User Tools

Site Tools


releases:17.01:changelog-17.01.6

LEDE v17.01.6 Changelog

This changelog lists all commits done in LEDE since the v17.01.5 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the final 17.01.6 release.

Build System / Buildroot (7 changes)

54c0ef6 build: bundle-libraries.sh: patch bundled ld.so
91c9400 scripts: bundle-libraries: fix build on OS X (FS#1493)
21c317a build: fix compile error when a package includes itself in PROVIDES
bcf91e5 downloads.mk: introduce name-agnostic PROJECT_GIT variable
6e8f1c3 scripts: bundle-libraries: prevent loading host locales (FS#1803)
9d3825a scripts: bundle-libraries: fix logic flaw
9a96ec0 LEDE v17.01.6: adjust config defaults

Build System / Feeds (1 change)

9a96ec0 LEDE v17.01.6: adjust config defaults

Build System / Host Utilities (9 changes)

6e78c55 tools: m4: fix compilation with glibc 2.28
6449ed1 tools: findutils: fix compilation with glibc 2.28
1e09cbf tools/bison: Update to 3.0.5
866e5b4 tools/e2fsprogs: Update to 1.43.4
7955fab tools/e2fsprogs: Update to 1.43.5
5d9114c tools/e2fsprogs: Update to 1.43.6
79ac69d tools/e2fsprogs: Update to 1.43.7
d35a7bf e2fsprogs: bump to 1.44.0
8f5c55f tools/e2fsprogs: update to 1.44.1

Build System / SDK (2 changes)

d93ef3c sdk: bundle usbip userspace sources
b7e3f10 sdk: include arch/arm/ Linux includes along with arch/arm64/ ones

Kernel (6 changes)

91d2093 kernel: bump kernel 4.4 to version 4.4.147
0a2c984 kernel: ext4: fix check to prevent initializing reserved inodes
f3865bd kernel: bump kernel 4.4 to version 4.4.148
9c0bab0 kernel: bump kernel 4.4 to version 4.4.150
8a72a86 kernel: bump kernel 4.4 to version 4.4.151
f712db9 kernel: bump kernel 4.4 to version 4.4.153

Packages / Boot Loaders (2 changes)

6aae528 grub2: Fix CVE-2015-8370
2252731 grub2: rebase patches

Packages / Common (10 changes)

828eaee mtd: support bad blocks within the mtd_fixtrx()
79c8f2f mtd: improve check for TRX header being already fixed
2725ad8 iproute2: merge upstream CAKE support
e5b7404 kmod-sched-cake: bump to 20180716
c1a0c8e Refactor length handling code to better centralise overhead calculations.
0517357 Rework overhead compensation to use dynamic transport header offset instead o...
71c7b44 Gather more statistics about packet length transformations.
c7ca1a3 Gather more statistics about packet length transformations.
9cd2fa8 Split tin stats to its own structure to decrease size of tc_cake_xstats
a3bab9d Export overhead compensation stats to userspace.
d2d6780 Reinitialise overhead compensation stats when reconfiguring.
0afc1be Fixes for 4.16
71ee81a Add a comment explaining use of prandom_u32() in deficit accounting
16d7fed Report the tin quantum as part of the stats output
240607e Don't use get_s32 to get an u32 value
fde77e2 Fix the ABI (warning: major breakage)
7a20432 Layer 3 is the network layer, not the transport layer
b882527 Only scale minimum queue size with number of flows in ingress mode
57d18a2 Rework "Only scale minimum queue size with number of flows in ingress mode"
1328095 Layer 3 is the network layer, not the transport layer
⇒ + 96 more…
b398332 wpa_supplicant: fix CVE-2018-14526
9bc43f3 curl: fix some security problems
5886a50 mbedtls: update to version 2.7.5
d3b8b5b openssl: update to version 1.0.2p
bb7c4cf dropbear: backport upstream fix for CVE-2018-15599
d3e325d bzip2: Fix CVE-2016-3189

Packages / Firmware (2 changes)

55ab864 firmware: intel-microcode: bump to 20180703
b5d9776 firmware: amd64-microcode: update to 20180524

Packages / LEDE base files (1 change)

9a96ec0 LEDE v17.01.6: adjust config defaults

Packages / LEDE network userland (1 change)

309414e uclient: update to latest git HEAD
f2573da uclient-fetch: use package name pattern in message for missing SSL library
9fd8070 uclient-fetch: Check for nullpointer returned by uclient_get_url_filename
f41ff60 uclient-http: basic auth: Handle memory allocation failure
a73b23b uclient-http: auth digest: Handle multiple possible memory allocation failures
66fb58d uclient-http: Handle memory allocation failure
2ac991b uclient: Handle memory allocation failure for url
63beea4 uclient-http: Implement error handling for header-sending
eb850df uclient-utils: Handle memory allocation failure for url file name
ae1c656 uclient-http: Close ustream file handle only if allocated

Target / apm821xx (2 changes)

aee5c53 apm821xx: fix sata access freezes
91d2093 kernel: bump kernel 4.4 to version 4.4.147

Target / ar71xx (1 change)

91d2093 kernel: bump kernel 4.4 to version 4.4.147

Target / bcm53xx (1 change)

91d2093 kernel: bump kernel 4.4 to version 4.4.147

Target / brcm2708 (1 change)

91d2093 kernel: bump kernel 4.4 to version 4.4.147

Target / brcm47xx (2 changes)

583fd4b brcm47xx: revert upstream commit breaking BCM4718A1
f3865bd kernel: bump kernel 4.4 to version 4.4.148

Target / brcm63xx (1 change)

91d2093 kernel: bump kernel 4.4 to version 4.4.147

Target / cns3xxx (1 change)

f712db9 kernel: bump kernel 4.4 to version 4.4.153

Target / imx6 (1 change)

91d2093 kernel: bump kernel 4.4 to version 4.4.147

Target / ipq806x (1 change)

91d2093 kernel: bump kernel 4.4 to version 4.4.147

Target / ixp4xx (1 change)

91d2093 kernel: bump kernel 4.4 to version 4.4.147

Target / layerscape (2 changes)

91d2093 kernel: bump kernel 4.4 to version 4.4.147
9c0bab0 kernel: bump kernel 4.4 to version 4.4.150

Target / mediatek (2 changes)

91d2093 kernel: bump kernel 4.4 to version 4.4.147
f712db9 kernel: bump kernel 4.4 to version 4.4.153

Target / mpc85xx (1 change)

28d4e55 WDR4900v1 remove dt node for absent hw crypto.

Target / oxnas (1 change)

91d2093 kernel: bump kernel 4.4 to version 4.4.147

Target / ramips (2 changes)

91d2093 kernel: bump kernel 4.4 to version 4.4.147
f712db9 kernel: bump kernel 4.4 to version 4.4.153

Target / x86 (1 change)

91d2093 kernel: bump kernel 4.4 to version 4.4.147

Wireless / Common (11 changes)

85e6ac4 mac80211: brcmfmac: group 4.11 backport patches
f8c364b mac80211: brcmfmac: backport use-after-free fix from 4.11
00b4e65 mac80211: brcmfmac: backport important changes from the 4.12
e3bc2e4 mac80211: brcmfmac: backport important changes from the 4.13
6805e44 mac80211: brcmfmac: backport important changes from the 4.14
57102f6 mac80211: brcmfmac: backport important changes from the 4.15
84ef414 mac80211: brcmfmac: backport important changes from the 4.16
9d8940c mac80211: brcmfmac: backport important changes from the 4.18
0c76265 mac80211: brcmfmac: backport important changes from the 4.19
13f2195 mac80211: brcmfmac: backport patch setting WIPHY_FLAG_HAVE_AP_SME
9e864bf mac80211: brcmfmac: fix compilation with SDIO support

Wireless / MT76 (1 change)

5584004 mt76: Fix mirror hash

Addressed bugs

#1493

Description: Failed to build the Openwrt SDK on macOS
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1493
Commits:
91c9400 scripts: bundle-libraries: fix build on OS X (FS#1493)

#1725

Description: Wireguard & Wireguard-Tools not built for aarch64_cortex-a53 (raspberry pi 3)
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1725
Commits:
b7e3f10 sdk: include arch/arm/ Linux includes along with arch/arm64/ ones

#1803

Description: mcopy/mmd included with openwrt-imagebuilder-18.06.1 fail with error in _nl_intern_locale_data
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1803
Commits:
6e8f1c3 scripts: bundle-libraries: prevent loading host locales (FS#1803)

Security fixes

CVE-2015-8370

Description: Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8370
Commits:
6aae528 grub2: Fix CVE-2015-8370
2252731 grub2: rebase patches

CVE-2016-3189

Description: Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189
Commits:
d3e325d bzip2: Fix CVE-2016-3189

CVE-2017-5715

Description: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715
Commits:
b5d9776 firmware: amd64-microcode: update to 20180524

CVE-2017-1000254

Description: libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254
Commits:
9bc43f3 curl: fix some security problems

CVE-2017-1000257

Description: An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000257
Commits:
9bc43f3 curl: fix some security problems

CVE-2018-0497

Description: ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0497
Commits:
5886a50 mbedtls: update to version 2.7.5

CVE-2018-0498

Description: ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0498
Commits:
5886a50 mbedtls: update to version 2.7.5

CVE-2018-0732

Description: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732
Commits:
d3b8b5b openssl: update to version 1.0.2p

CVE-2018-0737

Description: The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0737
Commits:
d3b8b5b openssl: update to version 1.0.2p

CVE-2018-3620

Description: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3620
Commits:
f3865bd kernel: bump kernel 4.4 to version 4.4.148

CVE-2018-3639

Description: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639
Commits:
55ab864 firmware: intel-microcode: bump to 20180703

CVE-2018-3640

Description: Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3640
Commits:
55ab864 firmware: intel-microcode: bump to 20180703

CVE-2018-3646

Description: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3646
Commits:
f3865bd kernel: bump kernel 4.4 to version 4.4.148

CVE-2018-14526

Description: An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14526
Commits:
b398332 wpa_supplicant: fix CVE-2018-14526

CVE-2018-15599

Description: The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15599
Commits:
bb7c4cf dropbear: backport upstream fix for CVE-2018-15599

CVE-2018-1000005

Description: libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000005
Commits:
9bc43f3 curl: fix some security problems

CVE-2018-1000007

Description: libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequest hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000007
Commits:
9bc43f3 curl: fix some security problems

CVE-2018-1000120

Description: A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000120
Commits:
9bc43f3 curl: fix some security problems

CVE-2018-1000121

Description: A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000121
Commits:
9bc43f3 curl: fix some security problems

CVE-2018-1000122

Description: A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000122
Commits:
9bc43f3 curl: fix some security problems

CVE-2018-1000301

Description: curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000301
Commits:
9bc43f3 curl: fix some security problems

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
releases/17.01/changelog-17.01.6.txt · Last modified: 2018/09/03 20:25 by hauke