LEDE v17.01.6 Changelog

This changelog lists all commits done in LEDE since the v17.01.5 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the final 17.01.6 release.

54c0ef6 build: bundle-libraries.sh: patch bundled ld.so (+13)
91c9400 scripts: bundle-libraries: fix build on OS X (FS#1493) (+4)
21c317a build: fix compile error when a package includes itself in PROVIDES (+1,-1)
bcf91e5 downloads.mk: introduce name-agnostic PROJECT_GIT variable (+4,-2)
6e8f1c3 scripts: bundle-libraries: prevent loading host locales (FS#1803) (+21,-5)
9d3825a scripts: bundle-libraries: fix logic flaw (+6,-7)
9a96ec0 LEDE v17.01.6: adjust config defaults (+11,-9)

9a96ec0 LEDE v17.01.6: adjust config defaults (+11,-9)

6e78c55 tools: m4: fix compilation with glibc 2.28 (+118)
6449ed1 tools: findutils: fix compilation with glibc 2.28 (+104)
1e09cbf tools/bison: Update to 3.0.5 (+10,-32)
866e5b4 tools/e2fsprogs: Update to 1.43.4 (+5,-5)
7955fab tools/e2fsprogs: Update to 1.43.5 (+2,-2)
5d9114c tools/e2fsprogs: Update to 1.43.6 (+2,-39)
79ac69d tools/e2fsprogs: Update to 1.43.7 (+2,-2)
d35a7bf e2fsprogs: bump to 1.44.0 (+2,-2)
8f5c55f tools/e2fsprogs: update to 1.44.1 (+2,-2)

d93ef3c sdk: bundle usbip userspace sources (+4)
b7e3f10 sdk: include arch/arm/ Linux includes along with arch/arm64/ ones (+7,-1)

91d2093 kernel: bump kernel 4.4 to version 4.4.147 (+81,-192)
0a2c984 kernel: ext4: fix check to prevent initializing reserved inodes (+68)
f3865bd kernel: bump kernel 4.4 to version 4.4.148 (+5,-73)
9c0bab0 kernel: bump kernel 4.4 to version 4.4.150 (+4,-4)
8a72a86 kernel: bump kernel 4.4 to version 4.4.151 (+2,-2)
f712db9 kernel: bump kernel 4.4 to version 4.4.153 (+25,-25)

6aae528 grub2: Fix CVE-2015-8370 (+45,-1)
2252731 grub2: rebase patches (+4,-8)

828eaee mtd: support bad blocks within the mtd_fixtrx() (+29,-7)
79c8f2f mtd: improve check for TRX header being already fixed (+9,-8)
2725ad8 iproute2: merge upstream CAKE support (+1.5K)
e5b7404 kmod-sched-cake: bump to 20180716 (+4,-3)
⇒ c1a0c8e Refactor length handling code to better centralise overhead calculations. (+16,-14)
⇒ 0517357 Rework overhead compensation to use dynamic transport header offset instead o... (+27,-23)
⇒ 71c7b44 Gather more statistics about packet length transformations. (+32,-10)
⇒ c7ca1a3 Gather more statistics about packet length transformations. (+36,-14)
⇒ 9cd2fa8 Split tin stats to its own structure to decrease size of tc_cake_xstats (+62,-53)
⇒ a3bab9d Export overhead compensation stats to userspace. (+15,-1)
⇒ d2d6780 Reinitialise overhead compensation stats when reconfiguring. (+7)
⇒ 0afc1be Fixes for 4.16 (+17,-1)
⇒ 71ee81a Add a comment explaining use of prandom_u32() in deficit accounting (+2)
⇒ 16d7fed Report the tin quantum as part of the stats output (+4,-1)
⇒ 240607e Don't use get_s32 to get an u32 value (+1,-1)
⇒ fde77e2 Fix the ABI (warning: major breakage) (+63,-123)
⇒ 7a20432 Layer 3 is the network layer, not the transport layer (+15,-15)
⇒ b882527 Only scale minimum queue size with number of flows in ingress mode (+14,-5)
⇒ 57d18a2 Rework "Only scale minimum queue size with number of flows in ingress mode" (+21,-29)
⇒ 1328095 Layer 3 is the network layer, not the transport layer (+15,-15)
⇒ + 96 more...
b398332 wpa_supplicant: fix CVE-2018-14526 (+43)
9bc43f3 curl: fix some security problems (+385,-45)
5886a50 mbedtls: update to version 2.7.5 (+4,-4)
d3b8b5b openssl: update to version 1.0.2p (+4,-4)
bb7c4cf dropbear: backport upstream fix for CVE-2018-15599 (+224,-3)
d3e325d bzip2: Fix CVE-2016-3189 (+12,-1)

55ab864 firmware: intel-microcode: bump to 20180703 (+6,-6)
b5d9776 firmware: amd64-microcode: update to 20180524 (+2,-2)

9a96ec0 LEDE v17.01.6: adjust config defaults (+11,-9)

309414e uclient: update to latest git HEAD (+4,-4)
⇒ f2573da uclient-fetch: use package name pattern in message for missing SSL library (+1,-1)
⇒ 9fd8070 uclient-fetch: Check for nullpointer returned by uclient_get_url_filename (+6)
⇒ f41ff60 uclient-http: basic auth: Handle memory allocation failure (+7,-2)
⇒ a73b23b uclient-http: auth digest: Handle multiple possible memory allocation failures (+34,-9)
⇒ 66fb58d uclient-http: Handle memory allocation failure (+3)
⇒ 2ac991b uclient: Handle memory allocation failure for url (+3)
⇒ 63beea4 uclient-http: Implement error handling for header-sending (+24,-13)
⇒ eb850df uclient-utils: Handle memory allocation failure for url file name (+1,-1)
⇒ ae1c656 uclient-http: Close ustream file handle only if allocated (+2,-1)

aee5c53 apm821xx: fix sata access freezes (+25)
91d2093 kernel: bump kernel 4.4 to version 4.4.147 (+81,-192)

91d2093 kernel: bump kernel 4.4 to version 4.4.147 (+81,-192)

91d2093 kernel: bump kernel 4.4 to version 4.4.147 (+81,-192)

91d2093 kernel: bump kernel 4.4 to version 4.4.147 (+81,-192)

583fd4b brcm47xx: revert upstream commit breaking BCM4718A1 (+76)
f3865bd kernel: bump kernel 4.4 to version 4.4.148 (+5,-73)

91d2093 kernel: bump kernel 4.4 to version 4.4.147 (+81,-192)

f712db9 kernel: bump kernel 4.4 to version 4.4.153 (+25,-25)

91d2093 kernel: bump kernel 4.4 to version 4.4.147 (+81,-192)

91d2093 kernel: bump kernel 4.4 to version 4.4.147 (+81,-192)

91d2093 kernel: bump kernel 4.4 to version 4.4.147 (+81,-192)

91d2093 kernel: bump kernel 4.4 to version 4.4.147 (+81,-192)
9c0bab0 kernel: bump kernel 4.4 to version 4.4.150 (+4,-4)

91d2093 kernel: bump kernel 4.4 to version 4.4.147 (+81,-192)
f712db9 kernel: bump kernel 4.4 to version 4.4.153 (+25,-25)

28d4e55 WDR4900v1 remove dt node for absent hw crypto. (+24)

91d2093 kernel: bump kernel 4.4 to version 4.4.147 (+81,-192)

91d2093 kernel: bump kernel 4.4 to version 4.4.147 (+81,-192)
f712db9 kernel: bump kernel 4.4 to version 4.4.153 (+25,-25)

91d2093 kernel: bump kernel 4.4 to version 4.4.147 (+81,-192)

85e6ac4 mac80211: brcmfmac: group 4.11 backport patches ()
f8c364b mac80211: brcmfmac: backport use-after-free fix from 4.11 (+62,-1)
00b4e65 mac80211: brcmfmac: backport important changes from the 4.12 (+613,-5)
e3bc2e4 mac80211: brcmfmac: backport important changes from the 4.13 (+259,-4)
6805e44 mac80211: brcmfmac: backport important changes from the 4.14 (+250,-5)
57102f6 mac80211: brcmfmac: backport important changes from the 4.15 (+100,-1)
84ef414 mac80211: brcmfmac: backport important changes from the 4.16 (+74,-1)
9d8940c mac80211: brcmfmac: backport important changes from the 4.18 (+393,-2)
0c76265 mac80211: brcmfmac: backport important changes from the 4.19 (+472,-2)
13f2195 mac80211: brcmfmac: backport patch setting WIPHY_FLAG_HAVE_AP_SME (+36,-2)
9e864bf mac80211: brcmfmac: fix compilation with SDIO support (+12,-2)

5584004 mt76: Fix mirror hash (+1,-1)

Description: Failed to build the Openwrt SDK on macOS
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1493
Commits:
91c9400 scripts: bundle-libraries: fix build on OS X (FS#1493) (+4)

Description: Wireguard & Wireguard-Tools not built for aarch64_cortex-a53 (raspberry pi 3)
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1725
Commits:
b7e3f10 sdk: include arch/arm/ Linux includes along with arch/arm64/ ones (+7,-1)

Description: mcopy/mmd included with openwrt-imagebuilder-18.06.1 fail with error in _nl_intern_locale_data
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1803
Commits:
6e8f1c3 scripts: bundle-libraries: prevent loading host locales (FS#1803) (+21,-5)

Description: Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8370
Commits:
6aae528 grub2: Fix CVE-2015-8370 (+45,-1)
2252731 grub2: rebase patches (+4,-8)

Description: Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189
Commits:
d3e325d bzip2: Fix CVE-2016-3189 (+12,-1)

Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
Commits:
b5d9776 firmware: amd64-microcode: update to 20180524 (+2,-2)

Description: libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254
Commits:
9bc43f3 curl: fix some security problems (+385,-45)

Description: An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000257
Commits:
9bc43f3 curl: fix some security problems (+385,-45)

Description: ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0497
Commits:
5886a50 mbedtls: update to version 2.7.5 (+4,-4)

Description: ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0498
Commits:
5886a50 mbedtls: update to version 2.7.5 (+4,-4)

Description: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
Commits:
d3b8b5b openssl: update to version 1.0.2p (+4,-4)

Description: The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737
Commits:
d3b8b5b openssl: update to version 1.0.2p (+4,-4)

Description: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620
Commits:
f3865bd kernel: bump kernel 4.4 to version 4.4.148 (+5,-73)

Description: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
Commits:
55ab864 firmware: intel-microcode: bump to 20180703 (+6,-6)

Description: Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3640
Commits:
55ab864 firmware: intel-microcode: bump to 20180703 (+6,-6)

Description: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646
Commits:
f3865bd kernel: bump kernel 4.4 to version 4.4.148 (+5,-73)

Description: An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14526
Commits:
b398332 wpa_supplicant: fix CVE-2018-14526 (+43)

Description: The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15599
Commits:
bb7c4cf dropbear: backport upstream fix for CVE-2018-15599 (+224,-3)

Description: libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000005
Commits:
9bc43f3 curl: fix some security problems (+385,-45)

Description: libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequest hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000007
Commits:
9bc43f3 curl: fix some security problems (+385,-45)

Description: A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120
Commits:
9bc43f3 curl: fix some security problems (+385,-45)

Description: A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000121
Commits:
9bc43f3 curl: fix some security problems (+385,-45)

Description: A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000122
Commits:
9bc43f3 curl: fix some security problems (+385,-45)

Description: curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000301
Commits:
9bc43f3 curl: fix some security problems (+385,-45)