User Tools

Site Tools


releases:17.01:changelog-17.01.5

LEDE v17.01.5 Changelog

This changelog lists all commits done in LEDE since the v17.01.4 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the final 17.01.5 release.

Build System / Buildroot (36 changes)

4af145e rules.mk: make PKG_CONFIG_DEPENDS properly track string values
157b892 kernel: remove out of tree direct-io disable hack
3387158 build: Suffix build directory with _$(LIBC) for external toolchains
94f079e build: Pass -iremap gcc option as a single argument
a7fc27e build: make Host/Install/Default use Host/Compile/Default with an extra argument
903a404 build: skip headers install and config on make target/linux/prepare
11cd607 build: unsilence move command
acd4814 build: get rid of FIND_L from host.mk
5f03ce1 scripts: only generate config from feature flag if fully match
0aafbf6 build: fix STAMP_PREPARED with quilt
f69d73f build: allow specifying flow-control to grub on serial console
977db9f scripts/download.pl: fix error message on hash mismatch
c8a0f3a target.mk: check that CPU_TYPE has known CPU_CFLAGS mapping
9ce30f7 kernel: move initramfs's init script out of base-files
3e7f191 include/packages-defaults.mk: Remove LARGEFILE option
9858827 kernel: allow selecting RTC drivers on targets without explicit RTC support
040ff6f build: remove absolute path to perl and replace with /usr/bin/env perl
4607007 build: allow val.% targets to bypass the prepare steps
bb9eb2c build: new fixes for symlinked .config handling
827f108 scripts: Probe external toolchains for libthread-db
ef43c04 scripts/download.pl: print the command used to download files
c864906 netfilter: add iptables-mod-rpfilter package
338968a build: fix invocation of bundled ld.so in SDK and Imagebuilder
89c4f47 scripts/download.pl: Adjust URLs
2e1a87a build: bundle-libraries.sh: do not override argv[0] in inner exec calls
b616aa6 scripts/package-metadata.pl: inhibit compile deps on missing build types
f006555 config: make CONFIG_ALL_* select other CONIFG_ALL_* options
b69ea02 scripts/dowload.pl: use glob to expand target dir
5beb0ab build: remove @ as it's causing an error
b41d154 rules.mk: export TMPDIR
3fa8628 build: fix restoring /etc/opkg with PER_DEVICE_ROOTFS
6ea9a70 iptables: Fix target TRACE issue
696c632 include/rootfs.mk: do not remove opkg prerm scripts during rootfs preparation
75be005 include/rootfs.mk: retain list of conffiles with CONFIG_CLEAN_IPKG
b47094c include/package-defaults.mk: fix default Build/Prepare with empty ./src
248b358 LEDE v17.01.5: adjust config defaults

Build System / Feeds (1 change)

248b358 LEDE v17.01.5: adjust config defaults

Build System / Host Utilities (20 changes)

d2fd641 tools/findutils: include sysmacros.h explicitly
96dbf59 tools/mtd-utils: include sysmacros.h explicitly
8406e50 tools/squashfs: include sysmacros.h explicitly
8a48a53 tools/squashfs4: include sysmacros.h explicitly
f19d47f tools: patch various gnu tools for macOS 10.13
2428b6d tools/sstrip: Fix compile under standard linux.
a91d8dd tools/m4: update 1.4.18
05f0b8d ccache: update to 3.3.4
ed4976d tools/sed: Update to 4.4
25fe034 tools/dosfstools: Update to 4.1
100553d tools/libressl: Update to 2.5.1
6ba0cc1 tools/coreutils: Update to 8.27
08be74f tools/isl: update to 0.18
6e09b20 tools/libressl: update to 2.5.4
59a1c16 tools/sparse: Update to snapshot 2017-03-31
95940a8 Add the __builtin functions needed for INFINITY and nan().
76a7371 Add a define for __builtin_ms_va_copy()
0f71312 Ignore pure attribute in assignement
efd34fa Add tests for the builtin INF and nan() functions.
6043210 sparse/parse.c: ignore hotpatch attribute
c04667e sparse, llvm: compile: skip function prototypes to avoid SIGSEGV
a53cea2 validation/prototype: regression for skipping prototypes
0d2809b ptrlist: reading deleted items in NEXT_PTR_LIST()
0dac478 .gitignore: add cscope and Qt project files
38c9e9f Add default case to switches on enum variables
8efbac1 Fix size calculation of unsized bool array
7647c77 Do not drop 'nocast' modifier when taking the address.
153fbd0 Fix warning compiling sparse-llvm
65f90e7 sparse: add 'alloc_align' to the ignored attributes
ffc860b sparse: ignore __assume_aligned__ attribute
6c283a0 sparse: add no_sanitize_address as an ignored attribute
⇒ + 147 more…
e8bd0a6 tar: override symlink permissions
ca7c9db tools/pkg-config: Update to 0.29.2
1aedf2f tools/squashfs: use host cflags
dde29b2 tools/coreutils: install readlink
58a95f0 tools/e2fsprogs: fix building on a glibc 2.27 host

Build System / Image Builder (4 changes)

1d0f7e3 imagebuilder: make submake invocations less verbose
c7234e3 imagebuilder: add package_list function
74eeb07 imagebuilder: clean package_list
5900443 imagebuilder: don't rewrite package list output

Build System / Toolchain (7 changes)

90a43e5 toolchain/gcc: reduce source directory size by about 420 MB
bdb05f5 gcc: remove obsolete uclibc patch
a33b0ce toolchain/musl: parallelize make install
3056122 toolchain/gcc: parallelize make install
0807022 gcc: fix documentation entries added by 910-mbsd_multi.patch
7f3f2bc build: remove old kernel-headers build directories
afa8873 gcc: gcc 6.3.0 fix comparison between pointer and integer

Kernel (37 changes)

373fa54 kernel: bump 4.4 to 4.4.93 for 17.01
7f3dab2 kernel: bump 4.4 to 4.4.102
2b66449 kernel: bump 4.4 to 4.4.103 for 17.01
157b892 kernel: remove out of tree direct-io disable hack
7ccfa82 ar8327: Add workarounds for AR8337 switch.
9ce30f7 kernel: move initramfs's init script out of base-files
9858827 kernel: allow selecting RTC drivers on targets without explicit RTC support
816fb34 mvswitch: fix autonegotiation issue
13a5568 ip17xx: correct aneg_done return value
e01367e kernel: add CONFIG_SCHED_HRTICK=y to the generic config
c864906 netfilter: add iptables-mod-rpfilter package
f8a441e kernel: bump 4.4 to 4.4.107
ee55629 kernel: bump 4.4 to 4.4.108 for 17.01
7f5a040 kernel: update kernel 4.4 to version 4.4.110
f033697 kernel: bump 4.4 to 4.4.111 for 17.01
d5278cc kernel: bump 4.4 to 4.4.112 for 17.01
fbeae9d iptables: make kmod-ipt-debug part of default ALL build
3b22710 kernel: backport raw-ip mode for newer QMI LTE modems
31ae738 kernel: refresh patches
b934aa2 kernel: update 17.01 kernel to 4.4.116
2ae9ebf kernel: bump 4.4 to 4.4.120 for 17.01
9bdea6a generic: revert broken LED core patch
60f8d38 kernel: merge a pending fix for HFSC warnings/slowdowns (fixes FS#1136)
bed0ee7 Kernel: bump 4.4 to 4.4.124 for 17.01
afca235 kernel: backport commit reverting genirq patch causing regressions
4673a0b kernel: mtd: bcm47xxpart: improve handling TRX partition size
a9b6077 kernel: bump kernel 4.4 to 4.4.126 for 17.01
81573ea kernel: bump kernel 4.4 to 4.4.129 for 17.01
999bb66 kernel: add missing in6_dev_put_clear call to an ipv6 network patch
e8b1af4 kernel: bump kernel 4.4 to 4.4.131 for 17.01
7b54d52 kernel: use accepted version of bcm47xxpart fix commit
161d95f kernel: bump kernel 4.4 to 4.4.132 for 17.01
2328977 kernel: bump kernel 4.4 to 4.4.135 for 17.01
b03826d kernel: bump kernel 4.4 to version 4.4.137
5c6a8a9 kernel: bump kernel 4.4 to version 4.4.138
aaecfec kernel: bump kernel 4.4 to version 4.4.139
38e704b kernel: bump kernel 4.4 to version 4.4.140

Packages / Boot Loaders (4 changes)

8be5b12 lantiq: remove lantiq_board_name, use the generic function instead
91821c8 kexec-tools: get kexec running on MUSL and x86 hardware
10182cb grub2: update to 2.02~rc2
6e1e2e7 package/grub2: update to 2.02

Packages / Common (129 changes)

0780e12 opkg: bump to 2017-10-23 (lede-17.01)
3f13edd pkg_run_script: use pkg->dest in half installed case
7a96972 libbb: xreadlink: fix memory leak on failure case
5bb5fd5 opkg: add --no-check-certificate argument
c6caf07 pkg_parse: fix segfault when parsing descriptions with leading newlines
367b456 dnsmasq: restore ability to include/exclude raw device names
6b6578f wireguard: version bump to 0.0.20171101
cda8ec7 openssl: update to 1.0.2m
ed571c1 wireguard: bump to 0.0.20171111
8751bd7 wireguard: move to kernel build directory
d851d7f wireguard: fix portability issue
e626942 dnsmasq: load instance-specific conf-file if exists
d3f40aa wireguard: bump to 20171122
0946ec0 wireguard: bump to snapshot 20171127
e5a10bc samba36: backport an upstream fix for an information leak (CVE-2017-15275)
060b7f1 curl: apply CVE 2017-8816 and 2017-8817 security patches
3590316 dnsmasq: backport infinite dns retries fix
19ebc19 hostapd: Expose the tdls_prohibit option to UCI
f5f5f58 hostapd: backport fix for wnm_sleep_mode=0
b41a2e6 opkg: bump to version 2017-12-08
098e774 libopkg: fix SHA256 calculation for big endian system
a6bb5cb file_util: implement urlencode_path() helper
793fbac opkg: encode archive filenames while constructing download URLs
79908c2 file_util: consolidate hex/unhex routines
3c46c88 file_util: implement urldecode_path()
9f61f7a opkg_download: decode file:/ URLs
8bf67f6 mdadm: extend uci config support
adc9f93 utils/mdadm: Update to 4.0
157b892 kernel: remove out of tree direct-io disable hack
4fc0fb3 mdadm: Do not check RUN_DIR
6c1b6e8 mdadm: Fix config generation
3bb8818 mdadm: fix parameter quoting
207bcea cyassl: update to wolfssl 3.12.2 (1 CVE)
50b4789 openssl: update to 1.0.2n
c566a9e toolchain: Broaden the executable loader pattern
051a33e thc-ipv6: Allow overriding CFLAGS
1e3ff02 bsdiff: Also pass down TARGET_CPPFLAGS
12b811a omcproxy: Update to latest HEAD
1fe6f48 Cmake: Find libubox/list.h
c6dd059 px5g: Fix TARGET_LDFLAGS and add TARGET_CPPFLAGS
2d31ec4 adb: Also pass TARGET_CPPFLAGS
2dd9b62 rssileds: Fix build with external toolchains
28c9731 toolchain: Allow external toolchains to specify libthread-db
cfb5a55 iwcap: fix handling kill signal during dump
9504392 toolchain: add musl libc.so to external toolchain
37aae44 libnl: Fix building with uClibc
7263e3c lldpd: bump to 0.9.6
f7f6913 lzo: Update to 2.10
affff02 busybox: don't install NTP scripts if NTP isn't configured
9459722 busybox: fix installation of cron and ntpd scripts in the default config
9b24d99 iproute2: add libgenl.h and ll_map.h to InstallDev section
f30114c dropbear: fix procd interface trigger install
6b9eb0c hostapd: fix reload frequency change patch
67caf6b network/utils/ipset: Update to 6.32
070463f devel/strace: Update to 4.16
79def69 comgt-3g: enable modem before to setpin
9754a9c devel/trace-cmd: Update to 2.6.1
8ee15ed elfutils: bump to 0.169
8d4c047 lldpd: drop specific respawn params [use system-wide]
444b64f libunwind: update to 1.2
26ea59c lldpd: bump to 0.9.7
a6e5943 elfutils: Pass -Wno-unused-result to silence warnings as errors
41ee454 ppp: propagate master firewall zone to dynamic slave interface
7d1f407 gdb: remove Build/Compile rule ; default one works
86158ad libunwind: update to version 1.2.1
3129db3 busybox: backport 'ip rule suppress_{prefixlength, ifgroup}'
3027a68 valgrind: bump to 3.13.0
ef3649d hostapd: add acct_interval option
0e6a6c8 hostapd: configure NAS ID regardless of encryption
8693ab5 dropbear: server support option '-T' max auth tries
d413c75 dropbear: add option to set max auth tries
ea23ba9 bzip2: add symlink to binary
c864906 netfilter: add iptables-mod-rpfilter package
cf11a41 lzo: use default Build/Configure rule
610e2af zlib: use default Build/Configure rule
0a97626 kmod-sched-cake: drop maintainer
a37f8b0 samba36: Remove legacy options
3b6b892 ca-certificates: Update to 20170717
9e84d33 nvram: fix memory leak
c446ee4 nvram: add usage() function
118a2ea nvram: improve argument check when program start
2b88309 nvram: add help message for nvram magic not found
1458bc2 samba36: Remove guest ok since LuCI configures it.
71797b6 samba36: Don't resolve interfaces.
80a22ee samba36: Remove syslog and load printers lines.
2f80d84 wwan: json format in some modem definitions
9cf371c dnsmasq: Pass TARGET_CPPFLAGS to Makefile
eff1f7e usbutils: avoid duplicating the git revision
77e79b2 openvpn: update to 2.4.4
9d1bfb8 dropbear: make ssh compression support configurable
9bd667f dropbear: fix PKG_CONFIG_DEPENDS
d63eb47 ppp: fix compile warning
7fa7002 ppp: make the patches apply correctly again
cd901ef libunwind: disable building with ssp
79024cd openssl: fix cryptodev config dependency
e5c284b package/elfutils: add CFLAG -Wno-format-nonliteral
91e4830 openvpn: add support to start/stop single instances
c315843 igmpproxy: remove firewall rules when service is stopped
7f78a86 hostapd: set mcast_rate in mesh mode
05f0fac hostapd: explicitly set beacon interval for wpa_supplicant
0625814 packages: nvram: fix memory leak in _nvram_free
50147d4 libnl-tiny: use fixed message size instead of using the page size
796bc21 hostapd: don't set htmode for wpa_supplicant
4cfcfec hostapd: remove unused local var declaration
e719a08 usbutils: Update usb.ids file to latest
ceea0ac wireguard: bump to 20171211
2603c85 wireguard: bump to 20171221
4f1dca9 kmod-sched-cake: bump to latest bake of cake for 17.01
ff38695 A less aggressive autorate margin.
e4a3628 Whitespace tidy up
0758e90 Try a lower-latency priority queue in shaped mode.
2575be7 This is what happens when you code while half-asleep.
e89caa6 Another rather obvious fix. Why doesn't the kernel have -Wsigned-compare on ...
9c3da02 Did I get *any* of this right first time?
6c341ce Getting closer - try not to starve the Bulk tin.
a7133c6 Need to adjust tin rates - first test.
3e36769 Continuing the individual weight adjustments...
08da7dd Try a completely different approach to the starvation problem.
17ee7e7 Ingress mode, first stage. Can't yet be configured active.
85aeee2 Ingress mode can now be configured.
c6c865e Correctly report ingress-mode status.
8742ff9 Fix uninitialised tin_order in besteffort and precedence cases.
14cbb5e Temporary fixes for Diffserv-LLT bandwidth and incorrect stats in unlimited m...
8978b24 Proper fix for diffserv-llt mode.
⇒ + 65 more…
c4e9487 iproute2: cake: support new operating modes for 17.01
dca4dfa iproute2: cake: fix patch format error
dea8979 Lantiq: make possible to tweak DSL SRN from UCI
541a1a7 lantiq: activate noise margin delta for VDSL too
fb6f21c kmod-sched-cake: bump to latest cake bake for 17.01
402f05c Use full-rate mtu_time in all tins, to improve latency control in ingress + d...
31277c2 Avoid unsigned comparison against zero.
8cf5278 ack_filter: fix TCP flag check
58d60bd dnsmasq: backport dnssec security fix for 17.01
2ae0741 dnsmasq: backport validation fix in dnssec security fix
00fa1e4 curl: fix libcurl/mbedtls async interface
6ea9a70 iptables: Fix target TRACE issue
fbeae9d iptables: make kmod-ipt-debug part of default ALL build
566ff9e libunwind: enable build for arm
b15d54e perf: use libunwind
b345cc2 libunwind: fix build with musl on PPC
01d7a5d perf: restrict libunwind dependency to archs that actually support libunwind
222521d tools: add iucode-tool
f609913 mbedtls: update to version 2.7.0
c4b3829 openssl: update to 1.0.2o
3ca1438 mbedtls: update to version 2.7.2
09d95e4 mbedtls: change libmbedcrypto.so soversion back to 0
90d9df0 wireguard: bump to 20180118
57e773b wireguard: bump to 20180202
9e5bed6 wireguard: bump to 20180304
4cb9af8 wireguard: bump to 20180420
0e3cc08 wireguard: bump to 0.0.20180513
6cc65b0 wireguard: Add support for ip6prefix config option
8308991 wireguard: bump to 20180514
5ad80ff wireguard: no longer need portability patch
6eec0e4 wireguard: bump to 20180519
88ba88e mbedtls: update mbedtls to version 2.7.3
98b9d8a mbedtls: Activate the session cache
aaac9e8 mtd: mark as nonshared to fix FS#484
6734f32 mtd: add build hack to reintroduce shared mtd for older releases

Packages / Firmware (3 changes)

c6314ee firmware: add microcode package for AMD
681aaaf firmware: add microcode package for Intel
ba502a4 intel-microcode: update to 20180312

Packages / LEDE base files (20 changes)

a0ef1c4 functions.sh: fix default_postinst function
135aa3b base-files: upgrade: make get_partitions() endian agnostic
15efa09 base-files: add submission service port
f173464 base-files: add generic board_name function to functions.sh
38ea91e base-files: use restart if no reload hook for service
28c350f base-files: fix default procd reload
9c3e4b5 base-files: board.json's switch reset means existence, not argument
75d8127 base-files: suppress uci not found output in login.sh
23b9dc2 base-files: drop unused preinit_echo function
bdc998c base-files: order conffiles alphabetically
c61cf4a base-files: add /etc/profile.d to conffiles
1c92998 base-files: set FAILSAFE in /etc/profile when /tmp/.failsafe exists
a190802 base-files: fix logic when to show failsafe banner
f60be72 base-files: don't evaluate block-device uevent
18c999a base-files: fix off-by-one in counting seconds for factory reset
17c0362 base-files: sysupgrade: do not rely on opkg to list changed conffiles
9b0a4ba base-files: tune fragment queue thresholds for available system memory
efb6ca1 base-files: /lib/functions.sh: ignore errors in insert_modules
b080032 base-files: fix links in banner.failsafe
248b358 LEDE v17.01.5: adjust config defaults

Packages / LEDE network userland (21 changes)

63f6408 uclient: update to the latest version, fixes fetch of multiple files
4b87d83 uclient-fetch: fix overloading of output_file variable
ed82c52 uqmi: also try newer pin verification
ec395ee swconfig: Link with libubox
7fb03d9 netifd: fix fw3 warnings in dhcp script
a1392e0 netifd: return error status in reload_service
41ee454 ppp: propagate master firewall zone to dynamic slave interface
bead60c uqmi: replace legacy command invoke with newer type
0393009 net: uqmi: fix blocking in endless loops when unplugging device
046222d uqmi: fix raw-ip mode for newer lte modems
7c259fb uqmi: silence error on pin verification
5661ac1 uqmi: use general method for state cleaning
e9eb219 uqmi: use correct value for connection checking
b3b16c8 uqmi: use built-in command for data-link verification
788312c uqmi: ensure CID is a numeric value before proceeding
dfe620c odhcpd: fix interop with wide DHCPv6 client (FS#1377)
53f52e3 dhcpv4: make dhcpv4 support optional
3a1210f CMakeLists: fix label mismatch
aedc154 dhcpv6-ia: don't always send reconf accept option (FS#1377)
6ba6a1c Revert "CMakeLists: fix label mismatch"
2da5850 Revert "dhcpv4: make dhcpv4 support optional"
f609913 mbedtls: update to version 2.7.0
09d95e4 mbedtls: change libmbedcrypto.so soversion back to 0
4a38c0c odhcpd: fix managed address configuration setting
710f2ab dhcpv4: fix out of bound access in dhcpv4_put
59339a7 router: fix managed address configuration setting
f34a075 ustream-ssl: update to latest git HEAD
45ac930 remove polarssl support
39a6ce2 ustream-ssl: Enable ECDHE with OpenSSL.
527e700 ustream-ssl: Remove RC4 from ciphersuite in server mode.
0fee490 ustream-ssl: update to latest git HEAD
e8a1469 mbedtls: Add support for a session cache
5322f9d mbedtls: Fix setting allowed cipher suites
21f44e3 map: add ealen as configurable uci parameter

Packages / LEDE system userland (22 changes)

586a721 mountd: bump to git HEAD version (fixes SIGSEV crashes)
01bb2b0 mount: fix SIGSEV crashes
6efeb19 autofs: register SIGTERM for gracefull exit
792559f mountd: bump to git HEAD version (optimization fixes)
75e7412 mount: drop duplicated filesystem check from mount_add_list
7826ca5 mount: add mount with ignore=1 for unsupported filesystems
95824b9 rpcd: update to the latest version from 2017-11-09
9a86401 plugin: use RTLD_LOCAL instead of RTLD_GLOBAL when loading library
c9fb48a procd: update to latest git HEAD (fixes and improvements)
8d5d29c service: fix SERVICE_ATTR_NAME usage in service_handle_set
5db8f70 procd: add missing new lines inside debug code
d9dc0e0 service: fix calls to blobmsg_parse()
d64c0e5 rpcd: update to version 2017-11-12
4e48331 sys: add packagelist method
a0231be sys: fix memory leak in packagelist
56b9f0f procd.sh: use parameterized respawn values
a44c440 usbmode: remove devices with unsupported modes
c58e824 procd: mdns: Support txt values with spaces
ed4f4f1 procd: Install seccomp-trace symlink
5872c19 procd: Always tell cmake whether to include seccomp support or not
2f75641 uhttpd: fix query string handling
a235636 file: fix query string handling
b833944 uci: update to HEAD of lede-17.01 branch
1e17f24 lua: support extended section notation
141b64e lua: additionally return name when looking up sections
473e994 rpcd: backport version 2017-12-07 from master
74a784f sys: fix passwd path
cfe1e75 sys: packagelist: allow listing all packages
55c23e4 procd: update to latest git HEAD
9085551 procd: initd: fix path allocation in early_insmod
1883530 procd: Fix minor null pointer dereference.
f19416a fstools: backport fix from master branch
37762ff libfstools: support file paths longer than 255 chars
9934231 libubox: update to latest lede-17.01 git HEAD
cfc75c5 runqueue: fix use-after-free bug
6abafba jshn: read and write 64-bit integers
1dafcd7 jshn: properly support JSON "null" type
d626aa0 mountd: bump to git HEAD version
0f4f20b mount: call hotplug mount scripts only on success
e31565a mount: remove directory if mounting fails
c54e5c6 mount: check if block was mounted before cleaning it up
28483d4 procd: update to latest git HEAD
9a4036f trace: add missing limits.h include
4db583b mountd: update to the latest version from 2018-02-26
7aadd1c mount: improve handling mounts table size
7c8fea8 mount: rename /proc/mount parser to mount_update_mount_list()
1af9ca2 mount: change mount_dev_del() argument to struct mount *
ed4270f mount: struct mount: replace "mounted" and "ignore" fileds with a "status"
36f9197 mount: fix removing mount point if it's expired
bf7cc33 mount: fix/improve unmounting log messages
a27ea3f mount: drop duplicated unlink() call from the mount_dev_del()
04b897f mount: drop duplicated rmdir() call from the mount_enum_drives()
76766ae mount: rename tmp variables in the mount_add_list()
e77dc6d mount: reorder deleting code in the mount_enum_drives()
1b62489 mount: create not working symlink when unmounting fails
97da4ed mount: try lazy unmount if normal one fails
aaf2743 mount: call hotplug-call with ACTION=remove before trying to unmount
5f2c419 mount: drop duplicated includes
b5ba01a fstools: update to latest lede-17.01 branch
95c07d5 libfstools: fix foreachdir() to pass dir with a trailing slash
6609e98 libfstools: add "const" to char pointer arguments in mount_move()
2c0cd47 rpcd: update to lastest HEAD
6994c87 uci: fix session delta isolation
f0f6f81 session: remove redundant key attribute to rpc_session_set()
3d400c7 session: support reclaiming pending apply session
eb09f3a session: ignore non-string username attribute upon restore
edd37f8 uci: add rpc_uci_replace_savedir() helper
2423162 uci: switch to proper save directory on apply/rollback
66a9bad uci: fix memory leak in rpc_uci_apply_timeout()
92d0d75 uci: use correct sort index when reordering sections
10f7878 exec: close stdout and stderr streams on child signal
8206219 uci: fix memory leak in rpc_uci_replace_savedir()
cf4a37a uci: add missing 'option' support to uci_rename()

Target / apm821xx (9 changes)

7f5a040 kernel: update kernel 4.4 to version 4.4.110
b934aa2 kernel: update 17.01 kernel to 4.4.116
a9b6077 kernel: bump kernel 4.4 to 4.4.126 for 17.01
81573ea kernel: bump kernel 4.4 to 4.4.129 for 17.01
161d95f kernel: bump kernel 4.4 to 4.4.132 for 17.01
058a0b7 apm821xx: Add default packages to NAND target
2328977 kernel: bump kernel 4.4 to 4.4.135 for 17.01
b03826d kernel: bump kernel 4.4 to version 4.4.137
aaecfec kernel: bump kernel 4.4 to version 4.4.139

Target / ar71xx (25 changes)

9740523 ar71xx: fix LED config for DIR-869 A1
7f3dab2 kernel: bump 4.4 to 4.4.102
2b66449 kernel: bump 4.4 to 4.4.103 for 17.01
aaa73fe ar71xx: fix switch port numbering on RB750r2 and RB750UPr2
f8a441e kernel: bump 4.4 to 4.4.107
7f5a040 kernel: update kernel 4.4 to version 4.4.110
e07ee06 ar71xx: QCA956X: add missing register
c3cdc53 ag71xx: Fix rx ring buffer stall on small packets flood on qca956x and qca953x.
2e8a3bb ar71xx: Netgear WNR2000v4: do not include USB packages [17.01]
d5278cc kernel: bump 4.4 to 4.4.112 for 17.01
b1205a9 ar71xx: /lib/ar71xx.sh: add model detection for TP-Link TL-WR810N
2e26bdf ar71xx: remove bs-partition ro-flag for UniFi AC
b934aa2 kernel: update 17.01 kernel to 4.4.116
2ae9ebf kernel: bump 4.4 to 4.4.120 for 17.01
bed0ee7 Kernel: bump 4.4 to 4.4.124 for 17.01
6577fe2 ar71xx: sysupgrade: improve CPE/WBS 210/510 validation, add new metadata offset
eed9d40 ar71xx: Ubiquiti Airmax M: add relocate-kernel to invalidate cache
81573ea kernel: bump kernel 4.4 to 4.4.129 for 17.01
e8b1af4 kernel: bump kernel 4.4 to 4.4.131 for 17.01
b078753 ar71xx: fix and improve ALFA Network Tube2H support
6e47c22 ar71xx: Deactivate build of Netgear WNR2000v3
2328977 kernel: bump kernel 4.4 to 4.4.135 for 17.01
b03826d kernel: bump kernel 4.4 to version 4.4.137
71019a7 ar71xx: fix 5 GHz Wi-Fi on NBG6716
38e704b kernel: bump kernel 4.4 to version 4.4.140

Target / arm64 (2 changes)

2328977 kernel: bump kernel 4.4 to 4.4.135 for 17.01
b03826d kernel: bump kernel 4.4 to version 4.4.137

Target / at91 (1 change)

b03826d kernel: bump kernel 4.4 to version 4.4.137

Target / ath25 (1 change)

b03826d kernel: bump kernel 4.4 to version 4.4.137

Target / bcm53xx (5 changes)

8261592 bcm53xx: suppress osafeloader info error messages during flashing
b934aa2 kernel: update 17.01 kernel to 4.4.116
7dcbe0e bcm53xx: fix fallback code for picking status LED
3c81d12 bcm53xx: backport the first bunch of 4.18 BCM5301X patches
b03826d kernel: bump kernel 4.4 to version 4.4.137

Target / brcm2708 (12 changes)

373fa54 kernel: bump 4.4 to 4.4.93 for 17.01
7f3dab2 kernel: bump 4.4 to 4.4.102
f8a441e kernel: bump 4.4 to 4.4.107
b934aa2 kernel: update 17.01 kernel to 4.4.116
2ae9ebf kernel: bump 4.4 to 4.4.120 for 17.01
bed0ee7 Kernel: bump 4.4 to 4.4.124 for 17.01
a9b6077 kernel: bump kernel 4.4 to 4.4.126 for 17.01
81573ea kernel: bump kernel 4.4 to 4.4.129 for 17.01
e8b1af4 kernel: bump kernel 4.4 to 4.4.131 for 17.01
2328977 kernel: bump kernel 4.4 to 4.4.135 for 17.01
aaecfec kernel: bump kernel 4.4 to version 4.4.139
38e704b kernel: bump kernel 4.4 to version 4.4.140

Target / brcm47xx (11 changes)

4217541 brcm47xx: fix switch port mapping on Asus RT-N12 and RT-N16 models
ecaad8b brcm47xx: fix switch port mapping on D-Link DIR-330
ebb5474 brcm47xx: remove target specific network preinit config
ffbbcc9 brcm47xx: image: build firmware for Asus WL-500g Deluxe
da43069 brcm47xx: relocate loader to higher address
ddedcb1 brcm47xx: relocate the stack in loader
5a9b101 brcm47xx: add Luxul XAP-1500 and XWR-1750 WiFi LEDs
23a638e brcm47xx: backport upstream patches for Netgear WNR1000 V3
adfd64d brcm47xx: add switch port mapping to Asus WL-500W
b03826d kernel: bump kernel 4.4 to version 4.4.137
aaecfec kernel: bump kernel 4.4 to version 4.4.139

Target / brcm63xx (1 change)

b03826d kernel: bump kernel 4.4 to version 4.4.137

Target / cns3xxx (2 changes)

2b66449 kernel: bump 4.4 to 4.4.103 for 17.01
aaecfec kernel: bump kernel 4.4 to version 4.4.139

Target / gemini (2 changes)

7f3dab2 kernel: bump 4.4 to 4.4.102
b03826d kernel: bump kernel 4.4 to version 4.4.137

Target / imx6 (3 changes)

7f3dab2 kernel: bump 4.4 to 4.4.102
ee55629 kernel: bump 4.4 to 4.4.108 for 17.01
b03826d kernel: bump kernel 4.4 to version 4.4.137

Target / ipq806x (8 changes)

2bee675 ipq806x: fix Zyxel NBG6817 WiFi button
2aff2ad ipq806x: nbg6817: add kmod-fs-ext4 to device packages
bdf19ee ipq806x: nbg6817: sync MAC addresses to the upstream values
7f3dab2 kernel: bump 4.4 to 4.4.102
7f5a040 kernel: update kernel 4.4 to version 4.4.110
d5278cc kernel: bump 4.4 to 4.4.112 for 17.01
2ae9ebf kernel: bump 4.4 to 4.4.120 for 17.01
2328977 kernel: bump kernel 4.4 to 4.4.135 for 17.01

Target / ixp4xx (3 changes)

f8a441e kernel: bump 4.4 to 4.4.107
161d95f kernel: bump kernel 4.4 to 4.4.132 for 17.01
b03826d kernel: bump kernel 4.4 to version 4.4.137

Target / lantiq (11 changes)

50db9a4 lantiq: ARV752DPW22: set correct wireless led trigger
98c003e lantiq: ARV752DPW22: fix wireless mac address
ee6fa8d lantiq: add missing default lan interface
7f3dab2 kernel: bump 4.4 to 4.4.102
2b66449 kernel: bump 4.4 to 4.4.103 for 17.01
0f0d742 lantiq: move lantiq_board_detect() to 03_preinit_board.sh
8be5b12 lantiq: remove lantiq_board_name, use the generic function instead
80304ac lantiq: remove lantiq_board_model, it is unused
e5612d6 lantiq: spi: double time out tolerance
f8a441e kernel: bump 4.4 to 4.4.107
81573ea kernel: bump kernel 4.4 to 4.4.129 for 17.01

Target / layerscape (6 changes)

b934aa2 kernel: update 17.01 kernel to 4.4.116
2ae9ebf kernel: bump 4.4 to 4.4.120 for 17.01
bed0ee7 Kernel: bump 4.4 to 4.4.124 for 17.01
a9b6077 kernel: bump kernel 4.4 to 4.4.126 for 17.01
2328977 kernel: bump kernel 4.4 to 4.4.135 for 17.01
b03826d kernel: bump kernel 4.4 to version 4.4.137

Target / malta (1 change)

b03826d kernel: bump kernel 4.4 to version 4.4.137

Target / mediatek (6 changes)

7f3dab2 kernel: bump 4.4 to 4.4.102
f8a441e kernel: bump 4.4 to 4.4.107
b934aa2 kernel: update 17.01 kernel to 4.4.116
2ae9ebf kernel: bump 4.4 to 4.4.120 for 17.01
bed0ee7 Kernel: bump 4.4 to 4.4.124 for 17.01
81573ea kernel: bump kernel 4.4 to 4.4.129 for 17.01

Target / mvebu (7 changes)

7f3dab2 kernel: bump 4.4 to 4.4.102
7f5a040 kernel: update kernel 4.4 to version 4.4.110
7bc25df mvebu: fix mvneta build with Linux 4.4.110
d5278cc kernel: bump 4.4 to 4.4.112 for 17.01
81573ea kernel: bump kernel 4.4 to 4.4.129 for 17.01
9dd189d mvebu: Add support for WRT3200ACM with new NAND flash
2328977 kernel: bump kernel 4.4 to 4.4.135 for 17.01

Target / mxs (1 change)

b03826d kernel: bump kernel 4.4 to version 4.4.137

Target / octeon (1 change)

b03826d kernel: bump kernel 4.4 to version 4.4.137

Target / oxnas (11 changes)

7f3dab2 kernel: bump 4.4 to 4.4.102
157b892 kernel: remove out of tree direct-io disable hack
f8a441e kernel: bump 4.4 to 4.4.107
7f5a040 kernel: update kernel 4.4 to version 4.4.110
b934aa2 kernel: update 17.01 kernel to 4.4.116
2ae9ebf kernel: bump 4.4 to 4.4.120 for 17.01
bed0ee7 Kernel: bump 4.4 to 4.4.124 for 17.01
a9b6077 kernel: bump kernel 4.4 to 4.4.126 for 17.01
161d95f kernel: bump kernel 4.4 to 4.4.132 for 17.01
2328977 kernel: bump kernel 4.4 to 4.4.135 for 17.01
aaecfec kernel: bump kernel 4.4 to version 4.4.139

Target / ramips (20 changes)

f5935f7 ramips: fix default usb support for nexx wt3020-8M
3eae19a ramips: fix Youku-YK1 support
6cfa7e5 ramips: fix DCH-M225 support
7ec6394 ramips: fix Planex CS-QR10 device packages
7f3dab2 kernel: bump 4.4 to 4.4.102
9601e6a ramips: add missing reset button for Nexx WT1520
d77fe92 ramips: backport MT7628 pinmux fixes
2b66449 kernel: bump 4.4 to 4.4.103 for 17.01
108a42b ramips: support jumbo frame on mt7621 up to 2k
f8a441e kernel: bump 4.4 to 4.4.107
959a49d ramips: fix widora neo diag led
dbb5ffa ramips: firewrt: indicate boot status via LED
987a7e3 ramips: fix lenovo newifi-y1 switch and LED config
623cdc4 ramips: backport mt7530/762x switch fixes
b934aa2 kernel: update 17.01 kernel to 4.4.116
bed0ee7 Kernel: bump 4.4 to 4.4.124 for 17.01
81573ea kernel: bump kernel 4.4 to 4.4.129 for 17.01
e8b1af4 kernel: bump kernel 4.4 to 4.4.131 for 17.01
b03826d kernel: bump kernel 4.4 to version 4.4.137
38e704b kernel: bump kernel 4.4 to version 4.4.140

Target / rb532 (2 changes)

9a99039 rb532: enable high-res timers, refresh kernel config
b03826d kernel: bump kernel 4.4 to version 4.4.137

Target / sunxi (2 changes)

157b892 kernel: remove out of tree direct-io disable hack
92ea65b sunxi: disable LPAE to allow kernel to run on A13

Target / x86 (10 changes)

7f3dab2 kernel: bump 4.4 to 4.4.102
58e0c0f x86: image: drop unused ROOTDELAY variable
1411493 x86: image: drop unneeded grub call
3225fbf x86: image: drop duplicated copy of bzImage into vmlinuz
f69d73f build: allow specifying flow-control to grub on serial console
9057577 x86: keep /boot mounted for kexec
7f5a040 kernel: update kernel 4.4 to version 4.4.110
b934aa2 kernel: update 17.01 kernel to 4.4.116
f7a6b67 x86: enable microcode loading for Intel and AMD
571d3de x86: add preinit hook to reload microcode

Target / xburst (1 change)

e802cbf xburst: enable high-res timers, refresh kernel config

Target / zynq (2 changes)

157b892 kernel: remove out of tree direct-io disable hack
b03826d kernel: bump kernel 4.4 to version 4.4.137

Wireless / Common (6 changes)

62a8252 mac80211: Fix race condition leading to wifi interfaces not coming up at boot...
f0a4931 mac80211: gracefully handle preexisting VIF
0f17504 mac80211: don't pass the hostapd ctrl iface in adhoc
fad29d2 mac80211: brcmfmac: backport commit dropping IAPP packets by default
fe3db68 mac80211: brcmfmac: add support for BCM4366E chipset
7fc94b2 mac80211: rt2x00: no longer use TXOP_BACKOFF for probe frames

Wireless / MT76 (1 change)

4b5861c mt76: update to the latest version
2895775 mt76x2: mcu: remove unused parameter in mt76x2_mcu_msg_alloc signature
1dae8f0 mt7603: mcu: remove unused parameter in mt7603_mcu_msg_alloc() signature
5e49aa9 Fix errors found by cppcheck
1b8c8a0 mt7603: add LED definition registers
4d83561 mt76x2: add LED register definitions
2f40e4a mt76x2: Support using PCI ID as chip ID
27c64bc mt76: add led support using mac80211 led framework
dfd64fc mt76x2: init: add ma80211 led callbacks
215edf1 mt7603: init: add ma80211 led callbacks
9d36ff2 mt76x2: Add PCI identifier for MT7602
0b7984e mt7603: remove unnecessary mcu register read function
f5498d2 debugfs: add support for changing the LED pin
8e453b3 mac80211: move DT led configuration to the "led" child node
8f1673a mt76x2: limit client WCID entries to 0-127
f9d9c22 mt76x2: clear drop flag for all WCIDs on init
0dd8b68 mt76x2: clear per-WCID tx rate lookup register
⇒ + 29 more…

Addressed bugs

#484

Description: Image Builder generates broken image for ASUS WL500W
Link: https://bugs.openwrt.org/index.php?do=details&task_id=484
Commits:
aaac9e8 mtd: mark as nonshared to fix FS#484
6734f32 mtd: add build hack to reintroduce shared mtd for older releases

#502

Description: Switch not configured on Asus RT-N12 B1 (brcm47xx)
Link: https://bugs.openwrt.org/index.php?do=details&task_id=502
Commits:
4217541 brcm47xx: fix switch port mapping on Asus RT-N12 and RT-N16 models

#645

Description: kmod package postinst script returned status 255
Link: https://bugs.openwrt.org/index.php?do=details&task_id=645
Commits:
efb6ca1 base-files: /lib/functions.sh: ignore errors in insert_modules

#664

Description: Netgear R8000 Wifi broke with commit 8301e613655c2d95fa5430a1a57d92d966fdc70b
Link: https://bugs.openwrt.org/index.php?do=details&task_id=664
Commits:
f0a4931 mac80211: gracefully handle preexisting VIF

#672

Description: Netgear WNR2000v3 - Looses always settings after power loss, nothig is been saved
Link: https://bugs.openwrt.org/index.php?do=details&task_id=672
Commits:
6e47c22 ar71xx: Deactivate build of Netgear WNR2000v3

#704

Description: brcmfmac / Raspberry Pi 3 / wifi not working / adhoc and 80211s-mode
Link: https://bugs.openwrt.org/index.php?do=details&task_id=704
Commits:
f0a4931 mac80211: gracefully handle preexisting VIF

#711

Description: iptables 600-shared-libext.patch broken and incomplete
Link: https://bugs.openwrt.org/index.php?do=details&task_id=711
Commits:
da126d5 iptables: fix nftables compile issue (FS#711)
0426596 Revert "iptables: fix nftables compile issue (FS#711)"

#790

Description: Failsafe mode networking is broken on Linksys WRT54GSv1
Link: https://bugs.openwrt.org/index.php?do=details&task_id=790
Commits:
ebb5474 brcm47xx: remove target specific network preinit config

#832

Description: GCC 6.X Toolchain compile error
Link: https://bugs.openwrt.org/index.php?do=details&task_id=832
Commits:
afa8873 gcc: gcc 6.3.0 fix comparison between pointer and integer

#876

Description: dnsmasq-full "Exclude interfaces" configuration does not work as expected.
Link: https://bugs.openwrt.org/index.php?do=details&task_id=876
Commits:
367b456 dnsmasq: restore ability to include/exclude raw device names

#893

Description: LEDE 17.01.2 rpi-3 kmod-usb-net package issues
Link: https://bugs.openwrt.org/index.php?do=details&task_id=893
Commits:
efb6ca1 base-files: /lib/functions.sh: ignore errors in insert_modules

#909

Description: runas wrapper executes programs using wrong interpreter
Link: https://bugs.openwrt.org/index.php?do=details&task_id=909
Commits:
338968a build: fix invocation of bundled ld.so in SDK and Imagebuilder

#991

Description: untagged vlan do not work on mt7620
Link: https://bugs.openwrt.org/index.php?do=details&task_id=991
Commits:
623cdc4 ramips: backport mt7530/762x switch fixes

#1015

Description: mtd-utils-1.5.2 does not compile due to missing sysmacros.h
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1015
Commits:
96dbf59 tools/mtd-utils: include sysmacros.h explicitly

#1016

Description: findutils-4.6.0 fails to compile due to missing sysmacros.h
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1016
Commits:
d2fd641 tools/findutils: include sysmacros.h explicitly

#1017

Description: squashfs fails to compile due to update in glibc
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1017
Commits:
8a48a53 tools/squashfs4: include sysmacros.h explicitly

#1018

Description: squashfs-3.0 fails to compile with new glibc
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1018
Commits:
8406e50 tools/squashfs: include sysmacros.h explicitly

#1021

Description: uhttpd-mod-ubus: error in postinst script
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1021
Commits:
a0ef1c4 functions.sh: fix default_postinst function

#1055

Description: Youku YK1: No ethernet devices
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1055
Commits:
3eae19a ramips: fix Youku-YK1 support

#1136

Description: HFSC kernel warnings with QoS / SQM
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1136
Commits:
60f8d38 kernel: merge a pending fix for HFSC warnings/slowdowns (fixes FS#1136)

#1147

Description: VLAN problem with MT7530 switch
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1147
Commits:
623cdc4 ramips: backport mt7530/762x switch fixes

#1219

Description: ipt-debug module not compiling
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1219
Commits:
fbeae9d iptables: make kmod-ipt-debug part of default ALL build

#1341

Description: vlan configuration fails
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1341
Commits:
623cdc4 ramips: backport mt7530/762x switch fixes

#1355

Description: U-Boot fails to start kernel
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1355
Commits:
92ea65b sunxi: disable LPAE to allow kernel to run on A13

#1377

Description: Prefix Delegation is broken
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1377
Commits:
dfe620c odhcpd: fix interop with wide DHCPv6 client (FS#1377)
53f52e3 dhcpv4: make dhcpv4 support optional
3a1210f CMakeLists: fix label mismatch
aedc154 dhcpv6-ia: don't always send reconf accept option (FS#1377)
6ba6a1c Revert "CMakeLists: fix label mismatch"
2da5850 Revert "dhcpv4: make dhcpv4 support optional"

#1532

Description: ar71xx - ath9k: probe of ar933x_wmac failed with error -5
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1532
Commits:
b078753 ar71xx: fix and improve ALFA Network Tube2H support

Security fixes

CVE-2015-3239

Description: Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3239
Commits:
444b64f libunwind: update to 1.2

CVE-2017-3735

Description: While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3735
Commits:
cda8ec7 openssl: update to 1.0.2m

CVE-2017-3736

Description: There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3736
Commits:
cda8ec7 openssl: update to 1.0.2m

CVE-2017-3737

Description: OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3737
Commits:
50b4789 openssl: update to 1.0.2n

CVE-2017-3738

Description: There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3738
Commits:
50b4789 openssl: update to 1.0.2n

CVE-2017-5715

Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
Commits:
d5278cc kernel: bump 4.4 to 4.4.112 for 17.01

CVE-2017-5753

Description: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753
Commits:
d5278cc kernel: bump 4.4 to 4.4.112 for 17.01

CVE-2017-5754

Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754
Commits:
7f5a040 kernel: update kernel 4.4 to version 4.4.110

CVE-2017-12166

Description: OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12166
Commits:
77e79b2 openvpn: update to 2.4.4

CVE-2017-13099

Description: wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13099
Commits:
207bcea cyassl: update to wolfssl 3.12.2 (1 CVE)

CVE-2017-15107

Description: A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15107
Commits:
58d60bd dnsmasq: backport dnssec security fix for 17.01
2ae0741 dnsmasq: backport validation fix in dnssec security fix

CVE-2017-15265

Description: Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15265
Commits:
373fa54 kernel: bump 4.4 to 4.4.93 for 17.01

CVE-2017-15275

Description: Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15275
Commits:
e5a10bc samba36: backport an upstream fix for an information leak (CVE-2017-15275)

CVE-2017-17741

Description: The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17741
Commits:
d5278cc kernel: bump 4.4 to 4.4.112 for 17.01

CVE-2017-1000410

Description: The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. By manipulating the code flows that precede the handling of these configuration messages, an attacker can also gain some control over which data will be held in the uninitialized stack variables. This can allow him to bypass KASLR, and stack canaries protection - as both pointers and stack canaries may be leaked in this manner. Combining this vulnerability (for example) with the previously disclosed RCE vulnerability in L2CAP configuration parsing (CVE-2017-1000251) may allow an attacker to exploit the RCE against kernels which were built with the above mitigations. These are the specifics of this vulnerability: In the function l2cap_parse_conf_rsp and in the function l2cap_parse_conf_req the following variable is declared without initialization: struct l2cap_conf_efs efs; In addition, when parsing input configuration parameters in both of these functions, the switch case for handling EFS elements may skip the memcpy call that will write to the efs variable: ... case L2CAP_CONF_EFS: if (olen == sizeof(efs)) memcpy(&efs, (void *)val, olen); ... The olen in the above if is attacker controlled, and regardless of that if, in both of these functions the efs variable would eventually be added to the outgoing configuration request that is being built: l2cap_add_conf_opt(&ptr, L2CAP_CONF_EFS, sizeof(efs), (unsigned long) &efs); So by sending a configuration request, or response, that contains an L2CAP_CONF_EFS element, but with an element length that is not sizeof(efs) - the memcpy to the uninitialized efs variable can be avoided, and the uninitialized variable would be returned to the attacker (16 bytes).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000410
Commits:
d5278cc kernel: bump 4.4 to 4.4.112 for 17.01

CVE-2018-0487

Description: ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0487
Commits:
f609913 mbedtls: update to version 2.7.0

CVE-2018-0488

Description: ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0488
Commits:
f609913 mbedtls: update to version 2.7.0

CVE-2018-0739

Description: Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0739
Commits:
c4b3829 openssl: update to 1.0.2o

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
releases/17.01/changelog-17.01.5.txt · Last modified: 2018/07/15 20:04 by hauke