-wide]
444b64f libunwind: update to 1.2
26ea59c lldpd: bump to 0.9.7
a6e5943 elfutils: Pass -Wno-unused-result to silence warnings as errors
41ee454 ppp: propagate master firewall zone to dynamic slave interface
7d1f407 gdb: remove Build/Compile rule ; default one works
86158ad libunwind: update to version 1.2.1
3129db3 busybox: backport 'ip rule suppress_{prefixlength, ifgroup}'
3027a68 valgrind: bump to 3.13.0
ef3649d hostapd: add acct_interval option
0e6a6c8 hostapd: configure NAS ID regardless of encryption
8693ab5 dropbear: server support option '-T' max auth tries
d413c75 dropbear: add option to set max auth tries
ea23ba9 bzip2: add symlink to binary
c864906 netfilter: add iptables-mod-rpfilter package
cf11a41 lzo: use default Build/Configure rule
610e2af zlib: use default Build/Configure rule
0a97626 kmod-sched-cake: drop maintainer
a37f8b0 samba36: Remove legacy options
3b6b892 ca-certificates: Update to 20170717
9e84d33 nvram: fix memory leak
c446ee4 nvram: add usage() function
118a2ea nvram: improve argument check when program start
2b88309 nvram: add help message for nvram magic not found
1458bc2 samba36: Remove guest ok since LuCI configures it.
71797b6 samba36: Don't resolve interfaces.
80a22ee samba36: Remove syslog and load printers lines.
2f80d84 wwan: json format in some modem definitions
9cf371c dnsmasq: Pass TARGET_CPPFLAGS to Makefile
eff1f7e usbutils: avoid duplicating the git revision
77e79b2 openvpn: update to 2.4.4
9d1bfb8 dropbear: make ssh compression support configurable
9bd667f dropbear: fix PKG_CONFIG_DEPENDS
d63eb47 ppp: fix compile warning
7fa7002 ppp: make the patches apply correctly again
cd901ef libunwind: disable building with ssp
79024cd openssl: fix cryptodev config dependency
e5c284b package/elfutils: add CFLAG -Wno-format-nonliteral
91e4830 openvpn: add support to start/stop single instances
c315843 igmpproxy: remove firewall rules when service is stopped
7f78a86 hostapd: set mcast_rate in mesh mode
05f0fac hostapd: explicitly set beacon interval for wpa_supplicant
0625814 packages: nvram: fix memory leak in _nvram_free
50147d4 libnl-tiny: use fixed message size instead of using the page size
796bc21 hostapd: don't set htmode for wpa_supplicant
4cfcfec hostapd: remove unused local var declaration
e719a08 usbutils: Update usb.ids file to latest

パッケージ / LEDEベース ファイル(変更数: 11)

a0ef1c4 functions.sh: fix default_postinst function
135aa3b base-files: upgrade: make get_partitions() endian agnostic
15efa09 base-files: add submission service port
f173464 base-files: add generic board_name function to functions.sh
38ea91e base-files: use restart if no reload hook for service
28c350f base-files: fix default procd reload
9c3e4b5 base-files: board.json's switch reset means existence, not argument
75d8127 base-files: suppress uci not found output in login.sh
23b9dc2 base-files: drop unused preinit_echo function
bdc998c base-files: order conffiles alphabetically
c61cf4a base-files: add /etc/profile.d to conffiles

パッケージ / LEDE ネットワーク ユーザー領域(変更数: 7)

63f6408 uclient: update to the latest version, fixes fetch of multiple files
4b87d83 uclient-fetch: fix overloading of output_file variable
ed82c52 uqmi: also try newer pin verification
ec395ee swconfig: Link with libubox
7fb03d9 netifd: fix fw3 warnings in dhcp script
a1392e0 netifd: return error status in reload_service
41ee454 ppp: propagate master firewall zone to dynamic slave interface
bead60c uqmi: replace legacy command invoke with newer type

パッケージ / LEDE システム ユーザー領域(変更数: 11)

586a721 mountd: bump to git HEAD version (fixes SIGSEV crashes)
01bb2b0 mount: fix SIGSEV crashes
6efeb19 autofs: register SIGTERM for gracefull exit
792559f mountd: bump to git HEAD version (optimization fixes)
75e7412 mount: drop duplicated filesystem check from mount_add_list
7826ca5 mount: add mount with ignore=1 for unsupported filesystems
95824b9 rpcd: update to the latest version from 2017-11-09
9a86401 plugin: use RTLD_LOCAL instead of RTLD_GLOBAL when loading library
c9fb48a procd: update to latest git HEAD (fixes and improvements)
8d5d29c service: fix SERVICE_ATTR_NAME usage in service_handle_set
5db8f70 procd: add missing new lines inside debug code
d9dc0e0 service: fix calls to blobmsg_parse()
d64c0e5 rpcd: update to version 2017-11-12
4e48331 sys: add packagelist method
a0231be sys: fix memory leak in packagelist
56b9f0f procd.sh: use parameterized respawn values
a44c440 usbmode: remove devices with unsupported modes
c58e824 procd: mdns: Support txt values with spaces
ed4f4f1 procd: Install seccomp-trace symlink
5872c19 procd: Always tell cmake whether to include seccomp support or not
2f75641 uhttpd: fix query string handling
a235636 file: fix query string handling

ターゲット / ar71xx(変更数: 4)

9740523 ar71xx: fix LED config for DIR-869 A1
7f3dab2 kernel: bump 4.4 to 4.4.102
2b66449 kernel: bump 4.4 to 4.4.103 for 17.01
aaa73fe ar71xx: fix switch port numbering on RB750r2 and RB750UPr2

ターゲット / bcm53xx(変更数: 1)

8261592 bcm53xx: suppress osafeloader info error messages during flashing

ターゲット / brcm2708(変更数: 2)

373fa54 kernel: bump 4.4 to 4.4.93 for 17.01
7f3dab2 kernel: bump 4.4 to 4.4.102

ターゲット / brcm47xx(変更数: 3)

4217541 brcm47xx: fix switch port mapping on Asus RT-N12 and RT-N16 models
ecaad8b brcm47xx: fix switch port mapping on D-Link DIR-330
ebb5474 brcm47xx: remove target specific network preinit config

ターゲット / cns3xxx(変更数: 1)

2b66449 kernel: bump 4.4 to 4.4.103 for 17.01

ターゲット / gemini(変更数: 1)

7f3dab2 kernel: bump 4.4 to 4.4.102

ターゲット / imx6(変更数: 1)

7f3dab2 kernel: bump 4.4 to 4.4.102

ターゲット / ipq806x(変更数: 4)

2bee675 ipq806x: fix Zyxel NBG6817 WiFi button
2aff2ad ipq806x: nbg6817: add kmod-fs-ext4 to device packages
bdf19ee ipq806x: nbg6817: sync MAC addresses to the upstream values
7f3dab2 kernel: bump 4.4 to 4.4.102

ターゲット / lantiq(変更数: 9)

50db9a4 lantiq: ARV752DPW22: set correct wireless led trigger
98c003e lantiq: ARV752DPW22: fix wireless mac address
ee6fa8d lantiq: add missing default lan interface
7f3dab2 kernel: bump 4.4 to 4.4.102
2b66449 kernel: bump 4.4 to 4.4.103 for 17.01
0f0d742 lantiq: move lantiq_board_detect() to 03_preinit_board.sh
8be5b12 lantiq: remove lantiq_board_name, use the generic function instead
80304ac lantiq: remove lantiq_board_model, it is unused
e5612d6 lantiq: spi: double time out tolerance

ターゲット / mediatek(変更数: 1)

7f3dab2 kernel: bump 4.4 to 4.4.102

ターゲット / mvebu(変更数: 1)

7f3dab2 kernel: bump 4.4 to 4.4.102

ターゲット / oxnas(変更数: 2)

7f3dab2 kernel: bump 4.4 to 4.4.102
157b892 kernel: remove out of tree direct-io disable hack

ターゲット / ramips(変更数: 9)

f5935f7 ramips: fix default usb support for nexx wt3020-8M
3eae19a ramips: fix Youku-YK1 support
6cfa7e5 ramips: fix DCH-M225 support
7ec6394 ramips: fix Planex CS-QR10 device packages
7f3dab2 kernel: bump 4.4 to 4.4.102
9601e6a ramips: add missing reset button for Nexx WT1520
d77fe92 ramips: backport MT7628 pinmux fixes
2b66449 kernel: bump 4.4 to 4.4.103 for 17.01
108a42b ramips: support jumbo frame on mt7621 up to 2k

ターゲット / rb532(変更数: 1)

9a99039 rb532: enable high-res timers, refresh kernel config

ターゲット / sunxi(変更数: 1)

157b892 kernel: remove out of tree direct-io disable hack

ターゲット / x86(変更数: 6)

7f3dab2 kernel: bump 4.4 to 4.4.102
58e0c0f x86: image: drop unused ROOTDELAY variable
1411493 x86: image: drop unneeded grub call
3225fbf x86: image: drop duplicated copy of bzImage into vmlinuz
f69d73f build: allow specifying flow-control to grub on serial console
9057577 x86: keep /boot mounted for kexec

ターゲット / xburst(変更数: 1)

e802cbf xburst: enable high-res timers, refresh kernel config

ターゲット / zynq(変更数: 1)

157b892 kernel: remove out of tree direct-io disable hack

無線 / 共通(変更数: 3)

62a8252 mac80211: Fix race condition leading to wifi interfaces not coming up at boot...
f0a4931 mac80211: gracefully handle preexisting VIF
0f17504 mac80211: don't pass the hostapd ctrl iface in adhoc

無線 / MT76(変更数: 1)

4b5861c mt76: update to the latest version
2895775 mt76x2: mcu: remove unused parameter in mt76x2_mcu_msg_alloc signature
1dae8f0 mt7603: mcu: remove unused parameter in mt7603_mcu_msg_alloc() signature
5e49aa9 Fix errors found by cppcheck
1b8c8a0 mt7603: add LED definition registers
4d83561 mt76x2: add LED register definitions
2f40e4a mt76x2: Support using PCI ID as chip ID
27c64bc mt76: add led support using mac80211 led framework
dfd64fc mt76x2: init: add ma80211 led callbacks
215edf1 mt7603: init: add ma80211 led callbacks
9d36ff2 mt76x2: Add PCI identifier for MT7602
0b7984e mt7603: remove unnecessary mcu register read function
f5498d2 debugfs: add support for changing the LED pin
8e453b3 mac80211: move DT led configuration to the "led" child node
8f1673a mt76x2: limit client WCID entries to 0-127
f9d9c22 mt76x2: clear drop flag for all WCIDs on init
0dd8b68 mt76x2: clear per-WCID tx rate lookup register
⇒ + さらに 29件…

既知のバグ

#502

説明: Switch not configured on Asus RT-N12 B1 (brcm47xx)
リンク: https://bugs.lede-project.org/index.php?do=details&task_id=502
コミット:
4217541 brcm47xx: fix switch port mapping on Asus RT-N12 and RT-N16 models

#664

説明: Netgear R8000 Wifi broke with commit 8301e613655c2d95fa5430a1a57d92d966fdc70b
リンク: https://bugs.lede-project.org/index.php?do=details&task_id=664
コミット:
f0a4931 mac80211: gracefully handle preexisting VIF

#704

説明: brcmfmac / Raspberry Pi 3 / wifi not working / adhoc and 80211s-mode
リンク: https://bugs.lede-project.org/index.php?do=details&task_id=704
コミット:
f0a4931 mac80211: gracefully handle preexisting VIF

#790

説明: Failsafe mode networking is broken on Linksys WRT54GSv1
リンク: https://bugs.lede-project.org/index.php?do=details&task_id=790
コミット:
ebb5474 brcm47xx: remove target specific network preinit config

#876

説明: dnsmasq-full "Exclude interfaces" configuration does not work as expected.
リンク: https://bugs.lede-project.org/index.php?do=details&task_id=876
コミット:
367b456 dnsmasq: restore ability to include/exclude raw device names

#909

説明: runas wrapper executes programs using wrong interpreter
リンク: https://bugs.lede-project.org/index.php?do=details&task_id=909
コミット:
338968a build: fix invocation of bundled ld.so in SDK and Imagebuilder

#1015

説明: mtd-utils-1.5.2 does not compile due to missing sysmacros.h
リンク: https://bugs.lede-project.org/index.php?do=details&task_id=1015
コミット:
96dbf59 tools/mtd-utils: include sysmacros.h explicitly

#1016

説明: findutils-4.6.0 fails to compile due to missing sysmacros.h
リンク: https://bugs.lede-project.org/index.php?do=details&task_id=1016
コミット:
d2fd641 tools/findutils: include sysmacros.h explicitly

#1017

説明: squashfs fails to compile due to update in glibc
リンク: https://bugs.lede-project.org/index.php?do=details&task_id=1017
コミット:
8a48a53 tools/squashfs4: include sysmacros.h explicitly

#1018

説明: squashfs-3.0 fails to compile with new glibc
リンク: https://bugs.lede-project.org/index.php?do=details&task_id=1018
コミット:
8406e50 tools/squashfs: include sysmacros.h explicitly

#1021

説明: uhttpd-mod-ubus: error in postinst script
リンク: https://bugs.lede-project.org/index.php?do=details&task_id=1021
コミット:
a0ef1c4 functions.sh: fix default_postinst function

#1055

説明: Youku YK1: No ethernet devices
リンク: https://bugs.lede-project.org/index.php?do=details&task_id=1055
コミット:
3eae19a ramips: fix Youku-YK1 support

セキュリティの修正

CVE-2015-3239

説明: Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.

リンク: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3239
コミット:
444b64f libunwind: update to 1.2

CVE-2017-3735

説明: While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

リンク: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3735
コミット:
cda8ec7 openssl: update to 1.0.2m

CVE-2017-3736

説明: There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

リンク: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736
コミット:
cda8ec7 openssl: update to 1.0.2m

CVE-2017-3737

説明: OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.

リンク: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3737
コミット:
50b4789 openssl: update to 1.0.2n

CVE-2017-3738

説明: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.

リンク: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3738
コミット:
50b4789 openssl: update to 1.0.2n

CVE-2017-12166

説明: OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.

リンク: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12166
コミット:
77e79b2 openvpn: update to 2.4.4

CVE-2017-13099

説明: wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."

リンク: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13099
コミット:
207bcea cyassl: update to wolfssl 3.12.2 (1 CVE)

CVE-2017-15265

説明: Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.

リンク: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15265
コミット:
373fa54 kernel: bump 4.4 to 4.4.93 for 17.01

CVE-2017-15275

説明: Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

リンク: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15275
コミット:
e5a10bc samba36: backport an upstream fix for an information leak (CVE-2017-15275)

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
ja/releases/17.01/changelog-17.01.5.txt · Last modified: 2018/05/11 06:57 by musashino205