Show pagesourceOld revisionsBacklinksBack to top × Table of Contents LEDE v17.01.4 Changelog Build System / Buildroot (2 changes) Build System / Feeds (1 change) Build System / Host Utilities (1 change) Build System / Toolchain (2 changes) Kernel (2 changes) Packages / Common (5 changes) Packages / LEDE base files (1 change) Target / ar71xx (1 change) Target / bcm53xx (1 change) Target / brcm2708 (1 change) Target / cns3xxx (1 change) Target / oxnas (1 change) Target / ramips (4 changes) Target / x86 (5 changes) Wireless / Common (3 changes) Wireless / MT76 (1 change) Addressed bugs Security fixes LEDE v17.01.4 Changelog This changelog lists all commits done in LEDE since the v17.01.3 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the final 17.01.4 release. Build System / Buildroot (2 changes) 2ce9c84 build: add a darwin sitefile to deal with macOS 10.12 + Xcode 9 build errors (+7) 444add1 LEDE v17.01.4: adjust config defaults (+11,-9) Build System / Feeds (1 change) 444add1 LEDE v17.01.4: adjust config defaults (+11,-9) Build System / Host Utilities (1 change) 0672213 cmake: fix build error with Xcode 9 on macOS 12 (+15) Build System / Toolchain (2 changes) a999f91 gcc: fix build error with macOS + Xcode 9 (+10) f67c22e toolchain/gdb: update to version 8.0.1 (+5,-5) Kernel (2 changes) 8ad1b09 kernel: add fix for bgmac with B50212E B1 PHY (+98,-3) fa0b5fc kernel: bump 4.4 to 4.4.92 (+12,-12) Packages / Common (5 changes) 63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10) 907d870 wireguard: add wireguard to base packages (+308) b6c3931 hostapd: backport extra changes related to KRACK (+730) d501786 hostapd: add wpa_disable_eapol_key_retries option (+6,-1) 79f57e4 wireguard: version bump to 0.0.20171017 (+2,-2) Packages / LEDE base files (1 change) 444add1 LEDE v17.01.4: adjust config defaults (+11,-9) Target / ar71xx (1 change) 94aa2b8 ar71xx: add rssileds to WA850RE v1 image (+1) Target / bcm53xx (1 change) baa8eaa bcm53xx: backport DTS changes up to the first 4.15 queued commits (+662) Target / brcm2708 (1 change) fa0b5fc kernel: bump 4.4 to 4.4.92 (+12,-12) Target / cns3xxx (1 change) fa0b5fc kernel: bump 4.4 to 4.4.92 (+12,-12) Target / oxnas (1 change) fa0b5fc kernel: bump 4.4 to 4.4.92 (+12,-12) Target / ramips (4 changes) f9a849c ramips: mt7620: do not pad sysupgrade Archer images (+3,-3) c1023c8 mt76: sync with version 878456caf60d from master (+38,-52) 2e9f3c6 ramips: fix typo in MT7621 NAND driver (+1,-1) e6fd17d ramips: fix compile warning in MT7621 NAND driver (+1,-1) Target / x86 (5 changes) f52b404 x86/generic: use HIGHMEM64G instead of HIGHMEM4G to fix PAE and Xen (+4,-1) da0219e x86: Fix xen serial console by removing conflicting PATA driver (-2) cabf775 x86: Refresh subtargets kernel config (+16,-14) cdd093b x86/64: add xen DomU support (+58,-1) 46e29bd x86: partly revert cabf775 (+12,-1) Wireless / Common (3 changes) bff1630 brcmfmac: backport length check in brcmf_cfg80211_escan_handler() (+63) 707305a mac80211: Update wireless-regdb to master-2017-03-07 (+19,-12) a5e1f7f mac80211: backport kernel fix for CVE-2017-13080 (+81) Wireless / MT76 (1 change) c1023c8 mt76: sync with version 878456caf60d from master (+38,-52) Addressed bugs #787 Description: no console in Xen-DomU guests Link: https://bugs.lede-project.org/index.php?do=details&task_id=787 Commits: da0219e x86: Fix xen serial console by removing conflicting PATA driver (-2) #908 Description: x86: Xen support broken in 17.01.2 and later Link: https://bugs.lede-project.org/index.php?do=details&task_id=908 Commits: f52b404 x86/generic: use HIGHMEM64G instead of HIGHMEM4G to fix PAE and Xen (+4,-1) #1025 Description: lede-17.01.2-ramips-mt7620-ArcherC50-squashfs-sysupgrade.bin does not fit on device Link: https://bugs.lede-project.org/index.php?do=details&task_id=1025 Commits: f9a849c ramips: mt7620: do not pad sysupgrade Archer images (+3,-3) #1039 Description: lede-17.01.3-ramips-mt7620-ArcherC50-squashfs-sysupgrade.bin wont fit (7.63 Mb - 7.62 left) Link: https://bugs.lede-project.org/index.php?do=details&task_id=1039 Commits: f9a849c ramips: mt7620: do not pad sysupgrade Archer images (+3,-3) #1043 Description: WA850RE v1 leds Link: https://bugs.lede-project.org/index.php?do=details&task_id=1043 Commits: 94aa2b8 ar71xx: add rssileds to WA850RE v1 image (+1) Security fixes CVE-2017-0786 Description: A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0786 Commits: bff1630 brcmfmac: backport length check in brcmf_cfg80211_escan_handler() (+63) CVE-2017-9778 Description: GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9778 Commits: f67c22e toolchain/gdb: update to version 8.0.1 (+5,-5) CVE-2017-12153 Description: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12153 Commits: fa0b5fc kernel: bump 4.4 to 4.4.92 (+12,-12) CVE-2017-12154 Description: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12154 Commits: fa0b5fc kernel: bump 4.4 to 4.4.92 (+12,-12) CVE-2017-13077 Description: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13077 Commits: 63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10) CVE-2017-13078 Description: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078 Commits: 63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10) CVE-2017-13079 Description: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079 Commits: 63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10) CVE-2017-13080 Description: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080 Commits: 63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10) a5e1f7f mac80211: backport kernel fix for CVE-2017-13080 (+81) CVE-2017-13081 Description: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081 Commits: 63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10) CVE-2017-13082 Description: Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082 Commits: 63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10) CVE-2017-13086 Description: Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13086 Commits: 63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10) CVE-2017-13087 Description: Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087 Commits: 63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10) CVE-2017-13088 Description: Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088 Commits: 63c1714 hostapd: merge fixes for WPA packet number reuse with replayed messages and k... (+929,-10) CVE-2017-1000252 Description: The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c. Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000252 Commits: fa0b5fc kernel: bump 4.4 to 4.4.92 (+12,-12) This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.OKMore information about cookies Last modified: 2017/10/18 15:34by stintel