User Tools

Site Tools


releases:17.01:changelog-17.01.5

LEDE v17.01.5 Changelog

This changelog lists all commits done in LEDE since the v17.01.4 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the final 17.01.5 release.

Build System / Buildroot (36 changes)

4af145e rules.mk: make PKG_CONFIG_DEPENDS properly track string values (+1,-1)
157b892 kernel: remove out of tree direct-io disable hack (+1,-173)
3387158 build: Suffix build directory with _$(LIBC) for external toolchains (+2,-1)
94f079e build: Pass -iremap gcc option as a single argument (+1,-1)
a7fc27e build: make Host/Install/Default use Host/Compile/Default with an extra argument (+1,-1)
903a404 build: skip headers install and config on make target/linux/prepare (+1,-1)
11cd607 build: unsilence move command (+1,-1)
acd4814 build: get rid of FIND_L from host.mk (+1,-6)
5f03ce1 scripts: only generate config from feature flag if fully match (+31,-31)
0aafbf6 build: fix STAMP_PREPARED with quilt (+2,-2)
f69d73f build: allow specifying flow-control to grub on serial console (+7,-2)
977db9f scripts/download.pl: fix error message on hash mismatch (+1,-1)
c8a0f3a target.mk: check that CPU_TYPE has known CPU_CFLAGS mapping (+5)
9ce30f7 kernel: move initramfs's init script out of base-files (+1,-1)
3e7f191 include/packages-defaults.mk: Remove LARGEFILE option (-1)
9858827 kernel: allow selecting RTC drivers on targets without explicit RTC support (+17,-9)
040ff6f build: remove absolute path to perl and replace with /usr/bin/env perl (+7,-4)
4607007 build: allow val.% targets to bypass the prepare steps (+3)
bb9eb2c build: new fixes for symlinked .config handling (+8,-4)
827f108 scripts: Probe external toolchains for libthread-db (+1)
ef43c04 scripts/download.pl: print the command used to download files (+1)
c864906 netfilter: add iptables-mod-rpfilter package (+34)
338968a build: fix invocation of bundled ld.so in SDK and Imagebuilder (+18,-15)
89c4f47 scripts/download.pl: Adjust URLs (+5,-5)
2e1a87a build: bundle-libraries.sh: do not override argv[0] in inner exec calls (+3,-1)
b616aa6 scripts/package-metadata.pl: inhibit compile deps on missing build types (+25,-6)
f006555 config: make CONFIG_ALL_* select other CONIFG_ALL_* options (+4,-3)
b69ea02 scripts/dowload.pl: use glob to expand target dir (+1,-1)
5beb0ab build: remove @ as it's causing an error (+1,-1)
b41d154 rules.mk: export TMPDIR (+1)
3fa8628 build: fix restoring /etc/opkg with PER_DEVICE_ROOTFS (+2,-2)
6ea9a70 iptables: Fix target TRACE issue (+15,-1)
696c632 include/rootfs.mk: do not remove opkg prerm scripts during rootfs preparation (-1)
75be005 include/rootfs.mk: retain list of conffiles with CONFIG_CLEAN_IPKG (+8,-1)
b47094c include/package-defaults.mk: fix default Build/Prepare with empty ./src (+1,-1)
248b358 LEDE v17.01.5: adjust config defaults (+11,-9)

Build System / Feeds (1 change)

248b358 LEDE v17.01.5: adjust config defaults (+11,-9)

Build System / Host Utilities (20 changes)

d2fd641 tools/findutils: include sysmacros.h explicitly (+13)
96dbf59 tools/mtd-utils: include sysmacros.h explicitly (+25)
8406e50 tools/squashfs: include sysmacros.h explicitly (+20)
8a48a53 tools/squashfs4: include sysmacros.h explicitly (+36,-16)
f19d47f tools: patch various gnu tools for macOS 10.13 (+125)
2428b6d tools/sstrip: Fix compile under standard linux. (+5,-4)
a91d8dd tools/m4: update 1.4.18 (+2,-19)
05f0b8d ccache: update to 3.3.4 (+3,-37)
ed4976d tools/sed: Update to 4.4 (+3,-28)
25fe034 tools/dosfstools: Update to 4.1 (+4,-38)
100553d tools/libressl: Update to 2.5.1 (+2,-2)
6ba0cc1 tools/coreutils: Update to 8.27 (+2,-2)
08be74f tools/isl: update to 0.18 (+2,-2)
6e09b20 tools/libressl: update to 2.5.4 (+3,-3)
59a1c16 tools/sparse: Update to snapshot 2017-03-31 (+4,-4)
95940a8 Add the __builtin functions needed for INFINITY and nan(). (+11)
76a7371 Add a define for __builtin_ms_va_copy() (+1)
0f71312 Ignore pure attribute in assignement (+17,-1)
efd34fa Add tests for the builtin INF and nan() functions. (+13)
6043210 sparse/parse.c: ignore hotpatch attribute (+2)
c04667e sparse, llvm: compile: skip function prototypes to avoid SIGSEGV (+11)
a53cea2 validation/prototype: regression for skipping prototypes (+6)
0d2809b ptrlist: reading deleted items in NEXT_PTR_LIST() (+2)
0dac478 .gitignore: add cscope and Qt project files (+3)
38c9e9f Add default case to switches on enum variables (+5,-1)
8efbac1 Fix size calculation of unsized bool array (+48,-1)
7647c77 Do not drop 'nocast' modifier when taking the address. (+198,-1)
153fbd0 Fix warning compiling sparse-llvm (+2,-2)
65f90e7 sparse: add 'alloc_align' to the ignored attributes (+40)
ffc860b sparse: ignore __assume_aligned__ attribute (+8)
6c283a0 sparse: add no_sanitize_address as an ignored attribute (+11)
⇒ + 147 more…
e8bd0a6 tar: override symlink permissions (+10)
ca7c9db tools/pkg-config: Update to 0.29.2 (+2,-20)
1aedf2f tools/squashfs: use host cflags (+1)
dde29b2 tools/coreutils: install readlink (+2,-2)
58a95f0 tools/e2fsprogs: fix building on a glibc 2.27 host (+54,-1)

Build System / Image Builder (4 changes)

1d0f7e3 imagebuilder: make submake invocations less verbose (+4,-4)
c7234e3 imagebuilder: add package_list function (+14,-7)
74eeb07 imagebuilder: clean package_list (+6,-6)
5900443 imagebuilder: don't rewrite package list output (+1,-1)

Build System / Toolchain (7 changes)

90a43e5 toolchain/gcc: reduce source directory size by about 420 MB (+6)
bdb05f5 gcc: remove obsolete uclibc patch (-99)
a33b0ce toolchain/musl: parallelize make install (+1,-1)
3056122 toolchain/gcc: parallelize make install (+2,-2)
0807022 gcc: fix documentation entries added by 910-mbsd_multi.patch (+12,-12)
7f3f2bc build: remove old kernel-headers build directories (+1)
afa8873 gcc: gcc 6.3.0 fix comparison between pointer and integer (+11)

Kernel (37 changes)

373fa54 kernel: bump 4.4 to 4.4.93 for 17.01 (+3,-3)
7f3dab2 kernel: bump 4.4 to 4.4.102 (+42,-54)
2b66449 kernel: bump 4.4 to 4.4.103 for 17.01 (+14,-78)
157b892 kernel: remove out of tree direct-io disable hack (+1,-173)
7ccfa82 ar8327: Add workarounds for AR8337 switch. (+62,-1)
9ce30f7 kernel: move initramfs's init script out of base-files (+1,-1)
9858827 kernel: allow selecting RTC drivers on targets without explicit RTC support (+17,-9)
816fb34 mvswitch: fix autonegotiation issue (+7)
13a5568 ip17xx: correct aneg_done return value (+1,-1)
e01367e kernel: add CONFIG_SCHED_HRTICK=y to the generic config (+1)
c864906 netfilter: add iptables-mod-rpfilter package (+34)
f8a441e kernel: bump 4.4 to 4.4.107 (+84,-84)
ee55629 kernel: bump 4.4 to 4.4.108 for 17.01 (+5,-5)
7f5a040 kernel: update kernel 4.4 to version 4.4.110 (+149,-148)
f033697 kernel: bump 4.4 to 4.4.111 for 17.01 (+5,-5)
d5278cc kernel: bump 4.4 to 4.4.112 for 17.01 (+21,-167)
fbeae9d iptables: make kmod-ipt-debug part of default ALL build (+3,-4)
3b22710 kernel: backport raw-ip mode for newer QMI LTE modems (+701)
31ae738 kernel: refresh patches (+18,-57)
b934aa2 kernel: update 17.01 kernel to 4.4.116 (+126,-241)
2ae9ebf kernel: bump 4.4 to 4.4.120 for 17.01 (+63,-70)
9bdea6a generic: revert broken LED core patch (+28)
60f8d38 kernel: merge a pending fix for HFSC warnings/slowdowns (fixes FS#1136) (+89,-3)
bed0ee7 Kernel: bump 4.4 to 4.4.124 for 17.01 (+142,-170)
afca235 kernel: backport commit reverting genirq patch causing regressions (+37)
4673a0b kernel: mtd: bcm47xxpart: improve handling TRX partition size (+65)
a9b6077 kernel: bump kernel 4.4 to 4.4.126 for 17.01 (+98,-132)
81573ea kernel: bump kernel 4.4 to 4.4.129 for 17.01 (+136,-136)
999bb66 kernel: add missing in6_dev_put_clear call to an ipv6 network patch (+12,-4)
e8b1af4 kernel: bump kernel 4.4 to 4.4.131 for 17.01 (+35,-35)
7b54d52 kernel: use accepted version of bcm47xxpart fix commit (+6,-1)
161d95f kernel: bump kernel 4.4 to 4.4.132 for 17.01 (+11,-11)
2328977 kernel: bump kernel 4.4 to 4.4.135 for 17.01 (+286,-284)
b03826d kernel: bump kernel 4.4 to version 4.4.137 (+34,-9)
5c6a8a9 kernel: bump kernel 4.4 to version 4.4.138 (+2,-2)
aaecfec kernel: bump kernel 4.4 to version 4.4.139 (+21,-21)
38e704b kernel: bump kernel 4.4 to version 4.4.140 (+6,-82)

Packages / Boot Loaders (4 changes)

8be5b12 lantiq: remove lantiq_board_name, use the generic function instead (+6,-20)
91821c8 kexec-tools: get kexec running on MUSL and x86 hardware (+211)
10182cb grub2: update to 2.02~rc2 (+2,-2)
6e1e2e7 package/grub2: update to 2.02 (+3,-6)

Packages / Common (129 changes)

0780e12 opkg: bump to 2017-10-23 (lede-17.01) (+3,-3)
3f13edd pkg_run_script: use pkg->dest in half installed case (+2,-1)
7a96972 libbb: xreadlink: fix memory leak on failure case (+1)
5bb5fd5 opkg: add --no-check-certificate argument (+13,-1)
c6caf07 pkg_parse: fix segfault when parsing descriptions with leading newlines (+9,-11)
367b456 dnsmasq: restore ability to include/exclude raw device names (+3,-3)
6b6578f wireguard: version bump to 0.0.20171101 (+2,-2)
cda8ec7 openssl: update to 1.0.2m (+4,-4)
ed571c1 wireguard: bump to 0.0.20171111 (+2,-2)
8751bd7 wireguard: move to kernel build directory (+1,-1)
d851d7f wireguard: fix portability issue (+18)
e626942 dnsmasq: load instance-specific conf-file if exists (+8,-8)
d3f40aa wireguard: bump to 20171122 (+2,-2)
0946ec0 wireguard: bump to snapshot 20171127 (+2,-3)
e5a10bc samba36: backport an upstream fix for an information leak (CVE-2017-15275) (+41,-1)
060b7f1 curl: apply CVE 2017-8816 and 2017-8817 security patches (+209,-1)
3590316 dnsmasq: backport infinite dns retries fix (+46,-1)
19ebc19 hostapd: Expose the tdls_prohibit option to UCI (+6,-1)
f5f5f58 hostapd: backport fix for wnm_sleep_mode=0 (+36,-1)
b41a2e6 opkg: bump to version 2017-12-08 (+3,-3)
098e774 libopkg: fix SHA256 calculation for big endian system (+8)
a6bb5cb file_util: implement urlencode_path() helper (+62)
793fbac opkg: encode archive filenames while constructing download URLs (+8,-4)
79908c2 file_util: consolidate hex/unhex routines (+26,-37)
3c46c88 file_util: implement urldecode_path() (+21)
9f61f7a opkg_download: decode file:/ URLs (+2,-1)
8bf67f6 mdadm: extend uci config support (+82,-7)
adc9f93 utils/mdadm: Update to 4.0 (+53,-31)
157b892 kernel: remove out of tree direct-io disable hack (+1,-173)
4fc0fb3 mdadm: Do not check RUN_DIR (+2,-1)
6c1b6e8 mdadm: Fix config generation (+9,-11)
3bb8818 mdadm: fix parameter quoting (+12,-8)
207bcea cyassl: update to wolfssl 3.12.2 (1 CVE) (+146,-2)
50b4789 openssl: update to 1.0.2n (+3,-3)
c566a9e toolchain: Broaden the executable loader pattern (+1,-1)
051a33e thc-ipv6: Allow overriding CFLAGS (+12)
1e3ff02 bsdiff: Also pass down TARGET_CPPFLAGS (+2,-2)
12b811a omcproxy: Update to latest HEAD (+3,-3)
1fe6f48 Cmake: Find libubox/list.h (+3)
c6dd059 px5g: Fix TARGET_LDFLAGS and add TARGET_CPPFLAGS (+2,-2)
2d31ec4 adb: Also pass TARGET_CPPFLAGS (+1,-1)
2dd9b62 rssileds: Fix build with external toolchains (+4,-2)
28c9731 toolchain: Allow external toolchains to specify libthread-db (+28)
cfb5a55 iwcap: fix handling kill signal during dump (+13,-13)
9504392 toolchain: add musl libc.so to external toolchain (+1,-1)
37aae44 libnl: Fix building with uClibc (+105)
7263e3c lldpd: bump to 0.9.6 (+2,-2)
f7f6913 lzo: Update to 2.10 (+2,-2)
affff02 busybox: don't install NTP scripts if NTP isn't configured (+4)
9459722 busybox: fix installation of cron and ntpd scripts in the default config (+2,-2)
9b24d99 iproute2: add libgenl.h and ll_map.h to InstallDev section (+1,-1)
f30114c dropbear: fix procd interface trigger install (+3,-1)
6b9eb0c hostapd: fix reload frequency change patch (+32,-7)
67caf6b network/utils/ipset: Update to 6.32 (+2,-2)
070463f devel/strace: Update to 4.16 (+3,-3)
79def69 comgt-3g: enable modem before to setpin (+1)
9754a9c devel/trace-cmd: Update to 2.6.1 (+4,-7)
8ee15ed elfutils: bump to 0.169 (+271,-241)
8d4c047 lldpd: drop specific respawn params [use system-wide] (-3)
444b64f libunwind: update to 1.2 (+58,-19)
26ea59c lldpd: bump to 0.9.7 (+2,-2)
a6e5943 elfutils: Pass -Wno-unused-result to silence warnings as errors (+1,-1)
41ee454 ppp: propagate master firewall zone to dynamic slave interface (+4,-1)
7d1f407 gdb: remove Build/Compile rule ; default one works (-7)
86158ad libunwind: update to version 1.2.1 (+2,-48)
3129db3 busybox: backport 'ip rule suppress_{prefixlength, ifgroup}' (+145)
3027a68 valgrind: bump to 3.13.0 (+4,-49)
ef3649d hostapd: add acct_interval option (+5,-2)
0e6a6c8 hostapd: configure NAS ID regardless of encryption (+3,-3)
8693ab5 dropbear: server support option '-T' max auth tries (+132,-2)
d413c75 dropbear: add option to set max auth tries (+4,-2)
ea23ba9 bzip2: add symlink to binary (+3,-1)
c864906 netfilter: add iptables-mod-rpfilter package (+34)
cf11a41 lzo: use default Build/Configure rule (+3,-6)
610e2af zlib: use default Build/Configure rule (+9,-11)
0a97626 kmod-sched-cake: drop maintainer (-1)
a37f8b0 samba36: Remove legacy options (+2,-7)
3b6b892 ca-certificates: Update to 20170717 (+4,-4)
9e84d33 nvram: fix memory leak (+10,-3)
c446ee4 nvram: add usage() function (+13,-10)
118a2ea nvram: improve argument check when program start (+9,-8)
2b88309 nvram: add help message for nvram magic not found (+1)
1458bc2 samba36: Remove guest ok since LuCI configures it. (+1,-2)
71797b6 samba36: Don't resolve interfaces. (+2,-7)
80a22ee samba36: Remove syslog and load printers lines. (-2)
2f80d84 wwan: json format in some modem definitions (+349,-349)
9cf371c dnsmasq: Pass TARGET_CPPFLAGS to Makefile (+1,-1)
eff1f7e usbutils: avoid duplicating the git revision (+1,-1)
77e79b2 openvpn: update to 2.4.4 (+58,-34)
9d1bfb8 dropbear: make ssh compression support configurable (+13,-3)
9bd667f dropbear: fix PKG_CONFIG_DEPENDS (+4,-1)
d63eb47 ppp: fix compile warning (+1)
7fa7002 ppp: make the patches apply correctly again (+1,-1)
cd901ef libunwind: disable building with ssp (+2,-1)
79024cd openssl: fix cryptodev config dependency (+1)
e5c284b package/elfutils: add CFLAG -Wno-format-nonliteral (+1,-1)
91e4830 openvpn: add support to start/stop single instances (+37,-18)
c315843 igmpproxy: remove firewall rules when service is stopped (+5,-1)
7f78a86 hostapd: set mcast_rate in mesh mode (+68)
05f0fac hostapd: explicitly set beacon interval for wpa_supplicant (+1)
0625814 packages: nvram: fix memory leak in _nvram_free (+4)
50147d4 libnl-tiny: use fixed message size instead of using the page size (+1,-6)
796bc21 hostapd: don't set htmode for wpa_supplicant (-2)
4cfcfec hostapd: remove unused local var declaration (-2)
e719a08 usbutils: Update usb.ids file to latest (+3,-3)
ceea0ac wireguard: bump to 20171211 (+3,-3)
2603c85 wireguard: bump to 20171221 (+2,-2)
4f1dca9 kmod-sched-cake: bump to latest bake of cake for 17.01 (+3,-3)
ff38695 A less aggressive autorate margin. (+1,-1)
e4a3628 Whitespace tidy up (+22,-22)
0758e90 Try a lower-latency priority queue in shaped mode. (+34,-15)
2575be7 This is what happens when you code while half-asleep. (+1,-1)
e89caa6 Another rather obvious fix. Why doesn't the kernel have -Wsigned-compare on ... (+1,-1)
9c3da02 Did I get *any* of this right first time? (+8,-2)
6c341ce Getting closer - try not to starve the Bulk tin. (+10,-4)
a7133c6 Need to adjust tin rates - first test. (+1,-1)
3e36769 Continuing the individual weight adjustments... (+3,-3)
08da7dd Try a completely different approach to the starvation problem. (+20,-12)
17ee7e7 Ingress mode, first stage. Can't yet be configured active. (+20,-6)
85aeee2 Ingress mode can now be configured. (+8)
c6c865e Correctly report ingress-mode status. (+4)
8742ff9 Fix uninitialised tin_order in besteffort and precedence cases. (+2)
14cbb5e Temporary fixes for Diffserv-LLT bandwidth and incorrect stats in unlimited m... (+4,-4)
8978b24 Proper fix for diffserv-llt mode. (+7,-4)
⇒ + 65 more…
c4e9487 iproute2: cake: support new operating modes for 17.01 (+118,-38)
dca4dfa iproute2: cake: fix patch format error (+6,-16)
dea8979 Lantiq: make possible to tweak DSL SRN from UCI (+26,-1)
541a1a7 lantiq: activate noise margin delta for VDSL too (+2,-2)
fb6f21c kmod-sched-cake: bump to latest cake bake for 17.01 (+3,-3)
402f05c Use full-rate mtu_time in all tins, to improve latency control in ingress + d... (+3,-1)
31277c2 Avoid unsigned comparison against zero. (+1,-1)
8cf5278 ack_filter: fix TCP flag check (+1,-1)
58d60bd dnsmasq: backport dnssec security fix for 17.01 (+203,-1)
2ae0741 dnsmasq: backport validation fix in dnssec security fix (+2,-2)
00fa1e4 curl: fix libcurl/mbedtls async interface (+28,-1)
6ea9a70 iptables: Fix target TRACE issue (+15,-1)
fbeae9d iptables: make kmod-ipt-debug part of default ALL build (+3,-4)
566ff9e libunwind: enable build for arm (+1,-1)
b15d54e perf: use libunwind (+1,-1)
b345cc2 libunwind: fix build with musl on PPC (+383)
01d7a5d perf: restrict libunwind dependency to archs that actually support libunwind (+1,-1)
222521d tools: add iucode-tool (+47)
f609913 mbedtls: update to version 2.7.0 (+42,-53)
c4b3829 openssl: update to 1.0.2o (+11,-11)
3ca1438 mbedtls: update to version 2.7.2 (+23,-23)
09d95e4 mbedtls: change libmbedcrypto.so soversion back to 0 (+31,-5)
90d9df0 wireguard: bump to 20180118 (+2,-2)
57e773b wireguard: bump to 20180202 (+2,-2)
9e5bed6 wireguard: bump to 20180304 (+2,-2)
4cb9af8 wireguard: bump to 20180420 (+2,-2)
0e3cc08 wireguard: bump to 0.0.20180513 (+2,-2)
6cc65b0 wireguard: Add support for ip6prefix config option (+6)
8308991 wireguard: bump to 20180514 (+10,-9)
5ad80ff wireguard: no longer need portability patch (+1,-19)
6eec0e4 wireguard: bump to 20180519 (+2,-2)
88ba88e mbedtls: update mbedtls to version 2.7.3 (+7,-7)
98b9d8a mbedtls: Activate the session cache (-10)
aaac9e8 mtd: mark as nonshared to fix FS#484 (+2)
6734f32 mtd: add build hack to reintroduce shared mtd for older releases (+2,-2)

Packages / Firmware (3 changes)

c6314ee firmware: add microcode package for AMD (+45)
681aaaf firmware: add microcode package for Intel (+49)
ba502a4 intel-microcode: update to 20180312 (+3,-3)

Packages / LEDE base files (20 changes)

a0ef1c4 functions.sh: fix default_postinst function (+1,-1)
135aa3b base-files: upgrade: make get_partitions() endian agnostic (+13,-5)
15efa09 base-files: add submission service port (+2)
f173464 base-files: add generic board_name function to functions.sh (+4)
38ea91e base-files: use restart if no reload hook for service (+3,-4)
28c350f base-files: fix default procd reload (+1,-1)
9c3e4b5 base-files: board.json's switch reset means existence, not argument (+4,-1)
75d8127 base-files: suppress uci not found output in login.sh (+1,-1)
23b9dc2 base-files: drop unused preinit_echo function (-5)
bdc998c base-files: order conffiles alphabetically (+10,-10)
c61cf4a base-files: add /etc/profile.d to conffiles (+1)
1c92998 base-files: set FAILSAFE in /etc/profile when /tmp/.failsafe exists (+5,-2)
a190802 base-files: fix logic when to show failsafe banner (+2,-2)
f60be72 base-files: don't evaluate block-device uevent (+8,-5)
18c999a base-files: fix off-by-one in counting seconds for factory reset (+1,-1)
17c0362 base-files: sysupgrade: do not rely on opkg to list changed conffiles (+21,-2)
9b0a4ba base-files: tune fragment queue thresholds for available system memory (+21,-10)
efb6ca1 base-files: /lib/functions.sh: ignore errors in insert_modules (+2,-2)
b080032 base-files: fix links in banner.failsafe (+3,-1)
248b358 LEDE v17.01.5: adjust config defaults (+11,-9)

Packages / LEDE network userland (21 changes)

63f6408 uclient: update to the latest version, fixes fetch of multiple files (+3,-3)
4b87d83 uclient-fetch: fix overloading of output_file variable (+4,-3)
ed82c52 uqmi: also try newer pin verification (+1,-1)
ec395ee swconfig: Link with libubox (+1,-1)
7fb03d9 netifd: fix fw3 warnings in dhcp script (+1,-1)
a1392e0 netifd: return error status in reload_service (+4,-1)
41ee454 ppp: propagate master firewall zone to dynamic slave interface (+4,-1)
bead60c uqmi: replace legacy command invoke with newer type (+7,-7)
0393009 net: uqmi: fix blocking in endless loops when unplugging device (+2)
046222d uqmi: fix raw-ip mode for newer lte modems (+15,-2)
7c259fb uqmi: silence error on pin verification (+1,-1)
5661ac1 uqmi: use general method for state cleaning (+4,-10)
e9eb219 uqmi: use correct value for connection checking (+8,-4)
b3b16c8 uqmi: use built-in command for data-link verification (+20,-2)
788312c uqmi: ensure CID is a numeric value before proceeding (+4,-4)
dfe620c odhcpd: fix interop with wide DHCPv6 client (FS#1377) (+4,-4)
53f52e3 dhcpv4: make dhcpv4 support optional (+16,-1)
3a1210f CMakeLists: fix label mismatch (+1,-1)
aedc154 dhcpv6-ia: don't always send reconf accept option (FS#1377) (+2,-1)
6ba6a1c Revert "CMakeLists: fix label mismatch" (+1,-1)
2da5850 Revert "dhcpv4: make dhcpv4 support optional" (+1,-16)
f609913 mbedtls: update to version 2.7.0 (+42,-53)
09d95e4 mbedtls: change libmbedcrypto.so soversion back to 0 (+31,-5)
4a38c0c odhcpd: fix managed address configuration setting (+4,-4)
710f2ab dhcpv4: fix out of bound access in dhcpv4_put (+3,-1)
59339a7 router: fix managed address configuration setting (+4,-3)
f34a075 ustream-ssl: update to latest git HEAD (+3,-3)
45ac930 remove polarssl support (-399)
39a6ce2 ustream-ssl: Enable ECDHE with OpenSSL. (+3)
527e700 ustream-ssl: Remove RC4 from ciphersuite in server mode. (+2)
0fee490 ustream-ssl: update to latest git HEAD (+4,-4)
e8a1469 mbedtls: Add support for a session cache (+21)
5322f9d mbedtls: Fix setting allowed cipher suites (+12,-15)
21f44e3 map: add ealen as configurable uci parameter (+2,-1)

Packages / LEDE system userland (22 changes)

586a721 mountd: bump to git HEAD version (fixes SIGSEV crashes) (+4,-4)
01bb2b0 mount: fix SIGSEV crashes (-2)
6efeb19 autofs: register SIGTERM for gracefull exit (+17,-21)
792559f mountd: bump to git HEAD version (optimization fixes) (+4,-4)
75e7412 mount: drop duplicated filesystem check from mount_add_list (+1,-1)
7826ca5 mount: add mount with ignore=1 for unsupported filesystems (+7,-3)
95824b9 rpcd: update to the latest version from 2017-11-09 (+3,-3)
9a86401 plugin: use RTLD_LOCAL instead of RTLD_GLOBAL when loading library (+1,-1)
c9fb48a procd: update to latest git HEAD (fixes and improvements) (+3,-3)
8d5d29c service: fix SERVICE_ATTR_NAME usage in service_handle_set (+1,-1)
5db8f70 procd: add missing new lines inside debug code (+5,-7)
d9dc0e0 service: fix calls to blobmsg_parse() (+8,-8)
d64c0e5 rpcd: update to version 2017-11-12 (+3,-3)
4e48331 sys: add packagelist method (+79)
a0231be sys: fix memory leak in packagelist (+1)
56b9f0f procd.sh: use parameterized respawn values (+3,-1)
a44c440 usbmode: remove devices with unsupported modes (+7,-2)
c58e824 procd: mdns: Support txt values with spaces (+2,-2)
ed4f4f1 procd: Install seccomp-trace symlink (+1)
5872c19 procd: Always tell cmake whether to include seccomp support or not (+2,-3)
2f75641 uhttpd: fix query string handling (+3,-3)
a235636 file: fix query string handling (+6,-1)
b833944 uci: update to HEAD of lede-17.01 branch (+3,-3)
1e17f24 lua: support extended section notation (+36,-7)
141b64e lua: additionally return name when looking up sections (+8,-3)
473e994 rpcd: backport version 2017-12-07 from master (+3,-3)
74a784f sys: fix passwd path (+3,-2)
cfe1e75 sys: packagelist: allow listing all packages (+19,-2)
55c23e4 procd: update to latest git HEAD (+3,-3)
9085551 procd: initd: fix path allocation in early_insmod (+1,-1)
1883530 procd: Fix minor null pointer dereference. (+3,-3)
f19416a fstools: backport fix from master branch (+3,-3)
37762ff libfstools: support file paths longer than 255 chars (+18,-4)
9934231 libubox: update to latest lede-17.01 git HEAD (+3,-3)
cfc75c5 runqueue: fix use-after-free bug (+1,-1)
6abafba jshn: read and write 64-bit integers (+2,-2)
1dafcd7 jshn: properly support JSON "null" type (+14,-3)
d626aa0 mountd: bump to git HEAD version (+4,-4)
0f4f20b mount: call hotplug mount scripts only on success (+2,-2)
e31565a mount: remove directory if mounting fails (+3,-1)
c54e5c6 mount: check if block was mounted before cleaning it up (+7,-5)
28483d4 procd: update to latest git HEAD (+3,-3)
9a4036f trace: add missing limits.h include (+1)
4db583b mountd: update to the latest version from 2018-02-26 (+3,-3)
7aadd1c mount: improve handling mounts table size (+8,-4)
7c8fea8 mount: rename /proc/mount parser to mount_update_mount_list() (+3,-3)
1af9ca2 mount: change mount_dev_del() argument to struct mount * (+12,-16)
ed4270f mount: struct mount: replace "mounted" and "ignore" fileds with a "status" (+30,-17)
36f9197 mount: fix removing mount point if it's expired (+4,-2)
bf7cc33 mount: fix/improve unmounting log messages (+2,-3)
a27ea3f mount: drop duplicated unlink() call from the mount_dev_del() (-2)
04b897f mount: drop duplicated rmdir() call from the mount_enum_drives() (+1,-3)
76766ae mount: rename tmp variables in the mount_add_list() (+4,-4)
e77dc6d mount: reorder deleting code in the mount_enum_drives() (+5,-3)
1b62489 mount: create not working symlink when unmounting fails (+38,-8)
97da4ed mount: try lazy unmount if normal one fails (+1)
aaf2743 mount: call hotplug-call with ACTION=remove before trying to unmount (+5,-4)
5f2c419 mount: drop duplicated includes (-3)
b5ba01a fstools: update to latest lede-17.01 branch (+3,-3)
95c07d5 libfstools: fix foreachdir() to pass dir with a trailing slash (+12,-2)
6609e98 libfstools: add "const" to char pointer arguments in mount_move() (+2,-2)
2c0cd47 rpcd: update to lastest HEAD (+3,-3)
6994c87 uci: fix session delta isolation (+7)
f0f6f81 session: remove redundant key attribute to rpc_session_set() (+5,-5)
3d400c7 session: support reclaiming pending apply session (+38,-2)
eb09f3a session: ignore non-string username attribute upon restore (+3)
edd37f8 uci: add rpc_uci_replace_savedir() helper (+19,-7)
2423162 uci: switch to proper save directory on apply/rollback (+49,-35)
66a9bad uci: fix memory leak in rpc_uci_apply_timeout() (+2)
92d0d75 uci: use correct sort index when reordering sections (+1,-1)
10f7878 exec: close stdout and stderr streams on child signal (+6)
8206219 uci: fix memory leak in rpc_uci_replace_savedir() (+5,-1)
cf4a37a uci: add missing 'option' support to uci_rename() (+3,-2)

Target / apm821xx (9 changes)

7f5a040 kernel: update kernel 4.4 to version 4.4.110 (+149,-148)
b934aa2 kernel: update 17.01 kernel to 4.4.116 (+126,-241)
a9b6077 kernel: bump kernel 4.4 to 4.4.126 for 17.01 (+98,-132)
81573ea kernel: bump kernel 4.4 to 4.4.129 for 17.01 (+136,-136)
161d95f kernel: bump kernel 4.4 to 4.4.132 for 17.01 (+11,-11)
058a0b7 apm821xx: Add default packages to NAND target (+9,-8)
2328977 kernel: bump kernel 4.4 to 4.4.135 for 17.01 (+286,-284)
b03826d kernel: bump kernel 4.4 to version 4.4.137 (+34,-9)
aaecfec kernel: bump kernel 4.4 to version 4.4.139 (+21,-21)

Target / ar71xx (25 changes)

9740523 ar71xx: fix LED config for DIR-869 A1 (+4,-7)
7f3dab2 kernel: bump 4.4 to 4.4.102 (+42,-54)
2b66449 kernel: bump 4.4 to 4.4.103 for 17.01 (+14,-78)
aaa73fe ar71xx: fix switch port numbering on RB750r2 and RB750UPr2 (+6)
f8a441e kernel: bump 4.4 to 4.4.107 (+84,-84)
7f5a040 kernel: update kernel 4.4 to version 4.4.110 (+149,-148)
e07ee06 ar71xx: QCA956X: add missing register (+66,-4)
c3cdc53 ag71xx: Fix rx ring buffer stall on small packets flood on qca956x and qca953x. (+22,-1)
2e8a3bb ar71xx: Netgear WNR2000v4: do not include USB packages [17.01] (-1)
d5278cc kernel: bump 4.4 to 4.4.112 for 17.01 (+21,-167)
b1205a9 ar71xx: /lib/ar71xx.sh: add model detection for TP-Link TL-WR810N (+3)
2e26bdf ar71xx: remove bs-partition ro-flag for UniFi AC (+1,-1)
b934aa2 kernel: update 17.01 kernel to 4.4.116 (+126,-241)
2ae9ebf kernel: bump 4.4 to 4.4.120 for 17.01 (+63,-70)
bed0ee7 Kernel: bump 4.4 to 4.4.124 for 17.01 (+142,-170)
6577fe2 ar71xx: sysupgrade: improve CPE/WBS 210/510 validation, add new metadata offset (+20,-12)
eed9d40 ar71xx: Ubiquiti Airmax M: add relocate-kernel to invalidate cache (+1)
81573ea kernel: bump kernel 4.4 to 4.4.129 for 17.01 (+136,-136)
e8b1af4 kernel: bump kernel 4.4 to 4.4.131 for 17.01 (+35,-35)
b078753 ar71xx: fix and improve ALFA Network Tube2H support (+12,-1)
6e47c22 ar71xx: Deactivate build of Netgear WNR2000v3 (+2,-1)
2328977 kernel: bump kernel 4.4 to 4.4.135 for 17.01 (+286,-284)
b03826d kernel: bump kernel 4.4 to version 4.4.137 (+34,-9)
71019a7 ar71xx: fix 5 GHz Wi-Fi on NBG6716 (+7,-1)
38e704b kernel: bump kernel 4.4 to version 4.4.140 (+6,-82)

Target / arm64 (2 changes)

2328977 kernel: bump kernel 4.4 to 4.4.135 for 17.01 (+286,-284)
b03826d kernel: bump kernel 4.4 to version 4.4.137 (+34,-9)

Target / at91 (1 change)

b03826d kernel: bump kernel 4.4 to version 4.4.137 (+34,-9)

Target / ath25 (1 change)

b03826d kernel: bump kernel 4.4 to version 4.4.137 (+34,-9)

Target / bcm53xx (5 changes)

8261592 bcm53xx: suppress osafeloader info error messages during flashing (+1,-1)
b934aa2 kernel: update 17.01 kernel to 4.4.116 (+126,-241)
7dcbe0e bcm53xx: fix fallback code for picking status LED (+1,-1)
3c81d12 bcm53xx: backport the first bunch of 4.18 BCM5301X patches (+931,-5)
b03826d kernel: bump kernel 4.4 to version 4.4.137 (+34,-9)

Target / brcm2708 (12 changes)

373fa54 kernel: bump 4.4 to 4.4.93 for 17.01 (+3,-3)
7f3dab2 kernel: bump 4.4 to 4.4.102 (+42,-54)
f8a441e kernel: bump 4.4 to 4.4.107 (+84,-84)
b934aa2 kernel: update 17.01 kernel to 4.4.116 (+126,-241)
2ae9ebf kernel: bump 4.4 to 4.4.120 for 17.01 (+63,-70)
bed0ee7 Kernel: bump 4.4 to 4.4.124 for 17.01 (+142,-170)
a9b6077 kernel: bump kernel 4.4 to 4.4.126 for 17.01 (+98,-132)
81573ea kernel: bump kernel 4.4 to 4.4.129 for 17.01 (+136,-136)
e8b1af4 kernel: bump kernel 4.4 to 4.4.131 for 17.01 (+35,-35)
2328977 kernel: bump kernel 4.4 to 4.4.135 for 17.01 (+286,-284)
aaecfec kernel: bump kernel 4.4 to version 4.4.139 (+21,-21)
38e704b kernel: bump kernel 4.4 to version 4.4.140 (+6,-82)

Target / brcm47xx (11 changes)

4217541 brcm47xx: fix switch port mapping on Asus RT-N12 and RT-N16 models (+2)
ecaad8b brcm47xx: fix switch port mapping on D-Link DIR-330 (+1)
ebb5474 brcm47xx: remove target specific network preinit config (-32)
ffbbcc9 brcm47xx: image: build firmware for Asus WL-500g Deluxe (+8)
da43069 brcm47xx: relocate loader to higher address (+1,-1)
ddedcb1 brcm47xx: relocate the stack in loader (+4,-2)
5a9b101 brcm47xx: add Luxul XAP-1500 and XWR-1750 WiFi LEDs (+88,-2)
23a638e brcm47xx: backport upstream patches for Netgear WNR1000 V3 (+128,-46)
adfd64d brcm47xx: add switch port mapping to Asus WL-500W (+1,-1)
b03826d kernel: bump kernel 4.4 to version 4.4.137 (+34,-9)
aaecfec kernel: bump kernel 4.4 to version 4.4.139 (+21,-21)

Target / brcm63xx (1 change)

b03826d kernel: bump kernel 4.4 to version 4.4.137 (+34,-9)

Target / cns3xxx (2 changes)

2b66449 kernel: bump 4.4 to 4.4.103 for 17.01 (+14,-78)
aaecfec kernel: bump kernel 4.4 to version 4.4.139 (+21,-21)

Target / gemini (2 changes)

7f3dab2 kernel: bump 4.4 to 4.4.102 (+42,-54)
b03826d kernel: bump kernel 4.4 to version 4.4.137 (+34,-9)

Target / imx6 (3 changes)

7f3dab2 kernel: bump 4.4 to 4.4.102 (+42,-54)
ee55629 kernel: bump 4.4 to 4.4.108 for 17.01 (+5,-5)
b03826d kernel: bump kernel 4.4 to version 4.4.137 (+34,-9)

Target / ipq806x (8 changes)

2bee675 ipq806x: fix Zyxel NBG6817 WiFi button (+3,-2)
2aff2ad ipq806x: nbg6817: add kmod-fs-ext4 to device packages (+1,-1)
bdf19ee ipq806x: nbg6817: sync MAC addresses to the upstream values (+5,-2)
7f3dab2 kernel: bump 4.4 to 4.4.102 (+42,-54)
7f5a040 kernel: update kernel 4.4 to version 4.4.110 (+149,-148)
d5278cc kernel: bump 4.4 to 4.4.112 for 17.01 (+21,-167)
2ae9ebf kernel: bump 4.4 to 4.4.120 for 17.01 (+63,-70)
2328977 kernel: bump kernel 4.4 to 4.4.135 for 17.01 (+286,-284)

Target / ixp4xx (3 changes)

f8a441e kernel: bump 4.4 to 4.4.107 (+84,-84)
161d95f kernel: bump kernel 4.4 to 4.4.132 for 17.01 (+11,-11)
b03826d kernel: bump kernel 4.4 to version 4.4.137 (+34,-9)

Target / lantiq (11 changes)

50db9a4 lantiq: ARV752DPW22: set correct wireless led trigger (+3)
98c003e lantiq: ARV752DPW22: fix wireless mac address (+1)
ee6fa8d lantiq: add missing default lan interface (+2)
7f3dab2 kernel: bump 4.4 to 4.4.102 (+42,-54)
2b66449 kernel: bump 4.4 to 4.4.103 for 17.01 (+14,-78)
0f0d742 lantiq: move lantiq_board_detect() to 03_preinit_board.sh (+10,-10)
8be5b12 lantiq: remove lantiq_board_name, use the generic function instead (+6,-20)
80304ac lantiq: remove lantiq_board_model, it is unused (-9)
e5612d6 lantiq: spi: double time out tolerance (+37)
f8a441e kernel: bump 4.4 to 4.4.107 (+84,-84)
81573ea kernel: bump kernel 4.4 to 4.4.129 for 17.01 (+136,-136)

Target / layerscape (6 changes)

b934aa2 kernel: update 17.01 kernel to 4.4.116 (+126,-241)
2ae9ebf kernel: bump 4.4 to 4.4.120 for 17.01 (+63,-70)
bed0ee7 Kernel: bump 4.4 to 4.4.124 for 17.01 (+142,-170)
a9b6077 kernel: bump kernel 4.4 to 4.4.126 for 17.01 (+98,-132)
2328977 kernel: bump kernel 4.4 to 4.4.135 for 17.01 (+286,-284)
b03826d kernel: bump kernel 4.4 to version 4.4.137 (+34,-9)

Target / malta (1 change)

b03826d kernel: bump kernel 4.4 to version 4.4.137 (+34,-9)

Target / mediatek (6 changes)

7f3dab2 kernel: bump 4.4 to 4.4.102 (+42,-54)
f8a441e kernel: bump 4.4 to 4.4.107 (+84,-84)
b934aa2 kernel: update 17.01 kernel to 4.4.116 (+126,-241)
2ae9ebf kernel: bump 4.4 to 4.4.120 for 17.01 (+63,-70)
bed0ee7 Kernel: bump 4.4 to 4.4.124 for 17.01 (+142,-170)
81573ea kernel: bump kernel 4.4 to 4.4.129 for 17.01 (+136,-136)

Target / mvebu (7 changes)

7f3dab2 kernel: bump 4.4 to 4.4.102 (+42,-54)
7f5a040 kernel: update kernel 4.4 to version 4.4.110 (+149,-148)
7bc25df mvebu: fix mvneta build with Linux 4.4.110 (+65,-54)
d5278cc kernel: bump 4.4 to 4.4.112 for 17.01 (+21,-167)
81573ea kernel: bump kernel 4.4 to 4.4.129 for 17.01 (+136,-136)
9dd189d mvebu: Add support for WRT3200ACM with new NAND flash (+2)
2328977 kernel: bump kernel 4.4 to 4.4.135 for 17.01 (+286,-284)

Target / mxs (1 change)

b03826d kernel: bump kernel 4.4 to version 4.4.137 (+34,-9)

Target / octeon (1 change)

b03826d kernel: bump kernel 4.4 to version 4.4.137 (+34,-9)

Target / oxnas (11 changes)

7f3dab2 kernel: bump 4.4 to 4.4.102 (+42,-54)
157b892 kernel: remove out of tree direct-io disable hack (+1,-173)
f8a441e kernel: bump 4.4 to 4.4.107 (+84,-84)
7f5a040 kernel: update kernel 4.4 to version 4.4.110 (+149,-148)
b934aa2 kernel: update 17.01 kernel to 4.4.116 (+126,-241)
2ae9ebf kernel: bump 4.4 to 4.4.120 for 17.01 (+63,-70)
bed0ee7 Kernel: bump 4.4 to 4.4.124 for 17.01 (+142,-170)
a9b6077 kernel: bump kernel 4.4 to 4.4.126 for 17.01 (+98,-132)
161d95f kernel: bump kernel 4.4 to 4.4.132 for 17.01 (+11,-11)
2328977 kernel: bump kernel 4.4 to 4.4.135 for 17.01 (+286,-284)
aaecfec kernel: bump kernel 4.4 to version 4.4.139 (+21,-21)

Target / ramips (20 changes)

f5935f7 ramips: fix default usb support for nexx wt3020-8M (+1)
3eae19a ramips: fix Youku-YK1 support (+6,-5)
6cfa7e5 ramips: fix DCH-M225 support (+7,-2)
7ec6394 ramips: fix Planex CS-QR10 device packages (+3,-1)
7f3dab2 kernel: bump 4.4 to 4.4.102 (+42,-54)
9601e6a ramips: add missing reset button for Nexx WT1520 (+15,-9)
d77fe92 ramips: backport MT7628 pinmux fixes (+66,-2)
2b66449 kernel: bump 4.4 to 4.4.103 for 17.01 (+14,-78)
108a42b ramips: support jumbo frame on mt7621 up to 2k (+32,-17)
f8a441e kernel: bump 4.4 to 4.4.107 (+84,-84)
959a49d ramips: fix widora neo diag led (+4,-2)
dbb5ffa ramips: firewrt: indicate boot status via LED (+1)
987a7e3 ramips: fix lenovo newifi-y1 switch and LED config (+5,-3)
623cdc4 ramips: backport mt7530/762x switch fixes (+239,-20)
b934aa2 kernel: update 17.01 kernel to 4.4.116 (+126,-241)
bed0ee7 Kernel: bump 4.4 to 4.4.124 for 17.01 (+142,-170)
81573ea kernel: bump kernel 4.4 to 4.4.129 for 17.01 (+136,-136)
e8b1af4 kernel: bump kernel 4.4 to 4.4.131 for 17.01 (+35,-35)
b03826d kernel: bump kernel 4.4 to version 4.4.137 (+34,-9)
38e704b kernel: bump kernel 4.4 to version 4.4.140 (+6,-82)

Target / rb532 (2 changes)

9a99039 rb532: enable high-res timers, refresh kernel config (+1,-2)
b03826d kernel: bump kernel 4.4 to version 4.4.137 (+34,-9)

Target / sunxi (2 changes)

157b892 kernel: remove out of tree direct-io disable hack (+1,-173)
92ea65b sunxi: disable LPAE to allow kernel to run on A13 (+2,-22)

Target / x86 (10 changes)

7f3dab2 kernel: bump 4.4 to 4.4.102 (+42,-54)
58e0c0f x86: image: drop unused ROOTDELAY variable (-2)
1411493 x86: image: drop unneeded grub call (-1)
3225fbf x86: image: drop duplicated copy of bzImage into vmlinuz (-1)
f69d73f build: allow specifying flow-control to grub on serial console (+7,-2)
9057577 x86: keep /boot mounted for kexec (+7,-4)
7f5a040 kernel: update kernel 4.4 to version 4.4.110 (+149,-148)
b934aa2 kernel: update 17.01 kernel to 4.4.116 (+126,-241)
f7a6b67 x86: enable microcode loading for Intel and AMD (+4,-1)
571d3de x86: add preinit hook to reload microcode (+10)

Target / xburst (1 change)

e802cbf xburst: enable high-res timers, refresh kernel config (+3,-7)

Target / zynq (2 changes)

157b892 kernel: remove out of tree direct-io disable hack (+1,-173)
b03826d kernel: bump kernel 4.4 to version 4.4.137 (+34,-9)

Wireless / Common (6 changes)

62a8252 mac80211: Fix race condition leading to wifi interfaces not coming up at boot... (+27,-5)
f0a4931 mac80211: gracefully handle preexisting VIF (+6)
0f17504 mac80211: don't pass the hostapd ctrl iface in adhoc (+8,-2)
fad29d2 mac80211: brcmfmac: backport commit dropping IAPP packets by default (+158,-1)
fe3db68 mac80211: brcmfmac: add support for BCM4366E chipset (+47,-1)
7fc94b2 mac80211: rt2x00: no longer use TXOP_BACKOFF for probe frames (+46,-1)

Wireless / MT76 (1 change)

4b5861c mt76: update to the latest version (+3,-3)
2895775 mt76x2: mcu: remove unused parameter in mt76x2_mcu_msg_alloc signature (+9,-10)
1dae8f0 mt7603: mcu: remove unused parameter in mt7603_mcu_msg_alloc() signature (+10,-11)
5e49aa9 Fix errors found by cppcheck (+13,-15)
1b8c8a0 mt7603: add LED definition registers (+18)
4d83561 mt76x2: add LED register definitions (+15,-5)
2f40e4a mt76x2: Support using PCI ID as chip ID (+4)
27c64bc mt76: add led support using mac80211 led framework (+51)
dfd64fc mt76x2: init: add ma80211 led callbacks (+66,-5)
215edf1 mt7603: init: add ma80211 led callbacks (+64,-3)
9d36ff2 mt76x2: Add PCI identifier for MT7602 (+1)
0b7984e mt7603: remove unnecessary mcu register read function (-28)
f5498d2 debugfs: add support for changing the LED pin (+1)
8e453b3 mac80211: move DT led configuration to the "led" child node (+1)
8f1673a mt76x2: limit client WCID entries to 0-127 (+5,-2)
f9d9c22 mt76x2: clear drop flag for all WCIDs on init (+3)
0dd8b68 mt76x2: clear per-WCID tx rate lookup register (+6)
⇒ + 29 more…

Addressed bugs

#484

Description: Image Builder generates broken image for ASUS WL500W
Link: https://bugs.openwrt.org/index.php?do=details&task_id=484
Commits:
aaac9e8 mtd: mark as nonshared to fix FS#484 (+2)
6734f32 mtd: add build hack to reintroduce shared mtd for older releases (+2,-2)

#502

Description: Switch not configured on Asus RT-N12 B1 (brcm47xx)
Link: https://bugs.openwrt.org/index.php?do=details&task_id=502
Commits:
4217541 brcm47xx: fix switch port mapping on Asus RT-N12 and RT-N16 models (+2)

#645

Description: kmod package postinst script returned status 255
Link: https://bugs.openwrt.org/index.php?do=details&task_id=645
Commits:
efb6ca1 base-files: /lib/functions.sh: ignore errors in insert_modules (+2,-2)

#664

Description: Netgear R8000 Wifi broke with commit 8301e613655c2d95fa5430a1a57d92d966fdc70b
Link: https://bugs.openwrt.org/index.php?do=details&task_id=664
Commits:
f0a4931 mac80211: gracefully handle preexisting VIF (+6)

#672

Description: Netgear WNR2000v3 - Looses always settings after power loss, nothig is been saved
Link: https://bugs.openwrt.org/index.php?do=details&task_id=672
Commits:
6e47c22 ar71xx: Deactivate build of Netgear WNR2000v3 (+2,-1)

#704

Description: brcmfmac / Raspberry Pi 3 / wifi not working / adhoc and 80211s-mode
Link: https://bugs.openwrt.org/index.php?do=details&task_id=704
Commits:
f0a4931 mac80211: gracefully handle preexisting VIF (+6)

#711

Description: iptables 600-shared-libext.patch broken and incomplete
Link: https://bugs.openwrt.org/index.php?do=details&task_id=711
Commits:
da126d5 iptables: fix nftables compile issue (FS#711) (+20)
0426596 Revert "iptables: fix nftables compile issue (FS#711)" (-20)

#790

Description: Failsafe mode networking is broken on Linksys WRT54GSv1
Link: https://bugs.openwrt.org/index.php?do=details&task_id=790
Commits:
ebb5474 brcm47xx: remove target specific network preinit config (-32)

#832

Description: GCC 6.X Toolchain compile error
Link: https://bugs.openwrt.org/index.php?do=details&task_id=832
Commits:
afa8873 gcc: gcc 6.3.0 fix comparison between pointer and integer (+11)

#876

Description: dnsmasq-full "Exclude interfaces" configuration does not work as expected.
Link: https://bugs.openwrt.org/index.php?do=details&task_id=876
Commits:
367b456 dnsmasq: restore ability to include/exclude raw device names (+3,-3)

#893

Description: LEDE 17.01.2 rpi-3 kmod-usb-net package issues
Link: https://bugs.openwrt.org/index.php?do=details&task_id=893
Commits:
efb6ca1 base-files: /lib/functions.sh: ignore errors in insert_modules (+2,-2)

#909

Description: runas wrapper executes programs using wrong interpreter
Link: https://bugs.openwrt.org/index.php?do=details&task_id=909
Commits:
338968a build: fix invocation of bundled ld.so in SDK and Imagebuilder (+18,-15)

#991

Description: untagged vlan do not work on mt7620
Link: https://bugs.openwrt.org/index.php?do=details&task_id=991
Commits:
623cdc4 ramips: backport mt7530/762x switch fixes (+239,-20)

#1015

Description: mtd-utils-1.5.2 does not compile due to missing sysmacros.h
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1015
Commits:
96dbf59 tools/mtd-utils: include sysmacros.h explicitly (+25)

#1016

Description: findutils-4.6.0 fails to compile due to missing sysmacros.h
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1016
Commits:
d2fd641 tools/findutils: include sysmacros.h explicitly (+13)

#1017

Description: squashfs fails to compile due to update in glibc
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1017
Commits:
8a48a53 tools/squashfs4: include sysmacros.h explicitly (+36,-16)

#1018

Description: squashfs-3.0 fails to compile with new glibc
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1018
Commits:
8406e50 tools/squashfs: include sysmacros.h explicitly (+20)

#1021

Description: uhttpd-mod-ubus: error in postinst script
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1021
Commits:
a0ef1c4 functions.sh: fix default_postinst function (+1,-1)

#1055

Description: Youku YK1: No ethernet devices
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1055
Commits:
3eae19a ramips: fix Youku-YK1 support (+6,-5)

#1136

Description: HFSC kernel warnings with QoS / SQM
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1136
Commits:
60f8d38 kernel: merge a pending fix for HFSC warnings/slowdowns (fixes FS#1136) (+89,-3)

#1147

Description: VLAN problem with MT7530 switch
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1147
Commits:
623cdc4 ramips: backport mt7530/762x switch fixes (+239,-20)

#1219

Description: ipt-debug module not compiling
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1219
Commits:
fbeae9d iptables: make kmod-ipt-debug part of default ALL build (+3,-4)

#1341

Description: vlan configuration fails
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1341
Commits:
623cdc4 ramips: backport mt7530/762x switch fixes (+239,-20)

#1355

Description: U-Boot fails to start kernel
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1355
Commits:
92ea65b sunxi: disable LPAE to allow kernel to run on A13 (+2,-22)

#1377

Description: Prefix Delegation is broken
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1377
Commits:
dfe620c odhcpd: fix interop with wide DHCPv6 client (FS#1377) (+4,-4)
53f52e3 dhcpv4: make dhcpv4 support optional (+16,-1)
3a1210f CMakeLists: fix label mismatch (+1,-1)
aedc154 dhcpv6-ia: don't always send reconf accept option (FS#1377) (+2,-1)
6ba6a1c Revert "CMakeLists: fix label mismatch" (+1,-1)
2da5850 Revert "dhcpv4: make dhcpv4 support optional" (+1,-16)

#1532

Description: ar71xx - ath9k: probe of ar933x_wmac failed with error -5
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1532
Commits:
b078753 ar71xx: fix and improve ALFA Network Tube2H support (+12,-1)

Security fixes

CVE-2015-3239

Description: Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3239
Commits:
444b64f libunwind: update to 1.2 (+58,-19)

CVE-2017-3735

Description: While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3735
Commits:
cda8ec7 openssl: update to 1.0.2m (+4,-4)

CVE-2017-3736

Description: There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736
Commits:
cda8ec7 openssl: update to 1.0.2m (+4,-4)

CVE-2017-3737

Description: OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3737
Commits:
50b4789 openssl: update to 1.0.2n (+3,-3)

CVE-2017-3738

Description: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3738
Commits:
50b4789 openssl: update to 1.0.2n (+3,-3)

CVE-2017-5715

Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
Commits:
d5278cc kernel: bump 4.4 to 4.4.112 for 17.01 (+21,-167)

CVE-2017-5753

Description: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
Commits:
d5278cc kernel: bump 4.4 to 4.4.112 for 17.01 (+21,-167)

CVE-2017-5754

Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754
Commits:
7f5a040 kernel: update kernel 4.4 to version 4.4.110 (+149,-148)

CVE-2017-12166

Description: OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12166
Commits:
77e79b2 openvpn: update to 2.4.4 (+58,-34)

CVE-2017-13099

Description: wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13099
Commits:
207bcea cyassl: update to wolfssl 3.12.2 (1 CVE) (+146,-2)

CVE-2017-15107

Description: A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15107
Commits:
58d60bd dnsmasq: backport dnssec security fix for 17.01 (+203,-1)
2ae0741 dnsmasq: backport validation fix in dnssec security fix (+2,-2)

CVE-2017-15265

Description: Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15265
Commits:
373fa54 kernel: bump 4.4 to 4.4.93 for 17.01 (+3,-3)

CVE-2017-15275

Description: Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15275
Commits:
e5a10bc samba36: backport an upstream fix for an information leak (CVE-2017-15275) (+41,-1)

CVE-2017-17741

Description: The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17741
Commits:
d5278cc kernel: bump 4.4 to 4.4.112 for 17.01 (+21,-167)

CVE-2017-1000410

Description: The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000410
Commits:
d5278cc kernel: bump 4.4 to 4.4.112 for 17.01 (+21,-167)

CVE-2018-0487

Description: ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0487
Commits:
f609913 mbedtls: update to version 2.7.0 (+42,-53)

CVE-2018-0488

Description: ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0488
Commits:
f609913 mbedtls: update to version 2.7.0 (+42,-53)

CVE-2018-0739

Description: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739
Commits:
c4b3829 openssl: update to 1.0.2o (+11,-11)

releases/17.01/changelog-17.01.5.txt · Last modified: 2018/07/15 20:04 by hauke