LEDE v17.01.7 Changelog

This changelog lists all commits done in LEDE since the v17.01.6 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the final 17.01.7 release.

89ed2d6 rules.mk: add INSTALL_SUID macro (+1)
e84f289 rules.mk: fix syntax error (+1,-1)

ecf104c sdk: find kernel modules when KDIR is a symlink (+1,-1)

65044a5 kernel: bump 4.4 to 4.4.167 (+303,-938)
202c3ce cns3xxx: fix writing to wrong PCI registers (+79)
e095927 cns3xxx: use actual size reads for PCIe (+51)
981f5f7 kernel: fix refcnt leak in LED netdev trigger on interface rename (+13,-17)
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)
fa1ee2b kernel: Add CONFIG_RTC to generic config (+2,-4)
7fbd325 kernel: Reorder kernel configuration (+11,-11)

99e5ba3 opkg: drop argument from check_signature in opkg.conf (+2,-2)
f0115b5 opkg: switch source url to git.openwrt.org (+2,-2)
009ecf3 opkg: update to latest Git head (+4,-4)
⇒ 546bc72 pkg: alternatives support (+299,-29)
⇒ 04e279e pkg_alternatives: use ERROR level for symlink failure (+1,-1)
⇒ c668fce opkg: add --no-check-certificate argument (+13,-1)
⇒ 52fc006 pkg_alternatives: pass if the desired symlink already exists (+23,-3)
⇒ 4bd8601 pkg_parse: fix segfault when parsing descriptions with leading newlines (+9,-11)
⇒ 468158f libopkg: fix SHA256 calculation for big endian system (+8)
⇒ 73e6c81 file_util: implement urlencode_path() helper (+62)
⇒ 9f003e3 opkg: encode archive filenames while constructing download URLs (+8,-4)
⇒ ebdfc12 add opkg option http_timeout (+7,-1)
⇒ d1fe095 file_util: consolidate hex/unhex routines (+26,-37)
⇒ 71c27cb file_util: implement urldecode_path() (+21)
⇒ 3b417b9 opkg_download: decode file:/ URLs (+2,-1)
⇒ e3d7330 libopkg: don't print unresolved dependencies twice (+8,-3)
⇒ 18740e6 opkg_download: print error when fork() fails (+3,-1)
⇒ 34571ba libopkg: consider provided packages in pkg_vec_mark_if_matches() (+12)
⇒ 89fe77c libopkg: check installed reverse dependencies upon install/upgrade (+117,-19)
⇒ + 5 more…
6c14b29 openssl: bump to 1.0.2q (+2,-2)
3e7fd92 ca-certificates: Update to Version 20180409 (+2,-2)
e74b264 ca-certificates: ca-bundle: add symlink for openssl default setting (+2)
4f23857 ca-caertificates: remove myself as PKG_MAINTAINER (+2,-2)
c2f938b ca-certificates: update to version 20190110 (+3,-4)
c476954 openssl: bump to 1.0.2r (+6,-6)
d92713d openssl: update to 1.0.2s (+3,-3)
076ea9f mbedtls: update to version 2.7.10 (+30,-30)
6028f00 perf: Fix build on aarch64 (+2,-2)

0f47ce8 base-files: fix unkillable processes after restart (+1)
e424157 base-files: fix prerm return value, align with postinst code (+10,-5)
484117b base-files: fix postinstall uci-defaults removal (+3,-4)
0c8e8e2 base-files: install missing /etc/iproute2/ematch_map (+8)

4c101f8 uclient: update to latest Git head (+3,-3)
⇒ 3ba74eb uclient-http: properly handle HTTP redirects via proxy connections (+9,-2)

5970e6d libubox: update to latest git HEAD (+3,-3)
⇒ 4382c76 switch from typeof to the more portable __typeof__ (+15,-15)
6cf2250 uhttpd: update to latest Git head (+3,-3)
⇒ db86175 lua: honour size argument in recv() function (+4,-2)
⇒ ccd9717 proc: avoid stdio deadlocks (+5,-1)
⇒ a39b7f8 Revert "proc: avoid stdio deadlocks" (+1,-5)
⇒ d3b9560 utils: add uh_htmlescape() helper (+43)
⇒ 8109b95 file: escape strings in HTML output (+41,-15)
⇒ 393b59e proc: expose HTTP Origin header in process environment (+2)
⇒ 796d42b client: flush buffered SSL output when tearing down client ustream (+6)
⇒ 30a18cb uhttpd: recognize PATCH, PUT and DELETE HTTP methods (+25)
⇒ 952bf9d build: use _DEFAULT_SOURCE (+2)
⇒ b741dec lua: support multiple Lua prefixes (+100,-27)
⇒ 77b774b build: avoid redefining _DEFAULT_SOURCE (+8,-2)
⇒ fa5fd45 file: fix CPP syntax error (+1,-1)
⇒ 2ed3341 help: document -A option (+1)
⇒ 0bba1ce uhttpd: fix building without TLS and Lua support (+4)
⇒ cdfc902 cgi: escape url in 403 error output (+8,-1)
3e6e33f procd: procd_send_signal use signal names (+5,-1)
26b8069 rpcd: update to latest Git head (+3,-3)
⇒ 51980c6 uci: reject invalid section and option names (+74)
⇒ 948bb51 uci: tighten uci add operation error handling (+40,-9)
⇒ c2c612b uci: tighten uci set operation error handling (+45,-14)
⇒ f91751b uci: tighten uci delete operation error handling (+33,-10)
⇒ 41333ab uci: tighten uci reorder operation error handling (+15,-3)
⇒ ecd1660 exec: increase maximum execution time to 120s (+19,-3)
⇒ 2cc4b99 file: use global exec timeout instead of own hardcoded limit (+1,-2)
⇒ c79ef22 main: fix logic bug when not specifying a timeout option (+2,-4)
⇒ ccd7c0a treewide: rename exec_timeout to rpc_exec_timeout (+6,-6)
⇒ 7235f34 plugin: store pointer to exec timeout value in the ops structure (+2)
⇒ 3aa81d0 file: access exec timeout via daemon ops structure (+5,-1)

65044a5 kernel: bump 4.4 to 4.4.167 (+303,-938)
459a40f apm821xx: MBL: load kernel/dtb from SATA 0:1 first (+3,-3)
834bd86 apm821xx: switch MX60(W)'s recovery images to multi-image method (+2,-5)
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)
fd4e805 apm821xx: Revert upstream fix which breaks compile (+43)

65044a5 kernel: bump 4.4 to 4.4.167 (+303,-938)
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

fa1ee2b kernel: Add CONFIG_RTC to generic config (+2,-4)

fa1ee2b kernel: Add CONFIG_RTC to generic config (+2,-4)

65044a5 kernel: bump 4.4 to 4.4.167 (+303,-938)
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

65044a5 kernel: bump 4.4 to 4.4.167 (+303,-938)
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)
dc60dc1 brcm2708: Adapt patches to kernel update (+4,-6)

65044a5 kernel: bump 4.4 to 4.4.167 (+303,-938)

65044a5 kernel: bump 4.4 to 4.4.167 (+303,-938)

6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

65044a5 kernel: bump 4.4 to 4.4.167 (+303,-938)
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

65044a5 kernel: bump 4.4 to 4.4.167 (+303,-938)
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)
103c42e layerscape: Adapt patch to changes in upstream kernel (+9,-2)

65044a5 kernel: bump 4.4 to 4.4.167 (+303,-938)
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

65044a5 kernel: bump 4.4 to 4.4.167 (+303,-938)

65044a5 kernel: bump 4.4 to 4.4.167 (+303,-938)

65044a5 kernel: bump 4.4 to 4.4.167 (+303,-938)
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

65044a5 kernel: bump 4.4 to 4.4.167 (+303,-938)
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

01a8f0e mac80211: brcmfmac: backport first important changes from the 4.20 (+170)
10eb247 mac80211: add iw command wrapper with error logging (+4)
a360d5a mac80211: brcmfmac: rename 4.20 backport patches ()
b1fc9b7 mac80211: brcmfmac: backport the latest 4.20 changes (+187)
c11f335 mac80211: brcmutil: backport chanspec debugging patch (+83)
e50a5a9 mac80211: brcmfmac: add 2 more recent changes (+112)
9d4eed6 mac80211: brcmfmac: fix use-after-free & possible NULL pointer dereference (+2,-2)
f3f21b3 mac80211: brcmfmac: fix a possible NULL pointer dereference (+9,-5)
fb333a7 mac80211: brcmfmac: pick few 4.17 cleanups required for further fixes (+633,-7)
eab6537 mac80211: brcmfmac: backport 5.0 & 5.1 important changes/fixes (+6.6K,-8)
eaef742 mac80211: brcmfmac: early work on FullMAC firmware crash recovery (+335)
d3bab05 mac80211: brcmfmac: really add early fw crash recovery (+271)
af50ce3 mac80211: brcmfmac: backport important fixes from kernel 5.2 (+423,-2)
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

Description: Opkg segfault on mt7621
Link: https://bugs.openwrt.org/index.php?do=details&task_id=933
Commits:
4bd8601 pkg_parse: fix segfault when parsing descriptions with leading newlines (+9,-11)

Description: uhttpd-mod-ubus: error in postinst script
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1021
Commits:
484117b base-files: fix postinstall uci-defaults removal (+3,-4)

Description: The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0734
Commits:
6c14b29 openssl: bump to 1.0.2q (+2,-2)

Description: A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1120
Commits:
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

Description: Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5407
Commits:
6c14b29 openssl: bump to 1.0.2q (+2,-2)

Description: Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126
Commits:
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

Description: Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127
Commits:
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

Description: Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130
Commits:
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

Description: Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19608
Commits:
076ea9f mbedtls: update to version 2.7.10 (+30,-30)

Description: The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19985
Commits:
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

Description: If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559
Commits:
c476954 openssl: bump to 1.0.2r (+6,-6)

Description: An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user "root" with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3701
Commits:
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

Description: A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ("root") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3819
Commits:
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

Description: A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3882
Commits:
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

Description: In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6974
Commits:
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

Description: The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7221
Commits:
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

Description: The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7222
Commits:
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

Description: The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9498
Commits:
d92713d openssl: update to 1.0.2s (+3,-3)

Description: The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9499
Commits:
d92713d openssl: update to 1.0.2s (+3,-3)

Description: Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091
Commits:
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

Description: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477
Commits:
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

Description: Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11478
Commits:
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

Description: Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11479
Commits:
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)

Description: fs/ext4/extents.c in the Linux kernel through 5.1.2 does not zero out the unused memory region in the extent tree block, which might allow local users to obtain sensitive information by reading uninitialized data in the filesystem.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11833
Commits:
6c5c3a2 kernel: Update to version 4.4.182 (+264,-441)